Cyber Security

Unmasking Gray Actors: How to Spot and Stop a Costly Wave of Fraudulent Behavior

Subtle deceptions hook unsuspecting victims; risk mitigation measures can be mobilized.

Friday, October 6, 2023

By Tamas Kadar


A new breed of cybercriminals has emerged in the online realm. Known as gray actors, they pose a significant challenge for online fraud prevention specialists and businesses, increasingly targeting sectors such as manufacturing and financial institutions.

Financial fraud is one of the most common types of crime around the world. In the U.S., organizations in the top 10 states alone lost $6 billion through cybercrime activity. In the U.K., criminal gangs stole over £583 million from the public and small businesses by posing as banks and service providers.

Unlike overt and easily recognizable “black hat” adversaries, gray actors employ subtle and deceptive techniques so that they often evade initial suspicion when exploiting vulnerabilities in online systems.

Let’s delve into the rising threat of gray actors and explore actionable tactics that businesses can adopt to identify and prevent their fraudulent activities.

Who Are They?

Gray actors’ numbers have surged in recent years. They are individuals who engage in fraudulent activities without overtly displaying malicious intent. They operate with subtlety, avoiding early detection, making it challenging to identify them and thwart their schemes.

Why the surge? The most obvious factor to point to is the current state of the global economy. Money is tight across the board, and gray actors are preying on people who are looking to make a quick buck to ease their own financial situations – people who tend to be young, unaware, or even among society’s most vulnerable.

SEON’s Tamas Kadar: Social media is a gateway.

One concerning aspect of the rising gray actor threat is the exploitation of young and unsuspecting individuals. Recent data shows those under 21 account for around one in five cases of suspected money muling.

Social media platforms have become a gateway for gray actors targeting young people seeking ways to earn extra money.

Lured by promises of quick cash, these victims may unknowingly become money mules, and inadvertently participate in illegal activities that carry severe penalties and disqualify them in the future from mortgages, jobs and student loans. They can lose their life savings and even face jail time.

How Money Muling Works

A money mule is someone who facilitates the transfer of stolen funds on behalf of criminals.

Victims start off responding to what may seem semi-legitimate. It could be a youth innocently clicking a pay-per-click job advert on Google in the hopes of earning some extra part-time income.

In such a case, gray actors exploit a person’s vulnerability with terms like “quick cash”, “make money now” and “make money fast” on Snapchat, Instagram or TikTok. The gravity of these actions become apparent too late – after victims unwittingly provided personal information, facilitating illegal money transfers while earning a cut of the proceeds. Back in 2021, the BBC’s Crimewatch Live highlighted a 78% year-on-year increase in under-21s taking part in money mule activity during the so-called Generation COVID period.

However, they often remain unaware of the source of the funds, which could be linked not just to fraud, but to outright heinous crimes like human trafficking, gun running and drug trading.

Amber Burridge, head of fraud intelligence at Cifas, the U.K. finance and fraud prevention body, said: “Two-thirds of the U.K. population now use social media as a way to communicate with each other. This activity is being marketed in such a way that it doesn’t seem illegal, and we know from previous research that a quarter of those aged 18 to 34 think that money muling is a reasonable behavior.”

The growth in this activity led to a worldwide effort to crack down on money muling. Just between September and November 2022, Europol reported 2,469 money mules were arrested and prevented them from laundering a combined total of €17.5 million.

The Most Prevalent Tactics

While money muling is becoming a more prevalent form of cyber attack, there are trends in the type of tactics being utilized:

  1. Sophisticated and Targeted Techniques
    In the case described above, criminals recruit victims and explain to them what they need to do, or even threaten and manipulate them. In most cases, though, they will neglect to mention the severity of the situation and conceal their true intentions.
    Some gray actors will employ advanced hacking tools, but unlike their more malicious counterparts, they do so with the intent of staying completely undetected for as long as possible.
  1. Meticulous Planning
    Gray actors study their targets’ behavior and vulnerabilities and often prefer long-term schemes that gradually build up trust, allowing them to strike when the victim is least expecting it. Young people looking to make some extra cash, sometimes out of sheer desperation, are disconnected from the reality and seriousness of the situation, and gray actors often target such vulnerabilities.
  2. Impersonation
    Using similar approaches to the above examples, gray actors often pose as legitimate users or representatives to earn their victims’ trust. They are essentially blending in seamlessly with the online community, such as on TikTok, Snapchat, and Instagram, ready to start the process within as little as 10 minutes. Consider that many gray actors are young themselves.
  3. Exploiting Loopholes
    Instead of relying on obvious exploits, gray actors identify and exploit vulnerabilities that may not be immediately apparent, bypassing security measures with subtlety. For example, those who know not to get caught will withdraw money in ways that are hard to detect, such as by blending it with legitimate transactions.

Actions to Mitigate the Threats

When it comes to fraud detection, to get your fraud cases to zero, you may as well close your shop. While that’s an extreme measure, it is the only possible way of eliminating the risk.

However, there are actions businesses can take to mitigate these threats.

To counter the rising threat of gray actors, organizations – particularly banks and financial institutions – can implement the following strategies.

  1. Analyzing User Behavior
    One effective detection method is through an in-depth analysis of user behavior patterns. This involves examining user activity and transaction history, and looking for deviations from typical patterns. Unusual activities, such as a sudden increase in transaction volume, or accessing multiple accounts from various locations, might be indicative of a gray actor attempting to conceal their tracks.
  2. Behavioral Biometrics
    Behavioral biometrics can add an extra layer of protection against gray actors. By analyzing typing speed, mouse movements and other behavioral data, fraud prevention systems can detect inconsistencies that may reveal a potential fraudster masquerading as a legitimate user.
  3. Data Analytics and Machine Learning
    Data analytics and machine learning algorithms are critical in identifying emerging fraud trends and patterns. These technologies can help spot anomalies and outliers that may signify the presence of a gray actor.
  4. Real-Time Monitoring
    Fraud prevention specialists should be monitoring both transactions and user activity. With real-time alerts, suspicious patterns can be flagged and investigated promptly.
  1. Two-Factor Authentication
    Two-factor authentication (2FA) is a simple yet powerful prevention tactic. This additional layer of verification, even in cases where a fraudster has acquired a user’s password, can make it significantly harder for gray actors to gain unauthorized access.


Gray actors pose a considerable challenge to businesses seeking to protect themselves and their customers from online fraud. With subtle tactics and deceptive approaches, they can remain hidden until it is too late.

Nevertheless, by leveraging cutting-edge technologies, analyzing user behavior and adopting multi-layered security protocols, online fraud prevention specialists can successfully spot gray actors and protect the digital landscape.

Vigilance, adaptability and collaboration are the keys to staying one step ahead in this ever-evolving war against cybercrime.

Until the general public joins the politicians and others who are speaking up, there may be little chance of mitigating the problem.

Social media companies have already shown their ability to algorithmically detect and block content that contains certain trigger words. Focusing such approaches on combating money muling could lead to much faster flagging and canceling of gray actor accounts.

After all, many people are already being scammed, but they keep quiet about it to save themselves embarrassment and stress. Suffice it to say, in light of gray actors’ involvement in money muling, a lot more societal awareness is needed.



Tamas Kadar is an entrepreneur and former founder of Central Europe’s first crypto exchange. When his enterprise was targeted by fraudsters, he pivoted to offering fraud prevention technology. His newest firm, SEON, where he is CEO, protects 5,000-plus companies worldwide and raised the largest-ever Series B funding in Hungary. 


BylawsCode of ConductPrivacy NoticeTerms of Use © 2024 Global Association of Risk Professionals