What Fraudsters Like?

Filter by Tags

HumanBehavior (48) OrganizationAtRisk (42) SocialEngineering (29) Cyber (27) TechnologyRisk (24) DeviceSecurity (24) InsiderThreat (16) SocialNetworks (12) Crypto (9) AIEnabled (7) Compliance (6) Cloud (6) GamingSecurity (5) #WhatFraudstersLike (1) #ShellCompanies (1) #FinancialCrime (1) #AML (1) #CorporateTransparency (1) #LetsTalkFraud (1)
A cartoon money bag labeled "ACCOUNT" is sound asleep in a bed covered with cash and loudly snoring "ZZZ," while a shadowy figure with bright eyes wearing a red mask peeks through the window, reaching in.
#WhatFraudstersLike #AccountTakeover #PaymentFraud #InsiderThreat #LetsTalkFraud
📚 References & Further Reading

Fraudsters Like Dormant Accounts!

Do you know what fraudsters hear when you say “dormant account”? One thing: low attention.

What counts as dormant?

Banks use different timeframes. In the GCC, accounts are classified as dormant after 12 months (UAE/Bahrain current accounts) to 24 months (Saudi Arabia/Bahrain savings accounts) of no customer-initiated activity. Some jurisdictions stretch this to 15 years; others flag accounts after just 6 months.

Even accounts below "dormant" status - those with very low activity but still fully accessible - attract the same fraudster attention.

Why fraudsters like dormant accounts:

💳 Low-activity accounts are ideal for fraudsters to launder funds quietly, keeping transactions small and subtle to avoid detection.

🏦 The long history of these accounts makes them appear trustworthy, sometimes even boosting internal credit scoring.

🕵️ Unusual activity often doesn’t stand out quickly because the account owner isn’t actively monitoring it.

👥 Dormant or low-activity accounts with large balances are attractive targets for embezzlement or abuse by bank staff with access.

📊 DataVisor found that 65% of account takeover attempts target accounts unused by their rightful owner for 90+ days, and 80% target those inactive for 30+ days. That's not a minority - that's two-thirds of all ATO attacks. And the scary part: those dormant accounts often contain real money. They're reserves. Emergency funds. Inheritance accounts. Exactly what criminals want[ref].

Javelin reports that account takeover fraud losses climbed to $15.6 billion in 2024, up $2.9 billion from 2023's $12.7 billion and up from $11 billion in 2022. This three-year escalation is a clear sign that the risk is growing.

🚨 What can we do?

For account owners: Stop treating dormant accounts like set-and-forget savings accounts. They're liabilities. Close what you don’t use. Even if you keep an account as a reserve, check it regularly and enable alerts, use strong credentials, and add MFA.

For banks: Flag low-activity and dormant-status accounts as high risk. Apply enhanced monitoring, step-up authentication on reactivation or unusual transactions, and audit employee access to these accounts.

Fraudsters thrive where "quiet" equals "ignored". Let’s turn dormant into defended.

Filter tags: 🏷️ HumanBehavior 🏷️ OrganizationAtRisk 🏷️ TechnologyRisk 🏷️ Cyber 🏷️ InsiderThreat 🏷️ Compliance
📚 5 references
1 min read December 8, 2025
← Previous Post 64 of 64