A fraud indicator is a red flag or a specific data anomaly signaling that a scam is underway, has already occurred, or is in the planning stages. Think of these indicators as the digital breadcrumbs that illicit actors inevitably leave behind.

Historically, fraud fighters have relied on two primary categories of indicators:

• Behavioral Indicators: These focus on actions. Examples include a user logging in from an anomalous geolocation or a customer exhibiting uncharacteristic urgency during a wire transfer.
• Transactional Indicators: These focus on hard data. Examples include sudden spikes in high-value purchases, “structuring” (deliberately breaking large deposits into smaller chunks to avoid detection), or an account suddenly receiving transfers from multiple unrelated sources.

Civoryx disrupts this traditional binary by introducing a third, highly proactive category: Search-Based Indicators. Rather than waiting for an anomalous transaction or a compromised login, this metric measures the collective “noise” of potential victims searching for answers—often surfacing the threat before the crime is ever completed. By the way, Civoryx has been tracking global fraud search behavior since 2019.

How does the Scam Trend Score differentiate between a highly successful scam and a highly visible but unsuccessful one?

The short answer is: it doesn’t. This is the most critical distinction for any risk professional using the index. The Scam Trend Score measures attention momentum, not confirmed financial loss or incident volume.

When a keyword like “EZ pass scams” surges by +5,685%, it indicates that millions of people are receiving fraudulent text messages and immediately turning to search engines to investigate. Ironically, this massive spike in search volume often means the intended victims are suspicious and verifying the threat—which implies the scam is likely failing on those specific users. Conversely, a highly sophisticated, targeted spear-phishing campaign aimed at corporate executives may result in massive financial losses but will never generate enough decentralized search volume to trigger the Civoryx index.

Therefore, the score should always be treated as a leading context indicator of threat visibility and distribution scale, which must be overlaid with internal case data and actual loss metrics to determine the scam’s success rate.

Why is it necessary to weight month-over-month (MoM) growth by absolute search volume, and how did the 2022 expansion impact this?

Weighting by absolute volume prevents statistical noise from skewing the global threat picture. If a highly obscure, niche fraud term jumps from 10 searches to 100 searches in a month, that represents a massive 900% MoM increase. However, allowing that 900% spike to heavily influence the aggregate score would create a false panic, as the real-world impact is virtually zero. By weighting the velocity against absolute search volume, Civoryx ensures that established, high-impact threats (like seasonal tax fraud, which currently contributes 75.74 to the index) anchor the score.

The 2022 expansion from 80 to 150 keywords made this weighting system even more vital. By nearly doubling the tracking lexicon to include highly specific, platform-centric exploits (like niche cryptocurrency or regional toll scams), Civoryx introduced more volatile, low-volume terms into the ecosystem. The volume-weighting mechanism acts as a critical stabilizer, allowing researchers to track these hyper-specific emerging threats without them artificially artificially inflating the broader Scam Trend Score.

Given the divergence between rising infrastructure smishing and falling generic queries, how should compliance teams adjust their immediate defensive strategies?

The data reveals a stark narrative shift: generic awareness queries (like “is this a scam” falling 55%) are dying, while hyper-specific infrastructure impersonation queries (like “toll scam text” rising 2,361%) are exploding. This divergence signals that threat actors have largely abandoned broad, untargeted spam in favor of highly plausible, low-dollar-value, SMS-driven attacks designed to harvest payment credentials via lookalike portals.

For risk and compliance teams, this means generic customer education campaigns (e.g., “Don’t click suspicious links”) are no longer sufficient. Defensive strategies must pivot to match the attackers’ specificity. Practical adjustments include:

• Targeted Friction: Temporarily tightening transaction monitoring rules for low-dollar, first-time card payments that fit the profile of a fake toll or DMV fee.
• Contextual Alerting: Pushing highly specific, in-app notifications warning users about the exact text phrasing currently surging in the index (e.g., “Beware of texts claiming you owe a $4.50 toll balance”).
• Reassessing SMS Trust: Acknowledging that telecom network filtering for smishing is lagging, and proactively assuming the customer base is currently inundated with plausible SMS threats.

Civoryx has been tracking global fraud search behavior since 2019, built on the principle that transparency is a powerful deterrent.

Conclusion

The Civoryx platform remains free and fully public because, in a digital economy, accessible information is our strongest defense. By moving past traditional, lagging indicators and focusing instead on the real-time velocity of search data, the Global Fraud Index provides the one critical advantage the industry has been missing: foresight.