Singapore, 9 February, 2026 — Fraud teams across e-commerce, mobility, and superapps are facing a common problem: they are not short of alerts, they are short of actionable intelligence. While many intelligence tools surface “malicious activity,” fraud and trust teams still have to spend time and headcount to figure out which accounts are linked, which identities are reused, and which transactions are at risk.

According to the latest 2025 Global E-commerce Fraud Risk Report, Threat Hunter recorded over 15 million fraud-related risk signals globally, a 226% year-on-year increase, alongside 1.6 million fraudulent accounts, up 55% from the previous year. This surge is not driven by more amateur abuse, but by organized, full-lifecycle fraud operations targeting refunds, disputes, and after-sales rules as core profit channels.

To address the operational reality behind these trends, Threat Hunter today announced DarkSphere, a signal-to-decision anti-fraud intelligence platform designed to reduce alert noise by structuring raw external signals into clear, usable risk scenarios and action-ready risk profiles.

Why this matters now

Fraud does not show up as a single “bad indicator.” It shows up as repeatable, business-facing scenarios: multi-account creation, promo abuse loops, account takeover, refund abuse, and dispute pressure..

In the gig economy, where identity and account behaviors shift quickly, Threat Hunter’s monitoring shows malicious refund fraud has become an industrialized service, with organized groups selling “guaranteed refund success” and achieving profit margins of 40–73%. These attacks are designed to exploit platform logic at scale, leaving fraud teams with high alert volumes but limited ability to see which accounts, identities, and transactions are truly linked and at risk.

These are not problems solved by more alerts. They are solved by faster decisions and fewer false positives.

What “risk tags” means in practical terms

DarkSphere’s “risk scenario” tagging (often referred to as risk tags) means the platform automatically classifies raw intelligence signals into the type of fraud problem a team is trying to stop, so the output arrives already organized for triage and action.

Instead of delivering a stream of fragmented signals that require manual correlation, DarkSphere presents each signal as a structured risk profile including scenario context, related groupings, and behavioral indicators, so teams can understand what’s happening and act with confidence.

What DarkSphere changes for fraud teams

DarkSphere is built to support daily fraud operations by focusing on outcomes:

• Less noise, faster triage: Automatically classifies and labels raw signals by risk scenarios, reducing manual analysis and improving operational efficiency.

• Decision-ready intelligence: Structured risk profiles help teams quickly understand threats and move from investigation to action.

• Real-time alerts that improve over time: Handling outcomes are fed back into the system to refine models and improve detection precision.

• Industry-level visibility: Aggregates intelligence across industries to surface broader fraud trends and concentration of risk.

  
  

A data point that shows what “actionable” looks like

In one example from Threat Hunter’s fraud intelligence work, a leading e-commerce platform uncovered over 84,000 high-risk credit cards in one month, preventing more than US$6 million in potential fraud losses, and noted that the intelligence was delivered in a structured format that could integrate into analytics and risk models.

“Fraud teams don’t need more dashboards or more alerts,” said Tim Bi, CEO of Threat Hunter. “They need intelligence that maps to real business risk such as accounts, identities, and transactions, so they can stop promo abuse, reduce dispute exposure, and protect growth without expanding headcount.”

“DarkSphere was built to turn fragmented external signals into structured, case-ready insights,” said Danny Wang, Chief Product Officer at Threat Hunter. “The goal is simple: reduce noise, speed up decisions, and help teams act earlier.”

Availability

DarkSphere by Threat Hunter is participating at WorldEF Dubai, 12 - 14 February 2026. Alternatively, you can access your organization's risk assessment snapshot here.

For media queries, please contact marketing@threathunter.com.