PERSONAL
BUSINESS
English
United Kingdom English
United States English
Botswana English
Brazil Português
Canada English
Canada Français
Chile Español
China 繁體中文
Costa Rica Español
El Salvador Español
Guatemala Español
Honduras Español
Hong Kong English
Hong Kong 繁體中文
India English
Kenya English
Malawi English
Mexico Español
Namibia English
Nicaragua Español
Philippines English
Rwanda English
South Africa English
Tanzania English
Trinidad and Tobago English
Uganda English
Zambia English
Zimbabwe English
Contact Us
PERSONAL
BUSINESS
Contact Us
| |
English
United Kingdom English
United States English
Botswana English
Brazil Português
Canada English
Canada Français
Chile Español
China 繁體中文
Costa Rica Español
El Salvador Español
Guatemala Español
Honduras Español
Hong Kong English
Hong Kong 繁體中文
India English
Kenya English
Malawi English
Mexico Español
Namibia English
Nicaragua Español
Philippines English
Rwanda English
South Africa English
Tanzania English
Trinidad and Tobago English
Uganda English
Zambia English
Zimbabwe English

Attack vs. Defence: Bots, Synthetic Identities and the Invisible Tactics Behind This Summer of Football

07/06/2026
Blog
Horse Racing

Not all fraud attacks are obvious, or even noticeable. Some are happening in the background - fast, automated and largely invisible. 

Every second, as users log in, browse and transact, another kind of activity is unfolding: coordinated, scalable and increasingly sophisticated. 

This is the world of bot attacks and synthetic identity fraud, and it’s growing rapidly.

The attack

Fraud has evolved. It’s no longer the work of individuals, but coordinated networks operating at scale through automation.

These attacks test stolen credentials across platforms, create thousands of accounts simultaneously, and mimic real users to evade detection.

At the same time, fraudsters are building entirely new identities.

Synthetic identities — created from a mix of real and fabricated data — are now one of the fastest-growing threats: fraud cases linked to synthetic identities have increased by 184% since 2019.1 Up to 5 million identities in the UK may be synthetic.1

These identities don’t just appear, they are built over time, establishing credibility before being used to commit fraud

Account takeover: the second half comeback

While onboarding is the first target, existing accounts are just as valuable.  Account takeover fraud has risen by 37% year on year.2  Using stolen credentials and bot-driven attacks, fraudsters can access legitimate accounts and change details to make transactions appear genuine.

From the outside, everything looks normal. But behind the scenes, control has changed hands. 

Why these attacks are so hard to stop

The challenge isn’t just scale, it’s believability.

Modern bots can: mimic human behaviour, replicate interaction patterns and blend into legitimate traffic. Synthetic identities can pass traditional verification checks and appear consistent across multiple interactions. As a result, the line between real and fake is becoming harder to differentiate. 

The defence: seeing what others miss

To counter these threats, defence needs to be as adaptive as the attack. 

For consumers, protection comes down to a few key habits:

  • Enable multi-factor authentication
  • Use strong, unique passwords, or adopt passkeys where available
  • Regularly monitor accounts for unusual activity

For businesses, this means taking a holistic view of identity. Behavioural analytics can flag unusual activity, while device intelligence helps detect suspicious patterns across sessions. When combined with identity linking, these signals create a clearer picture of risk. 

Final whistle: staying one step ahead.

High-profile sporting moments drive spikes in digital activity, and fraudsters move just as quickly. 

As bots and synthetic identities become more advanced, both businesses and consumers need to adapt. Because in this invisible match, the difference comes down to which organisations are combining the relevant analytics and systems to protect users.

Check out our latest guide — Verifying Digital Identities — for more details on how TransUnion uses Document Verification and Facial Biometrics (DVFB) to empower organisations to verify identities with confidence.  

1 TransUnion Synthetic Identity Guide

2 TransUnion Global Fraud Trends H1 2026

 

Insights and Events

View All
View All

If you’re a consumer with questions or issues related to your personal credit report, drivers history report, disputes, fraud, identity theft, credit report freeze or credit monitoring services, please visit our Customer Enquiries page for assistance.

Contact Us

TransUnion would like to send you original insight, commentary and research on data, software and analytics, early notifications of exclusive events and information about our products and services. If you would like to receive that information, please let us know using the following options:

Business enquiries: If you have a non-sales related query please call us on (+44) 0113 538 0016

Please read our privacy notice , which explains who we are, how we collect and use your personal information and how you can exercise your privacy rights.

We're sorry, your request failed. Please try again in a little while.

©2026 TransUnion Information Group Limited. All rights reserved. Registered in England and Wales with company number 04968328. Registered office: One Park Lane, Leeds, West Yorkshire, LS3 1EP. TransUnion International UK Limited, part of the TransUnion Information Group, is authorised and regulated by the Financial Conduct Authority under registration number 737740. Authorisation can be checked on the Financial Services Register at www.fca.org.uk. TransUnion International UK Limited is a credit broker and not a lender. TransUnion Information Group Limited and its subsidiaries utilise the TransUnion name under licence from TransUnion LLC.