Fraud + Behavior: The New Blind Spots

By Sandra Wasicek, ZorroFi

Fraud isn’t standing still — it’s evolving with AI, deepfakes, and synthetic identities that slip past traditional KYC tools. Deloitte projects losses could hit $5B by the end of 2025.

The recent Salesforce breach shows how it plays out in practice. Hackers from ShinyHunters and Scattered Spider targeted institutions like Allianz Life, Google, and others. They didn’t exploit Salesforce itself, but used phone phishing (“vishing”) to impersonate IT support and trick employees into granting access. Once inside, they used Salesforce’s own bulk export tool to quietly extract millions of customer and policy records. Allianz alone saw 1.4M records compromised.

The weak point wasn’t the platform — it was trust. Employees assumed that if a request came from “IT,” it was safe. Institutions assumed that once a third-party tool was connected, it didn’t need further scrutiny. Psychologists call this authority bias: when a source looks familiar or official, we stop questioning.

And that’s the same blind spot fraudsters exploit with synthetic identities. Fake businesses and doctored documents can clear every standard check. What they can’t fake are behaviors: the pacing of an application, the consistency of devices, the flow of deposits. Real customers move naturally; fakes rush, switch devices, or cycle money right before statements.

👉 The way forward: Community institutions shouldn’t abandon trust — it’s their strength. But they need to pair it with lightweight, continuous verification. Behavioral checks like device consistency, upload timing, and anomaly alerts protect relationships without adding friction for real customers."