Entrust: Why Deepfakes and Injection Attacks Are on the Rise

Is there ever a right time to do the wrong thing?

Surprisingly, the answer appears to be yes.

According to the 2026 Entrust Identity Fraud Report, cybercrime activity reaches its highest levels between 2:00am and 4:00am UTC.

That’s when global cyber crime groups, operating around the clock, exploit gaps that appear as regional security systems ease during off-hours.

With organised crime networks now weaponising AI to drive cyber attacks, both the volume and complexity of fraud continue to soar.

The chief offender is deepfakes, identified in the report as the cause behind one in five biometric fraud attempts.

It’s a key element of an evolving fraud playbook, as injection attacks continue to climb by around 40% each year.

“As detection improves, fraud rings evolve, becoming faster, more organised and commercially driven,” says Simon Horswell, Senior Fraud Specialist Manager at Entrust. 

“Generative AI and shared tactics fuel volumes and sophistication, targeting people, credentials and systems. 

“Identity is now the front line and protecting it with trusted, verified identity across the customer lifecycle is essential to staying ahead of adaptive threats.”

What are digital injection attacks?

Digital injection attacks are a growing threat used to spoof authentication systems and bypass biometric verification by feeding manipulated images or videos directly into the data stream, often using deepfakes or replay attacks.

These attacks can convincingly mimic not only static documents but also live-capture experiences, making detection especially challenging.

According to the Entrust 2026 Identity Fraud Report, the use of deepfake selfies surged by 58% in 2025.

Criminals employ a variety of tactics to evade security, including photos of screens or printouts, 2D and 3D masks, videos of videos on screens, and videos of photos displayed on screens.

Which industries are affected by cyber fraud the most?

The report reveals that the cryptocurrency sector, which offers sign-up bonuses, experiences the highest rate of onboarding fraud attempts, hitting 67%.

Meanwhile, in the payment and banking sectors, account takeover (ATO) fraud dominates, representing an overwhelming 82% of all fraudulent activity.

Account takeover fraud involves malicious actors gaining access to user accounts through stolen credentials, phishing, malware or social engineering, which is then used to steal funds or harvest sensitive data.

The industry also faces a large number of fraud aimed at overriding their authentication systems. 

National IDs are the most abused documents by counterfeiters 

The report indicates that document fraud remains concentrated heavily in physical forgeries, which still account for 47% of cases.

However, digital counterfeits show remarkable sophistication due to the widespread use of AI tools by fraudsters.

Among the documents being counterfeited, National ID cards represent nearly half (46%) of all fraudulent submissions, underscoring their appeal to criminals targeting identity verification systems.

In today’s landscape of AI-driven cybercrime, leveraging AI-powered cyber defence emerges as a critical solution. 

Tony Ball, President of Payments & Identity and Incoming CEO at Entrust says: “With over one billion identity verifications conducted across 195 countries and more than 30 industries, Entrust offers unparalleled insights into how fraud operates and how to help mitigate it.

"Our global reach and deep fraud intelligence mean we’re uniquely placed to drive continuous innovation and share meaningful insights for customers.

“The future of digital trust lies in layered, identity-centric strategies powered by AI, delivering fraud prevention and seamless user experiences.”