The headline number
Buried in Recorded Future's 2026 State of Security (CTA-2026-0212) is a statistic that should make every Canadian fraud-prevention team look up: synthetic identity document fraud rose 300% in Q1 2025 alone. Not over the full year — in a single quarter.
Synthetic identity fraud is when an attacker combines real and fabricated information — often a real SIN with a fabricated name, address, and date of birth — to build an identity that doesn't correspond to any real person. The synthetic identity can pass basic KYC checks, build credit history over months, and then be used to drain accounts or default on loans with no person to chase.
Why it exploded in Q1 2025
Two structural changes converged. The report attributes the surge to:
- AI-driven document generation. Generative AI models can now produce convincing fake driver's licenses, utility bills, passport pages, and bank statements on demand. Open-source models have largely caught up to commercial ones, eliminating the cost barrier.
- Southeast Asian scam compounds going industrial. Recorded Future details how Chinese-speaking transnational criminal organizations (TCOs) have built call-center compounds in Cambodia and Myanmar using coerced labor — now augmented by “AI-driven automation and impersonation tools to carry out scams at an industrial scale.” These operations generated nearly $10 billion in losses in 2024.
Why the Southeast Asian shift matters for Canada
This is the part of the report that gets less coverage than it should. After public outcry inside China, the Chinese government pressured Myanmar to shut down compounds and extradite leaders. Recorded Future then assesses:
“Despite this pressure, many scam compounds remain in operation, and it is likely they will pivot to targeting wealthy Western countries to avoid further interference.”
That includes Canada. Industrial-scale fraud infrastructure that was previously aimed largely at Chinese diaspora communities is being re-aimed. Canadian banks, fintechs, and credit unions should expect the fraud volume curve to bend up sharply through 2026.
The Huione Group tooling layer
The fraud ecosystem isn't just call centers. The report identifies Huione Guarantee — a Telegram-based marketplace, part of Cambodia's Huione Group — as the supply layer for fraud tools. It deals in:
- Deepfake face-swapping capabilities
- Malware-as-a-service
- “Ghost-tapping” tools for retail fraud using stolen payment credentials
- Synthetic document generators
Huione Pay, the group's payment arm, openly supported money laundering. When attackers can buy all the components from one marketplace, the barrier to entry for fraud collapses.
What Canadian financial institutions should do
Synthetic identity fraud is hard to stop with traditional KYC because the inputs look real — the SIN matches the credit bureau, the name and address combinations look plausible, the documents pass basic OCR. The defenses that actually work:
- Cross-bureau and cross-account behavioural correlation. Synthetic identities have telltale onboarding patterns — very thin credit history that suddenly thickens, multiple applications across institutions in narrow time windows, applications coming from datacenter IP ranges. None of these is conclusive alone; correlation across them is.
- Liveness + document authenticity, not just OCR. If your identity verification depends on extracting a name from a license, you'll lose. Tools that verify document microstructure, hologram patterns, and live face-to-document matching catch what OCR misses.
- Velocity controls that don't just count applications. Sophisticated fraud rings rotate IPs, devices, and identity components across applications. Device intelligence + behavioural biometrics catch this pattern even when each individual application looks clean.
- Closer cooperation with PIPEDA-compliant intelligence sharing. The big Canadian banks have done this for years. Smaller credit unions and fintechs should plug into the same shared signals via FINTRAC and industry consortia.
The AI angle is going to get worse
Recorded Future's forward look for 2026 is blunt: “adversaries will almost certainly continue to experiment with AI-assisted phishing, payload tuning, and automated ransom negotiations” alongside synthetic identity work. Generative AI doesn't have to be agentic or autonomous to be transformative for fraud — it just needs to cut the cost of producing convincing fake documents and personas to near zero. That's already happened.
How CyberSafe helps
For Canadian financial institutions, our Financial Services practice brings PIPEDA, OSFI B-13, and FINTRAC alignment together with the actual technical controls needed for the synthetic-identity threat: identity proofing architecture, fraud-pattern threat intelligence, and incident response built around financial-sector regulatory timelines. Our Cyber Defense team can help architect the behavioural-correlation layer that traditional KYC misses.