NordProtect Study Highlights Risks and Defenses in Modern Cyber Fraud

• A research by NordProtect identifies card cloning and cryptocurrency scams as most effective
• Social engineering, AI, and social media amplify scams despite technical safeguards
• A secure future requires public education, verification standards, and proactive cybersecurity responsibility

This January, the world-famous Lithuanian-born cyber security company NordProtect conducted its research on the most effective scams in the United States. Card cloning or skimming and cryptocurrency fraud led the top 10 ranking.

NordProtect and Its Methodology

A subdivision of Nord Security, NordProtect is a US-focused identity theft protection service designed to help people detect, prevent, and recover from digital fraud. It monitors credit activity, scans for data leaks and suspicious use of personal information, and alerts users to potential identity theft before the damage spreads. Beyond monitoring, it also provides recovery support and guidance.

NordProtect commissioned the survey on the most popular scams at Cint, which conducted it in December 2025. The survey’s target group comprised 1,004 online users in the USA aged 18-74. Quotas were placed on age, gender, and place of residence.

Specifics and Demographics

According to NordProtect’s research, the top 10 most effective scams (with percentage of victims as a share of encounters indicated) are:

1. Card cloning or skimming (45%)
2. Cryptocurrency scams (44%)
3. Romance scams (38%)
4. Calls from fake customer support or banks (37%)
5. Fake QR codes (37%)
6. Fake app scams (35%)
7. Impersonation of a friend or relative asking for money (35%)
8. Fake loan offers (33%)
9. Fake online shops (33%)
10. Fake product or service listings on legitimate platforms (32%)

Despite their high effectiveness, card cloning or skimming and crypto scams aren’t the most common. The most frequently encountered scams are phishing emails (31%), calls from fake customer support or banks (20%), and fake job offers (20%).

A comprehensive demographic analysis of scam victims was not conducted, but the survey did investigate the prevalence of specific scams across different age and sex groups. The findings indicate that internet users between 18 and 24 years old encounter scams involving fake online stores and fraudulent paid services more often than other age brackets. Regarding financial scams such as credit card cloning and cryptocurrency fraud, victims are most frequently 25-34 years old.

Classic VS Emerging Fraud Techniques

‘Card cloning and cryptocurrency scams aren’t just effective — they’re ideal for criminals. Crypto scams are popular because they’re high payoff and low risk — once funds are sent, they’re probably gone forever. Card cloning is the ‘classic rock’ of fraud — it’s old, but it still works thanks to the large number of payment cards in circulation and people not checking statements regularly,’ NordProtect’s managing director Tomas Sinicki states.

At that, the increasing adoption of contactless card payments is rendering traditional card cloning fraud less viable. Consequently, fraudsters are evolving their methods to steal and exploit payment card details through digital channels:

• One prevalent method involves stealing card data via phishing, malware, or social engineering attacks.
• A second, increasingly popular method uses mass-scale spam emails or text messages that direct users to fraudulent websites impersonating legitimate entities like banks or courier services where victims get prompted to enter their card details and one-time passwords.

In both scenarios, the captured data is then loaded onto a burner phone or into a digital wallet. This allows the fraudster to make purchases or withdrawals, achieving the same outcome as physical card skimming. This technique is often referred to as a ‘digital cloning equivalent’ and it transforms the way classic card cloning works.

‘Card cloning and crypto scams still require knowledge and effort, while phishing scams have the lowest barriers to entry for beginner scammers. Phishing is like the flu of the digital world — it’s everywhere, and it’s easy to catch,’ Mr Sinicki comments.

Cryptocurrency Fraud Dynamics

Specifically, the technical nature of cryptocurrencies also contributes to their popularity among scammers. The mostly irreversible nature of blockchain transactions means that once funds are transferred, they are exceptionally difficult to recover, making it a low-risk crime.

A question arises whether banks and crypto platforms should bear more liability when users fall victim or such liability risks encouraging reckless behavior. Mt Sinicki points out that in the majority of these incidents, financial institutions and platforms serve merely as the tools used by the victims themselves. Defining the liability of these institutions is challenging, because technically victims initiate the fund transfers.While financial institutions must take relevant steps to protect their customers, the public is strongly encouraged to exercise caution and vigilance, adopt preventative security measures, and maintain sufficient cyber insurance coverage as a safety net.

Best Practices for Protection

A layered approach — combining proactive monitoring, strong digital hygiene, and a well-defined response plan — provides the most effective protection. If personal data is suspected to be compromised, NordProtect recommends:

• Changing passwords. Email, banking, social media, and any accounts storing payment information should be prioritized. Old passwords are not to be reused. If one account is potentially compromised, similar passwords across other services should be considered at risk. Strong, unique passwords are essential.
• Enabling multi-factor authentication. Activated MFA significantly reduces the likelihood of unauthorized access, even if a password got compromised.
• Reviewing bank and card statements. All transactions should be carefully checked, and any unauthorized charges reported immediately.
• Monitoring credit. New accounts, unexpected credit inquiries, or sudden changes in credit scores may indicate identity theft and should be addressed promptly.
• Being cautious with unexpected communication. Emails, calls, or messages requesting financial information or urgent action should always be verified independently.
• Checking public records. Identity misuse can extend beyond financial fraud. Any indication that one’s name is linked to unfamiliar legal or criminal activity requires immediate attention.
• Considering identity theft protection services. While no technology can fully eliminate social engineering risks, there are reputable services that provide structured monitoring and recovery support for victims of online fraud.

Romance Threats and Tips for Protection

It’s important to note that romance scams are already among the fastest-growing categories of online fraud and rapidly developing voice- and image-cloning technologies has already impacted the effectiveness and scale of romance and impersonation scams and will definitely make scams more persuasive in the next few years.

According to Low Cost Detectives, romance scams have increased from USD 547M in 2021 to over USD 1.3B in the United States in 2024, with victims losing an average of USD 15K. Victims aged over 50 are the primary targets, nearly half are affected.

Mr Sinicki suggests some tips on avoiding romance and impersonation scams and protect oneself online:

• Remain skeptical but respectful. Stay cautious without undermining the relationship by doubting every word. If an online acquaintance takes offense, it is recommended to explain the need for caution. A genuine person will usually understand, while a scammer may respond with anger or defensiveness.
• Seek a second opinion from someone trusted. Before becoming emotionally invested, consult a friend or family member who may notice warning signs that were previously overlooked.
• Stay vigilant, even when initiating contact. Starting a conversation does not eliminate risk, as scammers can still manipulate the situation.
• Analyze videos carefully. AI-generated videos may reveal subtle flaws, such as unnatural facial movements or blinking, unusual expressions, blurred facial edges, inconsistent skin tones, or irregularities in teeth and fingers.

Social Media’s Role in Modern Fraud

Naturally, social media additionally enhances both the reach and impact of fraudulent activities significantly:

• First, oversharing on social media unintentionally provides fraudsters with information they may misuse. Social media serves as a vast repository of voice and image data, which allows criminals to create sophisticated AI-generated content for impersonating acquaintances and family members. The wealth of personal information and details from private events available on these platforms enables highly customized and convincing scams.
• Second, social media functions as a direct distribution channel for certain types of fraud, such as the promotion of fake e-commerce websites.

Biometry VS Systemic Identity Verification

‘Biometric authentication unquestionably enhances personal security and is effective at mitigating specific fraud types. Therefore, its implementation is highly recommended where available. Nevertheless, it is crucial to recognize that fraudsters adapt their tactics in response to new security measures. As noted previously, the most prevalent scams today do not exploit technical vulnerabilities but rather rely on social engineering to manipulate human psychology where technical solutions have limitations,’ Mr Sinicki adds.

Olga Voloshyna of the Committee on IT and Cyber Security of the German-Ukrainian Chamber of Industry and Commerce is convinced that the most vulnerable point in today’s digital environment is the system of identification and verification. It is precisely through this layer that fraudsters are able to scale their schemes so easily: most of them are built not on technical breaches, but on the skillful creation of someone else’s digital identity and the exploitation of trust.

‘The situation can be changed by shifting the focus from reacting to incidents to proactively confirming authenticity. If users could see how reliable a sender is before any interaction takes place, the opportunities for manipulation would decrease significantly. It’s about creating a shared mechanism for confirming legitimacy that would function across different digital environments—from messengers to online banking. If platforms begin to adopt common source-verification standards, the mass creation of fake accounts would become significantly more difficult and costly. Rethinking how authenticity is confirmed online may be the step that truly curbs the scale of modern fraud schemes,’ Ms Voloshyna shares.

Digital Fraud as a Structural Feature

What’s apparent is that changing today’s digital ecosystem to reduce scam effectiveness at scale is a multifaceted question with complex considerations. Many advanced tools heavily used by scammers, such as AI and social media, also provide significant benefits to the digital ecosystem and are therefore not feasible to eliminate. At that, criminals are inherently adaptive and will continuously seek new vulnerabilities within any changing digital environment. A complete redesign of the ecosystem in search of a perfect solution is unlikely to yield the expected results.

Therefore, Mr Sinicki believes that the most sustainable and instantly actionable solution lies in continuously educating society about emerging cybersecurity threats and scams, understanding their mechanics, and utilizing effective tools to protect oneself and provide support in the event of an incident.

The findings of the NordProtect research underscore that digital fraud is no longer a marginal threat but a structural feature of today’s interconnected economy. As scams grow more sophisticated—blending social engineering, AI, and financial technology—the line between technical vulnerability and human manipulation continues to blur. Addressing this challenge requires sustained public awareness, stronger verification standards, and shared responsibility across institutions, platforms, and individuals to reduce the scale and impact of modern fraud.