Banking Threat Bulletin: November 2025
Each month brings new fraud schemes, new victims, and new lessons for financial institutions. What once looked like isolated attacks has evolved into a global, adaptive network that spans borders and industries.
November’s developments show how quickly tactics shift and why vigilance matters more than ever. From sophisticated social engineering to malware that mimics human behaviour, the threat landscape is rewriting the rules of digital trust.
This edition dives into the stories, data, and operations shaping how banks protect customers, revenue, and reputation. It’s not marketing fluff—it’s actionable intelligence for professionals on the front line.
Explore what’s changing now and what it means for staying ahead.
1. Verification of Payee Enters Its First Month
Banks across the euro area are now in the first month of operating under mandatory Verification of Payee (VoP), which came into force in October under the Instant Payments Regulation. The requirement obliges PSPs to confirm that a payee’s name matches the account identifier before a transfer is executed — yet early reporting suggests many European businesses, and even some providers, are struggling with the data-quality and operational demands of the new process.
For financial institutions, VoP’s fraud-reduction potential comes with immediate pressure points. There’s no industry-wide standard for how name-matching should work, leaving PSPs to interpret typos, aliases, and corporate naming variations on their own. To keep trust intact, banks need clear communication, coordinated onboarding of corporates, and alignment on matching logic.
2. Meta’s Scam Ad Machine
A Reuters investigation revealed internal Meta documents showing that the company expected roughly 10% of its 2024 revenue (about $16 billion) to come from ads promoting scams or prohibited products. The same documents estimated that users across Meta’s platforms are exposed to 15 billion “higher-risk” scam ads every day, underscoring how deeply fraudulent advertising is embedded in the platform’s ad economy.
The findings simply confirm what banks already see daily: scams may originate far outside the banking perimeter but the financial fallout lands squarely inside their systems. As scrutiny of platforms grows, banks may face rising expectations around detecting suspicious inbound flows linked to these campaigns.
3. US Toll and Postal Scams Traced to China
Google and US authorities have linked a surge of scam texts impersonating E-ZPass and USPS to fraud groups operating out of China. Investigators say the operation is pushing out well over 100,000 scam SMS messages every day, funnelling victims to phishing pages that harvest payment and personal data.
The case shows how cheaply and quickly cross-border actors can blanket consumers with local-looking impersonation scams, especially as phishing-as-a-service tools make large-scale phishing available by subscription. When global infrastructure powers attacks at this scale, financial institutions need earlier visibility into these phishing funnels to disrupt losses before they land.
4. Black Friday Fraud Spikes as Holiday Season Kicks In
November marked a favorite season for scammers. In the run-up to Black Friday, researchers saw a spike in recycled scam templates, familiar malware dressed up as shopping tools, and this year’s standout tactic: brand impersonation. Amazon topped the list of abused brands, showing up in mobile phishing, bogus coupon emails, and fake discount offers. The fraud activity hit hardest in Europe and North America.
Peak shopping seasons give fraudsters exactly what they need: speed, distraction, and consumers who trust familiar brands. With the Christmas season picking up, banks should expect rising APP scams and card compromises, and watch for the behavioral shifts that show customers sliding into these holiday-driven fraud funnels.
5. Federal Reserve Calls for Broader “Digital Defenders”
The Federal Reserve is calling on financial institutions to lean on richer digital risk signals, with an emphasis on behavioral biometrics, device intelligence, risk-based MFA, and sharper, personalized warnings.
The message lands fast: these “digital defenders” work only when layered together. Banks that rely on legacy rules will fall behind those that combine signals to catch manipulation earlier (especially as AI and deepfakes amplify scam tactics) and verify customers with far greater accuracy.
6. Germany’s Crackdown on Cyber-Trading Fraud
In October 2025, German regulators and law enforcement agencies, working with BaFin, shut down more than 1,400 illegal cyber-trading websites. Many of these platforms targeted German consumers or operated on German infrastructure, exploiting trust in local systems to lure victims into high-risk investments.
The scale of this takedown signals two urgent realities:
- Fraud networks are embedding themselves in national infrastructure to appear legitimate.
- Cross-border cooperation is becoming critical as these schemes often route funds internationally.
For banks, the lesson is clear: monitoring outbound flows tied to investment platforms and tightening KYC checks on high-risk jurisdictions is no longer optional. As regulators intensify scrutiny, financial institutions must anticipate stricter compliance demands and faster reporting cycles.
7. FBI Flags $26M Surge in Account Takeover Fraud
The FBI reports that account takeover (ATO) fraud losses in the US have soared past $262 million this year, driven by credential-stuffing attacks and phishing kits that automate takeover at scale. Investigators warn that fraud rings are increasingly pairing stolen credentials with synthetic identities, making detection harder for banks relying on static checks.
For financial institutions, the takeaway is clear: ATO is no longer a fringe risk. Banks need layered controls that combine behavioural analytics, device fingerprinting, and adaptive authentication to spot anomalies before funds move.
Banking Threat Bulletin highlights the stories shaping global fraud prevention and customer protection. Stay informed. Strengthen trust. Protect your customers.
