Fraud is deceptive activity used to obtain money, value, or unauthorized access through dishonest means. In cyber security, it often appears after social engineering or credential theft, when attackers use stolen accounts, fake payment flows, or impersonation to exploit trust. It can be the final goal of a campaign, or one step in a larger chain that also includes malware delivery and account takeover.
Fraud matters because it turns a technical compromise into direct loss. Stolen credentials can be used to approve transfers, change account details, or access business systems for further abuse. Defenders reduce fraud risk by combining email filtering, identity protection, multi-factor authentication, transaction monitoring, and user verification for sensitive requests. The key defense is to break the attacker’s path from deception to unauthorized action.