Threat actors across underground forums and chat groups are increasingly crafting structured fraud methods aimed at exploiting weaknesses in work processes of financial institutions. Rather than isolated or opportunistic scams, these discussions reflect an organized, process-driven approach that combines stolen identity data, social engineering, and knowledge of financial workflows.

Within these conversations, smaller institutions, particularly small-sized to mid-sized credit unions, are often referenced as more attractive targets due to perceived gaps in verification systems and limited fraud prevention resources.

Flare researchers recently identified a detailed loan fraud method circulating within one such underground group, outlining how attackers can move through credit checks, identity verification, and loan approval processes using stolen identities while avoiding traditional security triggers.

The approach does not rely on exploiting software vulnerabilities, but instead focuses on navigating legitimate onboarding and lending workflows as if the applicant were genuine.

The structure of the post reflects a methodical approach, breaking down the process from identity use to loan approval in a way that can be consistently replicated, pointing to a more organized use of fraud techniques.

A Process Built on Identity, Not Intrusion

At its core, this approach relies on obtaining sufficient personal data to convincingly impersonate a legitimate borrower. This includes identifiers such as names, addresses, dates of birth, and in some cases, credit-related details.

The process is all digitized, and the attacker is using false identity to submit for a loan. This distinction is critical: the attack does not “break the system,” but he exploits the flaws in its design.

A central component of the method is the ability to pass identity verification checks, particularly those based on knowledge-based authentication (KBA). These systems typically rely on questions derived from:

In practice, much of this information can be reconstructed or inferred from: publicly available data, social media profiles, previously leaked datasets, and aggregated identity records. 

This method highlights how attackers can anticipate and prepare for these checks in advance, effectively turning verification into a predictable step rather than a true barrier.

It demonstrates how what was once considered a strong identity control can quickly be learned, adapted to, and ultimately exploited by cybercriminals, who evolve their identity theft tools specifically to collect and bypass these requirements.

The Fraud Workflow – step by step

1. Identity Acquisition
   
   Stolen personal data is obtained, including full identity details and background information sufficient to impersonate a legitimate individual.

2. Credit Profile Assessment
   
   The attacker reviews the victim’s financial profile to determine loan eligibility and likelihood of approval.

3. Verification Preparation (KBA Readiness)
   
   Additional personal details are gathered to anticipate and correctly answer identity verification questions.

4. Target Selection
   
   Small- to mid-sized credit unions are selected based on perceived weaker verification processes and lower fraud detection maturity.

Advertisement

5. Loan Application Submission
   
   A loan application is submitted using the stolen identity, ensuring consistency across all provided data.

6. Identity Verification Passed
   
   KBA and standard checks are successfully completed, establishing legitimacy.

7. Loan Approval and Fund Release
   
   The institution approves the loan and releases funds through standard channels.

8. Fund Movement and Cash-Out
   
   Funds are transferred to controlled accounts, moved through intermediaries, and withdrawn or converted to complete monetization.

Why Small/Mid Credit Unions Are More Targeted

One of the more notable aspects of the method is its focus on smaller financial institutions. Rather than targeting large banks or highly secured fintech platforms, the approach explicitly leans toward small-sized to mid-sized credit unions, which are perceived as:

• More reliant on traditional identity verification methods 

• Less equipped with advanced behavioral fraud detection 

• More likely to prioritize customer accessibility over strict controls 

While not universally true, this perception alone is enough to influence attacker behavior, driving targeting decisions toward institutions believed to offer a higher success rate.

Recent industry reporting supports this trend. In auto lending alone, fraud exposure is projected to reach $9.2 billion in 2025, with smaller and regional lenders facing increasing pressure from organized fraud schemes.

Cash-Out and Monetization

Once a loan is approved, the operation shifts into its most critical phase – turning access into money. At this point, the attacker has already done the hard part: passing identity checks and establishing trust under a stolen identity. From the institution’s perspective, the process appears legitimate, and funds are released through standard channels just as they would be for a real customer.

The focus then moves to speed and separation. Rather than leaving funds in place, they are quickly moved away from the originating account, often through intermediary accounts that create distance from the source.

This stage overlaps with broader fraud ecosystems, where access to additional accounts and financial channels enables funds to be routed, split, or repositioned to reduce traceability.

What makes this phase particularly effective (and difficult to detect) is that each step mirrors normal financial behavior. Transfers, withdrawals, and account activity are not inherently suspicious on their own.

Instead, the risk lies in how these actions are chained together within a compressed timeframe, allowing attackers to complete the cash-out before detection systems or manual reviews can intervene.

Who is Most at Risk?

The method provides indirect insight into which individuals and institutions are most frequently targeted for identity theft.

• Individuals with Established Credit Histories – Attackers benefit from targeting individuals with strong or stable credit profiles, increasing the likelihood of loan approval.

• Digitally Exposed Individuals – Those with a significant online presence may inadvertently expose personal details that can assist in passing verification checks.

• Customers of Smaller Financial Institutions – Users of small-sized to mid-sized credit unions may face increased exposure if their institutions rely on less advanced fraud detection systems.

This loan scam method offers a clear example of how financial fraud is evolving. Instead of targeting systems directly, attackers are increasingly targeting the processes that surround them, leveraging identity, predictability, and trust to achieve their goals.

As these approaches become more structured and accessible, the line between legitimate activity and fraud continues to blur, making detection more complex and requiring a more adaptive defensive approach.

Learn more by signing up for our free trial.

Sponsored and written by Flare.

Lego and Star Wars have a long history together, and it’s clear that the relationship is as strong as ever. I got to play with the new Lego Star Wars Smart Play sets and, despite being a little gimmicky, they are a whole heap of fun.

The X-Wing build was a lot of fun, and I did get a kick out of the smart brick and the noise it makes. As you fly the X-Wing around, R2-D2 screams, and you can shoot lasers at the press of a button. 

It doesn’t add any bulk to the build either, just a simple brick that has a good volume and several accelerometers to add to the fun. One of the little buildings that comes in the box is an Empire laser turret that makes crashing sounds if you tip it over. It makes me giggle every time I do it.

The X-wing itself uses the brick to great effect. It makes all the movement noises as you fly around, but if you press the red button on top, it moves the brick forward, triggering the accelerometer and making the laser “pew pew” sound. Then, as it moves back into place, the NFC reads the R2-D2 tag and makes its noises as well. It really does work very well.

Overall, the $90 cost of the X-wing feels like a decent deal. The Smart Brick is not tied to the set you have, so it can be used in other sets eventually, and you get the X-wing and three mini sets to play with, too. Plus R2-D2, Leia and Luke minifigs that all make fun noises when they are near the brick. 

Refrigerators today run on the same basic technology as they did more than 100 years ago. You’d think we could have come up with something better by now.

And we have, but nothing has been able to dethrone cheap, reliable vapor compression — the process that’s keeping your milk cold today. One startup hopes to change that.

Barocal has developed an entirely new way of heating and cooling using nothing but an inexpensive solid material. Early prototypes are already as effective as existing refrigerator compressors, and the technology promises to use significantly less energy. Oh, and there’s no risk of leaking climate-warming gases, something that has plagued vapor compression.

To prepare the technology for market, Barocal has raised a $10 million seed round, the startup exclusively told TechCrunch. Investors in the round included World Fund, Breakthrough Energy Discovery, Cambridge Enterprise Ventures and IP Group.

Barocal’s core technology stems from research performed by Xavier Moya, the startup’s founder. “I’ve always been very interested in technologies for heating and cooling,” he told TechCrunch. He traces it back to his youth in Spain, where he would spend hours studying in a small, hot room. “I really remember when air conditioning came to the house — it was like wow!” he recalled.

As a professor of materials physics at the University of Cambridge, he focused on refrigerants of all kinds, though he became particularly fascinated by solid materials could capture and release heat simply by squeezing and stretching them. In one of his favorite demonstrations, he asks people to take an deflated balloon, hold it to their lips, and repeatedly stretch and relax it.

“If you stretch it, it gets hot. And then if you wait, when you let it go, it feels cold,” he said.

That same principle applies to the class of materials Barocal has developed, which is related to an organic material widely used in a range of industries, from plastics to paints. Normally, the molecules inside the material rotate freely. But when they’re compressed, the molecules stop rotating. Since heat, at its most basic level, is the movement of atoms and molecules, the reducing that movement causes the material to give off heat. Removing the pressure allows the materials to absorb heat.

Barocal uses these materials to transfer heat. In a refrigerator, for example, the material will pump heat from inside the fridge to outside, lowering the temperature for the food within. To transfer heat, the company flows water past the materials and then out to a radiator.

Because the materials are solids, gas leaks don’t pose a problem. In conventional refrigerators, the gaseous refrigerants either degrade the ozone later or warm the climate, depending on the type. Greenhouse gas-based refrigerants have become a particular concern since they can warm the climate over 1,000 times more than an equivalent amount of carbon dioxide.

Though Barocal’s technology can work at any scale, the company is studying large HVAC and refrigerators first, systems where the startup’s efficiency gains will make a noticeable dent in a customer’s bottom line. “We are looking at bigger commercial systems where I think we can we can make a bigger impact faster,” Moya said.

DoorDash on Monday added new AI-powered tools that let merchants speed up onboarding, edit photos to make dishes look better, and create websites based on their app listings.

The onboarding tool works similarly to the one Amazon launched in 2024. Merchants can point the tool to their website, from which it will automatically fetch information such as photos, store hours, and menu items to create a listing on the app. Merchants can review and edit all of this information before publishing the listing.

DoorDash has also revamped its video library. The library now lets merchants tag dishes in videos so that customers can order those items directly. The library also shows stats such as total views, video-driven sales, and new customer sales.

Restaurants are getting a few photo editing tools, too: AI Retouch can replace backgrounds, sharpen images, and optimize lighting without changing the dish; and AI Replate manipulates pictures of dishes so they look like they’re plated professionally, changing lighting and color. Merchants can also provide a reference image to apply a particular style to an existing image.

“At DoorDash, we’re constantly building tools to help merchants succeed, from their very first day on the platform, to every order after. These new tools reflect our belief that the right technology should remove friction, not add it, so merchants can focus on what they do best: making great food and delivering incredible customer experiences,” Brian Tolkin, head of merchant product at DoorDash, said in a statement.

The company is adding new features to its commerce platform as well, one of which lets restaurant owners spin up a website based on existing DoorDash content, such as menu items and photos. The company said during a test of the new feature, merchants saw order conversion rates of nearly 10% on average.

The company has also added a new marketing campaign builder that lets merchants automate content creation, email outreach and scheduling.

• Internal threats now represent more than half of cases, at 57%
• Employees’ devices and credentials are among the most targeted
• Companies should acknowledge this and tighten access for a quick fix

New data from Orange Cyberdefense has suggested the biggest risks companies face could now be coming from inside, with internal threats rising from 47% to 57% in the space of less than a year.

For the first time ever, internal threats have become more common that external ones, with hacking remaining pretty steady at 31% of attacks compared with employee misuse, which rose from 29% to 45%.

AI slop has already flooded video feeds, gaming debates, software code, and search results. Now the same low-effort machine-made content is moving into podcasts.

Music usually dominates the AI slop debate, but the podcast problem may be harder to spot and harder to clean up. AI tools can now create, upload, and even monetize entire shows far faster than traditional podcast studios.

`

Is podcasting becoming the next slop factory?

A Bloomberg report points to how quickly this is spreading. According to the Podcast Index, 10,871 new podcast feeds were created over roughly nine days, and about 4,243 of them, or 39%, were likely AI-generated. One AI podcast startup now says it has more than 10,000 active shows and published 877 new shows in only 48 hours.

Podcasting becomes especially vulnerable at that scale because discovery works differently from music. A low-quality AI song can be skipped in seconds, but podcasts rely heavily on search, recommendations, and trust. If feeds are filled with machine-made shows, listeners may have to work harder to find real hosts, original reporting, or actual conversations.

That pattern is already visible across other AI-hit formats. Video platforms are trying to deal with low-quality AI uploads while also promoting AI tools for creators. Gaming has seen backlash over AI-assisted visuals, with some players calling certain AI graphics features slop. Coding has a similar issue too. AI can help developers write more code faster, but that also means more bugs, weak fixes, security risks, and extra review work. In podcasts, the concern is not just volume, but also how easily that volume can be turned into money.

Who benefits when podcasts become automated?

Easy monetization is what makes podslop more than just a quality problem. Some hosting services allow free podcasts to join ad marketplaces with very few checks, so AI-made shows can still earn money from downloads even if the content is thin or barely reviewed. One platform shares 60% of ad revenue with creators, while another says it can pause ads or remove shows if they are found to be slop.

Apple Podcasts has at least started asking creators to disclose when a material part of a show uses AI. Spotify, on the other hand, relies on broader rules against misleading content and has not released a specific AI podcast policy yet. This leaves listeners and advertisers with a trust problem because AI has made audio easier to produce and harder to verify.

The Belgian pharma is buying a two-year-old San Diego biotech for $2bn upfront, the second TCE bet it has placed in months. The thesis: B-cell killers built for cancer can rewire how autoimmune diseases are treated.

Candid Therapeutics is two years old. It does not have an approved drug. Its lead programme has been tested in roughly 100 patients across multiple early-stage trials. On Sunday, UCB, the Brussels-listed pharmaceutical company, agreed to buy it for up to $2.2bn.

That kind of price for that kind of biotech needs an explanation, and the explanation, in 2026, has a name: T-cell engagers in autoimmune disease.

Under the agreement announced on 3 May, UCB will pay $2bn in upfront cash, with up to $200m in additional milestone payments tied to development and regulatory progress.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

The deal, is expected to close by the end of the second quarter or early in the third, subject to antitrust clearance. UCB has reaffirmed its 2026 financial guidance, which suggests it intends to absorb the transaction without recutting expectations.

It is the second time in a matter of months that the Belgian company has reached for the same therapeutic mechanism. In an earlier transaction, UCB licensed ATG-201, a CD19/CD3 bispecific from China-based Antengene, in a deal worth up to $1.1bn. The Candid acquisition lands on top of that and adds a different B-cell target.

What Candid actually has?

Candid’s lead asset is cizutamig, a bispecific antibody designed to bridge two cells: it grabs a T-cell on one end via CD3 and a plasma cell on the other via BCMA, the B-cell maturation antigen, instructing the T-cell to destroy the plasma cell.

The mechanism was developed for multiple myeloma, where killing rogue plasma cells is the entire point of treatment. The 2026 thesis is that the same engine can be repurposed to deplete the autoreactive B-cells and plasma cells driving autoimmune diseases such as lupus, myasthenia gravis, and a long list of less famous conditions in which the immune system attacks its own tissues.

According to UCB, cizutamig has now been clinically evaluated in over 100 patients combined across multiple myeloma and autoimmune indications, and is currently in Phase 1 studies across more than ten autoimmune diseases.

UCB describes it, in its statement, as a potential best-in-class BCMA T-cell engager for autoimmune disease, language that is both ambitious and conventional for press releases of this kind.

The reason buyers are willing to write nine-figure cheques on Phase 1 data is that the early autoimmune signals from this drug class, broadly, have been genuinely striking. Patients with severe disease have shown durable remissions after a single course of B-cell-depleting therapy, including in conditions where decades of small-molecule and biologic treatment have produced only partial control. None of this is yet definitive.

Late-stage data, larger cohorts, and longer follow-up will all be required. But the direction has been consistent enough that pharma boardrooms have begun pricing the modality as if it works.

Candid was founded in 2024 in San Diego, with backing from Two River Group and Vida Ventures and a launch financing of $370m. Its chairman, chief executive and president is Dr Ken Song, who previously led RayzeBio through its $4.1bn acquisition by Bristol Myers Squibb in late 2023. Building, scaling, and selling clinical-stage oncology and immunology biotechs is, in other words, what he does.

That history is part of what UCB is paying for. Buyers in this segment of the market are increasingly willing to underwrite management quality alongside molecule quality, particularly when the molecule’s commercial promise depends on disciplined trial design across a large number of small indications.

The valuation gap between the original $370m launch funding in mid-2024 and the $2bn upfront UCB is paying now, in cash, less than two years later, is a fair indicator of what investors think he and his team have built.

It is also a sharp reversal. In March, Candid had announced a reverse merger with Rallybio, a publicly listed but smaller rare-disease company, intended to take Candid public via a back-door listing. That transaction, by all appearances, has now been superseded. UCB’s offer was, presumably, the better one.

UCB’s purchase fits into a pattern that has become hard to miss. Over the past nine months, every major pharma company with an immunology presence has either bought, licensed, or partnered around T-cell engagers aimed at autoimmune disease.

Gilead acquired Ouro Medicines for $2.18bn earlier this year, picking up gamgertamig, another BCMAxCD3 engager. Sanofi licensed a trispecific from Kali Therapeutics in a deal worth up to $1.2bn. GSK paid $300m to license a CMG1A46 candidate from Chimagen for lupus. Prolium Bioscience launched in March with $50m to develop a CD20xCD3 engager. The list lengthens almost weekly.

Two facts explain the rush. The first is that the science, finally, looks like it might generalise; what worked in oncology to remove malignant B-cells appears to work in autoimmune disease to remove autoreactive ones, and the early human data are far better than the conventional pharmacology playbook predicted.

The second is that immunology is, by some distance, the largest pharmaceutical market in the world after oncology. Drugs like AbbVie’s Humira, before its biosimilar erosion, and Sanofi’s Dupixent are reminders that successful autoimmune therapies generate revenue at a scale to which only a handful of categories aspire.

If TCEs work in this setting, the prize is correspondingly large. If they do not, several of these deals will look expensive in retrospect.

Where the AI conversation does not quite fit

It is worth noting what is not driving the deal. Despite the surge of attention to AI-discovered medicines, from Google DeepMind spinoff Isomorphic Labs entering trials this year to ByteDance’s Anew Labs presenting its first AI-designed therapy and Anthropic paying $400m for a 10-person biotech startup to design protein-based drugs, cizutamig itself is a conventionally designed biologic.

It was discovered through licensing relationships and standard antibody engineering, not generative protein models. The molecules driving today’s autoimmune deal flow are, almost without exception, products of a previous decade’s chemistry.

AI’s promised acceleration in drug discovery has, so far, produced more announcements than approvals.

The Candid deal is, in that sense, a reminder that pharma’s largest near-term value creation is happening in molecules that were already in the pipeline before the AI hype cycle began. The next set of acquisitions, in two or three years, may well include AI-discovered candidates. This one does not need to.

What UCB now has, and what it has to prove

For UCB, the strategic logic is clean. The company is mid-sized in pharma terms, with a long-standing immunology franchise and a recent track record of opening up new therapeutic areas through targeted M&A.

Pairing the Antengene CD19xCD3 candidate with Candid’s BCMAxCD3 lead asset gives it two complementary B-cell-depleting mechanisms in a market that increasingly looks as though it will reward platform breadth rather than single-molecule excellence.

What UCB has to prove is execution. Phase 1 data in autoimmune disease are encouraging but thin. The competitive density is unusually high, with at least half a dozen large pharma companies pursuing similar mechanisms across overlapping indications. Pricing pressure, both regulatory and from payers, will hit any successful TCE the moment it nears approval. And manufacturing bispecific antibodies at scale is non-trivial. None of these is fatal. All of them are real.

By the time the deal closes this summer, the broader market may have adjusted its enthusiasm for the modality up or down. UCB has chosen to act before that adjustment.

Whether that proves to be timely or expensive will be visible in the Phase 2 readouts due over the next 18 months. For now, a two-year-old company that started as an autoimmune-disease bet by an experienced operator has been priced at $2.2bn, in cash, by a pharma company convinced that the bet is correct.