Co-Authors: André Naumann, Xavier Morales, Giacomo Gnecchi Ruscone
The financial services industry is facing a fundamental shift in the threat landscape. Cyber fraud has been increasing in volume and complexity, and escalating, posing a threat that directly challenges an organization’s financial health and reputation. This concerning trend highlights the overlap between scams and cybersecurity and poses a persistent global challenge.
By way of example, the FBI noted that the cost of cyber fraud was $13.7 billion in 2024 in the US alone. This figure represented a nearly 10% increase from 2023, and constituted 83% of all financial losses reported to the FBI in 2024. Likewise, in 2025 the FTC released data that consumers reported losing more than $12.5 billion to fraud in 2024, representing a 25% increase from the prior year.
Most recently, the World Economic Forum’s fraud report noted that cyber-enabled fraud ranks as the second-highest organizational cyber risk after ransomware, further finding that threat actors are successfully “taking advantage of differences in legal systems, enforcement capacity, cyber-maturity levels and regulatory frameworks” to achieve their objectives.
These alarming trends highlight the sheer scale of online fraud and its substantial financial impact on businesses. Worse yet, despite these staggering statistics, they only represent the fraud that’s been reported to these agencies; sadly, the actual losses are estimated to be far higher.
Google takes measures to combat scams and fraud on its platform and services
Given the lucrative nature of these scams, there’s no reason to believe they will abate on their own. The battle against fraud is asymmetric. Attackers use the speed and scale of AI automation and the nuance of psychological manipulation to breach defenses. Implementing an effective defense strategy is critical and time-sensitive. Google has deployed a comprehensive suite of AI-driven tools spanning its cloud, browser, and mobile ecosystems to combat the evolving fraud landscape. These enterprise and consumer-grade capabilities, many of which are enabled by default, help detect and neutralize threats in real-time.
For instance, Google has embedded scam-fighting technology across its suite of products. With the sophistication of online scams on the rise, our safeguards keep the overwhelming majority of scams out of Search, blocking billions of potentially scammy results every day. Our classifiers utilize machine learning algorithms to identify patterns, anomalies, and linguistic cues indicative of fraudulent activity. However, the tactics employed by scammers are constantly shifting and evolving. Staying one step ahead of the scammers requires that we understand emerging threats and proactively develop countermeasures.
What we’re seeing is the traditional fortress mentality focused on protecting one’s own institution in a silo is being replaced by a model of collective defense. The industry has recognized that fraud is no longer just a series of isolated attacks, but a massive, interconnected criminal economy that thrives on the information gaps between banks, telcos, online platforms, and jurisdictional constraints of law enforcement. The focus has shifted toward reciprocal, real-time data sharing, where an abuse report, or flag at one institution becomes an alert for the entire network.
The Global Signal Exchange (GSE)
The GSE was created by the Global Anti-Scam Alliance, Oxford Information Labs and support from Google out of a shared vision and need for a global, cross-sector data sharing platform that would allow the exchange of threat actor signals in real time. The platform was launched in January 2025 with 40 million URLs and domains, and has now grown to over 1 billion available signals from over 50 separate data feeds and more than 100 accredited organizations including online platforms, banks, telcos, law enforcement, government agencies and abuse data aggregators, adding additional signal types such as IP addresses, phone numbers, email accounts and others.
Sharing signals with the GSE can be done either in a one to one, one to many, or one to all setting, and can significantly reduce the signal acquisition costs as organizations sign one agreement with the GSE and can establish the connection to various business units which can then focus on building their own use cases for either sharing or ingesting information. The GSE also publishes League Tables surfacing useful information such as a data-driven ranking of entities within the Internet’s core infrastructure based on the number of abuse reports received. The data used for ranking comes exclusively from primary signal sources. These tables provide an objective benchmark encouraging wider adoption of the most successful defensive strategies.
Google’s anti abuse teams have leveraged the GSE in a variety of ways delivering positive results while helping to identify new threat actors faster and connect the dots to either inform takedowns or disruption of the underlying assets, utilize the signals as training data to fine tune machine learning classifiers or inform criminal referrals to law enforcement. A recent pilot between Google and a law enforcement agency, facilitated by the GSE, led to the identification and disruption of a network of fraudulent accounts where the GSE enabled the Google team to make inferences from a few dozen suspicious accounts to a large cluster of abuse pointing to a threat actor from West Africa. Another example involves the exchange of ‘Malvertising’ data as part of a pilot under the guidance of the UK Advertising Association which helped participating teams at Google to identify and start tracking more effectively new Malvertising campaigns and threat actors.
These signals are shared by Google and other accredited organizations from around the world and across different sectors such as tech, telecom, finance, and also law enforcement. This cross-sector collaboration not only accelerates investigations and disruptions, but also helps identify infrastructure which bad actors exploit.
Google’s Priority Flagger Program (PFP)
Google has long maintained a voluntary program for a range of specialist partners to flag content they believe violates Google’s policies on certain Google products. The PFP is by invitation only. Reporting partners are selected according to Google’s eligibility criteria, including the need to have an identified expertise in fighting online scams and fraud, as well as capacity to submit requests. Partners are also offered the opportunity to have ongoing discussions and share feedback.
For instance, the Financial Services branch of the PFP was a significant step in further enhancing our scam detection and prevention efforts. Launched in partnership with FS-ISAC in the spring of 2025, the program has been tackling the most common challenges reported by financial services organizations: scam ads, phishing emails, and executive impersonation, by helping to streamline the process of identifying, reporting, and mitigating fraud threats related to potentially harmful content impacting Google platforms. Not only are the signals submitted by partners used to inform tactical actions, they are also used to improve future detection, creating a flywheel effect that supports proactive efforts to catch and deter similar abuse in the future.
Paths Forward for Collective Defense
Defeating global scam networks requires a collective defense strategy. While we continue to invest in litigation, research, user awareness, and advanced tooling, individual efforts aren't enough to dismantle the infrastructure and business models scammers rely on. To truly move the needle, we must unify industry, law enforcement, and government efforts through active collaboration. We encourage you to explore these two key initiatives designed as key enablers to disrupt bad actors:
- Global Signal Exchange: Facilitates the strategic sharing of threat intelligence to track and stop criminal organizations.
- Priority Flagger Program through FS-ISAC: Streamlines tactical takedowns of fraudulent content.
Both programs feature low barriers to entry and are essential to our shared goal of protecting users at scale.
For further information on our efforts in this space, refer to our recent scams advisories and blogs on our approach to combating fraud: