The cybercrime landscape has always rewarded speed — smash-and-grab credential theft, rapid account takeovers, opportunistic phishing. But the LexisNexis Risk Solutions 2026 Cybercrime Report, derived from analysis of more than 116 billion online transactions, signals a fundamental strategic shift. Fraud is no longer just fast. Increasingly, it is deliberate, methodical, and terrifyingly patient. The report documents an 8% rise in global fraud rates driven by surging synthetic identity fraud and increasingly sophisticated bots — and the implications extend far beyond financial services into every enterprise that hires, authenticates, or transacts with humans online.

Building a Person from Scratch

Synthetic identity fraud does not steal an identity. It manufactures one. Fraudsters stitch together stolen attributes — a Social Security number from a data breach, a name from a public record, a fabricated employment history — into a coherent human being who has never drawn a breath. What makes this particularly insidious is the investment required to weaponize the identity. These synthetic personas can take months to establish, with fraudsters nurturing them through credit-building cycles and behavioral history designed to pass automated screening. They are playing a long game by design, knowing that patience pays out exponentially when the identity finally activates. The technical barrier to entry has collapsed so completely that a researcher with no image manipulation experience created a job-interview-ready synthetic identity in 70 minutes on a five-year-old computer.

An Eight-Fold Surge That Demands Attention

The LexisNexis numbers are unambiguous. More than one in ten frauds now involves a synthetic identity — an eight-fold global increase year over year, making it the fastest-growing fraud type globally. In Latin America, synthetic identities account for 48% of all regional fraud, previewing what broader global adoption could look like as digital services continue expanding. Meanwhile, malicious bot attacks jumped 59%, with fraudsters deploying tools capable of replicating human behaviors like cursor movements at login with enough plausibility to fool behavioral detection systems.

With no victim to immediately raise the alarm and high potential returns, synthetic fraud is proving deeply attractive to criminal networks. That absence of an immediate victim is precisely what makes detection so difficult — traditional fraud triggers on distress signals from real people, and synthetic identities generate none. Platforms like Socure address this directly, analyzing hundreds of signals across identity graph, device, and behavioral data to intercept manufactured identities that sail through conventional KYC. But detection cannot stop at onboarding. ShadowDragon’s Horizon Identity platform illustrates what the intelligence layer must do underneath — ingesting more than 550 public sources and 15 billion breach records to collapse synthetic personas into a single coherent fingerprint, exposing the shared infrastructure that identity rings use to manage multiple fraudulent identities simultaneously.

North Korea Wrote the Synthetic Identity Playbook

The most operationally dangerous manifestation of this threat arrives wearing a résumé. North Korean state-backed hackers are systematically building fake personas to infiltrate companies as contractors and employees, operating a well-organized pipeline for creating synthetic identities at scale. The number of companies that hired North Korean software developers grew 220% in the past twelve months, with operatives infiltrating more than 320 organizations. DPRK actors used generative AI to forge thousands of synthetic identities, alter photos, and manage simultaneous job applications at scale — and once hired, they exfiltrated data, collected salaries, and in some cases held source code for ransom. Engaging with North Korean workers, even unknowingly, can trigger OFAC penalties, DOJ investigations, and civil and criminal liability.

Effective defense requires thinking in layers. Persona delivers continuous identity verification across the full employee lifecycle, catching synthetic identities that pass point-in-time onboarding checks. iProov’s Genuine Presence Assurance technology detects real-time deepfake injection — the technique DPRK operatives use to pass video interviews with synthetic faces. Nametag closes the gap between HR onboarding and ongoing workforce authentication that state-sponsored operators systematically exploit. And CrowdStrike Falcon Next-Gen Identity Security combines AI-native detection with adversary intelligence drawn directly from tracking North Korean IT worker operations — giving security teams detection logic tuned to actual DPRK TTPs, not theoretical attack patterns.

Why This Matters

The LexisNexis 2026 Cybercrime Report does not describe a threat that might arrive. It describes a threat enterprises are already navigating, whether they know it or not. Synthetic identity fraud has escaped the financial services perimeter and embedded itself in corporate HR pipelines, vendor management workflows, and contractor onboarding processes. The eight-fold year-over-year surge reflects a fundamental shift in attacker economics, where patience, AI-enabled persona construction, and the chronic weakness of point-in-time verification combine to create a threat surface most enterprises have not designed their defenses to address.

The organizations that will contain this threat treat identity as a continuous, multi-layered discipline — instrumenting every phase from document submission through post-hire behavioral monitoring — rather than a checkbox in the hiring workflow. The synthetic identity explosion the LexisNexis report documents is not a future risk on a roadmap. It is walking through enterprise front doors today, collecting paychecks, accessing codebases, and exfiltrating data — and the enterprises that fail to build verification depth across the full employment lifecycle will not know it until the damage is done.