Fight Fraud with Threat-Informed Defense

By Suneel Sundar • May 10, 2025

In 2023, global fraud losses totaled USD $485.6 billion from a range of scams and bank fraud schemes according to the NASDAQ 2024 Global Financial Crime Report.

To date, there is no comprehensive detailed enumeration of financial fraud tactics and techniques, similar to what MITRE ATT&CK® has provided for enterprise threats.  As a result, cyber and fraud programs have a knowledge gap among events detected through cyber means on financial institutions’ infrastructure, the material events of fraud affecting the customer, and the controls to disrupt fraud.

In 2025, the Center for Threat-Informed Defense will develop the Fight Financial Fraud (F3) framework of tactics, techniques, and procedures (TTPs) used by fraud actors. The F3 framework may include new techniques that characterize known fraud TTPs. It will reference and refine existing ATT&CK techniques when they are applicable to financial fraud. The F3 framework will include its own new content to describe fraud technical behaviors for which there is no existing ATT&CK content. 

Sign up here to contribute to this effort. The goals of fraudsters hurt us all: social engineering, money laundering, cash out, and more. Our collective success requires that we identify the varied sources of telemetry for fraud detection, and we document the tactics and techniques used by fraud actors.

Get Involved

This project will fuse and analyze cyber and fraud data sources into a common language of tactics and techniques specific to fraud events.

The resulting F3 framework will be the foundation of a longer-term research program that will advance our understanding of financial fraud TTPs, as well as our collective ability to emulate, detect, and prevent them. 

The F3 framework will derive from prior work including the FS-ISAC Cyber Fraud Prevention Framework, the National Retail Federation Retail Fraud Taxonomy, and Verizon’s Data Breach Investigations Report. We will build the framework by modeling documented fraud activities such as Social Engineering, Money Laundering, and Cash Out. We will document the known tactics and techniques of financial threat actors in the context of a fraud event.

Innovation with Global Impact

The cyber challenges we face are bigger than any single organization, sector, or country. Uniting sophisticated and innovative security teams from around the world creates innovative solutions at a global scale. Together we can change the game on cyber adversaries.

MITRE’s Center for Threat-Informed Defense is a non-profit, privately funded R&D organization focused on advancing the state of the art and the state of the practice in threat-informed defense. Together with the global private sector, the Center conducts applied research and advanced development to improve cyber defense at scale. And, since the Center operates for the public good, we freely share our research for the benefit of all.

© 2025 MITRE. Approved for Public Release. Document number 25-0984.

---