Products
Use Cases
Customers
Resources
Company
Book a demo
Products
Documents Detect document fraud in any PDF or image file, from anywhere
Transactions Boost any existing transaction monitoring system with AI
Defence in Depth Detect fraud and fincrime throughout the customer lifecycle
RAI-LinkedIn-Logo
How to get started with Resistant Documents Jump right in — get an overview of the basics and get started on building.
Watch now
WhitePaper_TheThreatofSerialFraud
The Threat of Serial Fraud Read our whitepaper about danger of Serial Fraud
Watch now
The Threat of Serial Fraud
WhitePaper The Threat of Serial Fraud
Read the Whitepaper
Documents
Merchant Onboarding Verify KYB documents in under 20s
Loan Underwriting Confidently approve more loans with fewer defaults
Tenant Screening Check applicant documents for misrepresentation
Claims Escalate fake claims and process real ones instantly
Marketplaces Strengthen seller onboarding in seconds
Transactions
AML Catch more financial crime with less
APP Fraud Protect scam victims and spot fraudster accounts
BNPL Differentiate fraud from defaults to increase profit
image-graph-placeholder
The Threat of Serial Fraud Read our whitepaper about danger of Serial Fraud
Watch now
Webinar
image-graph-placeholder
Watch on demand
Payoneer High-volume merchant onboarding automation
Habito Confident decisioning in online mortgage brokering
Finom Cross-border AML transaction monitoring
Verto Pan-African merchant onboarding
LYNK Capital Commercial real estate loan fraud prevention
Planet42 Rent-to-buy car subscription loans automation
Close Brothers 22x ROI in Motor Finance fraud prevention
image-graph-placeholder
The Threat of Serial Fraud Read our whitepaper about danger of Serial Fraud
Watch now
usecase-tax
The Threat of Serial Fraud Read our whitepaper about danger of Serial Fraud
Watch now
Webinar
image-graph-placeholder
Watch on demand
Resources
White papers
Webinars
Event insights
ROI Calculator
Support
Trust Center
Documents API
image-graph-placeholder
The Threat of Serial Fraud Read our whitepaper about danger of Serial Fraud
Watch now
Webinar
Account Farms Webinar Replay
Watch on demand
About us
Blog
Threat Intel
Industry insights
Partners
Careers
Press releases
image-graph-placeholder
The Threat of Serial Fraud Read our whitepaper about danger of Serial Fraud
Watch now
Webinar
Account Farms Webinar Replay
Watch on demand
Blog

Top 5 threat intel insights of 2025

Resistant AI Logo
Jan Indra
Published on 22.12.2025
Updated on 22.12.2025
Resistant AI Logo

Our Threat Intelligence Unit spent 2025 the right way: researching and investigating emerging threats within the financial crime ecosystem. 

We kept expanding our catalog of  online template farms where you can buy bank statements, utility bills or ID documents with a few simple clicks. 

We also lifted the cover off a sophisticated "verified" account market, exposing another tier to the fraud-as-a-service economy. 

And that was all before the end of the summer. Our team went on to demonstrate the alarming ease with which these services can be used, and even dabbled in our own follow-up to an FBI investigation

It’s been a busy year to say the least. If you want a recap on the most important moments (or if you missed any of the shocking insights along the way), read on to get our top 5.

1. Document Fraud via Template Farms is Industrial-Scale

Our ongoing research shows that what was once a niche realm for graphical experts has become an industrial-grade, easily accessible market with 360k+ templates from 15k+ different issuers, distributed by hundreds of websites with millions of visits on a monthly basis. These documents go at an average price of a template at around $28 (and often much lower).

Moreover, this is only a fraction of the actual market size. Much of the activity is conducted via messaging apps like Telegram where farmers and fraudsters benefit from direct communication, bot automation for order placement or processing purchases end-to-end. And there’s still hundreds to thousands of channels we’ve yet to survey.

All this means anybody can quickly (e.g. via a simple Google search and a couple clicks) get their hands on a cheap, medium-to-high-quality fake document. The fraud-as-a-service providers are as rampant as ever.

Moving into 2026, we anticipate an even larger scale market supplying these illegal documents, and we’ll focus on further expanding our research scope and the amount of threat actors we monitor and gather data on.

SEO_GRAPHIC_OVERALL

Overall stats on template farms and their offering

Want to find out more about the fake document market? Check out our articles on template farms or templates themselves, or dive into the "life" story of one of the most "famous" template farms known as OnlyFake.

 

Summary

    2. You can buy a “verified” account for pretty much anything

    Aside from template farms spewing out fake document templates, our research this year has heavily focused on understanding the shadow market for “verified” accounts.

    This criminal market is still growing with tens of thousands of sellers, buyers, and new actors joining at a rapid pace.

    Operationalized via websites, social media or, most importantly, messaging platforms, we’ve identified hundreds of thousands of account offerings for more than 3k different platforms and companies, including:

    • Traditional and digital banks
    • Crypto platforms
    • Exchanges
    • Marketplaces
    • Social media
    • Freelance portals
    • Delivery services
    • And more!

    A scatter plot "zoom-in" showing identified exposed companies
    and their level of exposure based on no. of account offerings
    and their average price

    It’s not like these are competing markets. The “verified” account selling threat incorporates document selling. Account farmers monetize the verification and access to an account itself, and the package being sold contains not just account logins, but often includes various documents, identities, contact information and infrastructure, or even company formation itself.

    This is fraud enablement at its finest, and (as we’ve experienced ourselves) these farmers are selling the real deal.

    Serial fraud, money laundering schemes or large, global scam operations, all of these are benefitting from account farmers enabling financial crime at scale.

    Want to learn more about the "verified" account market? Check out our deep-dive webinar from September.

     

    3. Farms are unkillable 

    Earlier this year, the FBI announced their takedown of a notorious document farm: VerifTools.

    Domains and data were seized, fines were issued. Initially, it seemed to be a positive story: law enforcement successfully battles the online fraud enablement ecosystem.

    But VerifTools was never really taken down. Our team mapped out how it resurfaced in the last 6 months, and how it already recouped much of its significant traffic and following (check out the full story in our latest article).

    TI_ARTICLE_Verif_Tools_FEATURED_IMAGE

    The VerifTools story is not an outlier. It’s symbolic of something we’ve been saying all year: these online farms are unkillable.

    They shift domains, use mirrored TLDs, and replicate back-ends. When sites or channels are taken down, they communicate promptly, informing their audience on already launched and functional alternatives.

    And, of course, they leverage the possibilities of global internet infrastructure: VPNs, servers spread out across the world, special browsers, sock puppet accounts, you name it…

    In short, the best (and most dangerous) farmers know very well what they’re doing, have proper operational security procedures set up, and anticipate that they might be targeted or monitored.

    Understanding the aspect of farm unkillability, our hope and vision for true financial crime prevention is rooted in proper detection mechanisms, proactive research and monitoring, and continuous development.

     

    4. Gen AI is almost perfect at faking documents

    2025 proved to be a huge year for GenAI.

    And that is very true with respect to document fraud as well. Various models got leaps and bounds better at generating convincing images of fake documents, and while we might have talked about some visual imperfections during our webinar in May, these seem to have largely disappeared a few months later.

    Visual and content perfection is simply really, really close.

    API workflow automation for document farmers as well as experienced fraudsters is likely happening as I’m writing this.

    And there’s millions and millions of users of these tools being added weekly, further enlarging the potential pool of people who might be tempted to test GenAI for document fraud purposes.

    Whether it’s expense fraud, insurance scams or faking an invoice, the number of harmful use cases for document fraud is only gonna grow.

    That said, the GenAI threat is not a novelty for us. This is just another of the tools in the fraudster arsenal. And we are continuously engineering our systems to be robust not just against a single technique such as GenAI, but against a layered combination of techniques used by the most sophisticated adversaries.

    Our new GenAI detectors are an ensemble of detectors that work to identify if an image bears any signs of AI generation. This includes but goes well beyond basic and obvious metadata checks: our models analyze both the visual textures and structural patterns of documents and photos, flagging anomalies that typically escape the human eye in images and PDFs. 

    And they are trained on real-world data only possible thanks to the hundreds of millions of documents we have processed, and are continually updated to recognize the latest generation techniques.

    Want to learn more about "ThreatGPT"? Check out our deep-dive webinar from May.

    TI_ARTICLE_top_TI_insights_ThreatGPT_webinar_post

     

    5. Template hubs are an endless source for fraudsters and farmers alike

    Our research distinguishes “template farms” (services that design + sell editable document templates) and “template hubs” (more general platforms hosting documents/images which can then be misused for fraud).

    And earlier this year, we reported on our extensive research on the role of document-hosting sites like Scribd, Issuu or even Academia when it comes to the availability of document templates.

    Turns out these sites are heavily used by some farmers as advertising channels and, more importantly, that these sites contain potentially tens to hundreds of thousands of authentic documents uploaded by unsuspecting members of the public. These originals can then be (and likely already are) quickly edited and weaponized for further fraudulent use.

    This is yet another threat within the document fraud ecosystem that needs to be taken into account.

    Curious about some stats or examples of documents just waiting to be harvested by farmers and utilized by fraudsters? Check out our article on template hubs.

    ARTICLE_Template_Hubs_Featured_Image
    Threat Intelligence
    Popular

    Any document. Anywhere

    150,000,000+ docs verified, language agnostic, and compliance friendly
    Book a demo
    You might be interested in

    Related articles

    Resistant AI Blog What is fraud prevention? Resistant AI Blog KYC verification: Ultimate guide Resistant AI Blog How to spot fake letters of credit