Singapore, 5 February 2026 – Threat Hunter, a global threat intelligence provider helping digital platforms turn underground risk signals into clear, operational decisions, today released its 2025 Global E-commerce Fraud Risk Report, highlighting a sharp shift in how fraud is carried out across marketplaces and consumer platforms.
Threat Hunter’s 2025 monitoring recorded 15 million fraud-related risk signals, a 226 per cent year-on-year increase, and captured 1.6 million fraudulent accounts, up 55 per cent from the prior year. The report also documents how refund abuse is increasingly packaged and sold as a repeatable service, complete with pricing models and “success rate” messaging.
“Fraud is not just growing. It is being operationalised,” said Tim Bi, CEO, Threat Hunter. “Many teams are still measuring fraud as isolated events. Operators measure it as success rate. That difference is why the same schemes keep returning.”
Key findings from the 2025 report
Refund fraud is becoming a service model. Operators are running organised refund networks and positioning refunds as a paid outcome rather than a one-off abuse tactic. Commissions commonly sit in the 20% to 30% range, with some examples observed at 35%.
Fake Tracking ID fraud is exploiting logistics blind spots. One growing tactic leverages gaps in returns verification and “delivered” statuses to trigger refunds even when goods are not returned, turning logistics signals into an attack surface.
AI-generated evidence is raising the credibility bar. The report notes increasing use of generative AI to fabricate images and other “proof” designed to pass manual review and workflow checks, shifting the challenge from simple verification to credibility at scale.
What e-commerce leaders can do next
Threat Hunter recommends three practical moves that reduce repeatability, not just incident volume:
Treat logistics events as evidence, not truth by adding step-up verification when refund outcomes rely heavily on delivery or return statuses.
Track fraud success rate in refunds and disputes, not only detection rates, to identify where controls are being reliably beaten.
Update review playbooks for synthetic evidence so teams can identify and handle AI-generated “proof” designed to win manual decisions.
“The goal is not to flood teams with more alerts,” Bi added. “It is to help platforms identify who is abusing which workflow, and what to change next so the same playbook stops working.”
For media queries, please contact marketing@threathunter.com.
One more step to download this research.
Thank you for the submission.
You will receive a confirmation email shortly.