International Fraud Awareness Week is coming up in November (16th-22nd November), and it’s celebrating its 25th year. So (going by the emails in my inbox), now is the perfect time to start planning how your organisation will get involved.

There is a danger, though, that while raising awareness of fraud, we fall into a trap of regurgitating well-worn messages that ultimately fall on deaf ears. Fraud prevention doesn’t always mean firewalls, phishing testing, new password rules, or more red tape. Sometimes it means thinking outside the box.

I’d invite all organisations to use this year’s International Fraud Awareness Week to address the everyday vulnerabilities that people don’t always consider part of “fraud risk.” Here are three areas I’d encourage organisations to include in their focus this year:

1. Staff wellbeing & insider fraud. In my work with ex-fraudsters who once posed internal threats, like Jodie Gayet (you can see a podcast I filmed with her here), one theme comes up again and again: financial pressures and personal struggles make employees more vulnerable to crossing the line. One area many employers overlook is gambling addiction. Raising awareness, reducing stigma, and providing access to support can help protect both your people and your organisation. Prevention isn’t just about controls, it’s about care.

2. Mobile phone theft & staff safety. Authorised Push Payment (APP) fraud and account takeovers often start with something simple: a stolen phone. Criminals know that if they get past your mobile PIN, they often get the keys to your digital life. Encourage staff to treat their phone PIN like their bank card PIN – shield it, change it, and never share it. Consider simple initiatives like giving out phone security lanyards, or running awareness sessions on travel safety with devices. A little practical friction can prevent a lot of downstream fraud.

3. Responsible use of AI. Generative AI is now a daily tool for many employees, but do your teams know where the line is between safe use and risky use? International Fraud Awareness Week is a great moment to run short sessions on AI hygiene. What’s safe to input, what never to share, and how criminals themselves are already using AI to scale deception. Getting this right is about both productivity and protection.

Fraud thrives in the gaps between policies and people. International Fraud Awareness Week is an opportunity not just to talk about the risks, but to act on them in ways that build resilience and trust.

Awareness campaigns are only effective if they change behaviour. Fraud awareness isn’t about pushing information at people and hoping it sticks – it’s about shaping choices in the moments that matter. That means borrowing from behavioural science: using clear, memorable messages, providing timely prompts, and making the safe choice feel easy and natural. When building your campaign, think C.R.E.A.T.E (Stephen Wendel’s Model).

• Cue. A cue for users to think about what to do can either be internal or external. External cues happen when there is something in our environment triggering us to think about a certain action – This is your campaign! Internal cues are the result of our minds thinking about the action on its own, through some unknown web of associated ideas.
• Reaction. What will the automatic response to your campaign be? Shock, agreement, disbelief? Once the mind has been cued to think about a potential action, there is an automatic reaction in response. This reaction tends to be intuitive and automatic.
• Ability. Assuming the choice has been made to act, the question arises whether it is actually feasible to undertake the action. Wendel suggests that the individual must be able to act immediately and without obstacles – so it’s best to design calls for action that your audience can act upon immediately, like changing the PIN number on your phone. This can be done at your desk, and if your cue was compelling enough, your audience will see this as a very reasonable next step.
• Timing. When should you take the action? The decision when to take action can be taken based on a sense of urgency, and by other, less forceful factors. It’s always better to cue something that is useful now.
• Evaluation. After an initial intuitive response, there might be room for a more conscious evaluation of the action and of potential alternatives. This happens especially when we are facing novel situations, and we do not have an automatic behavior to trigger. Follow up with reinforcement, maybe gamifying or congratulating your audience for taking proactive steps.

Encourage your audience to talk about your campaign, and if possible, create collective moments rather than isolated engagement. This will create social proof– something fraudsters use against us all the time!! (but that is for another post).

If your organisation is looking for support, whether that’s staff training, tailored workshops, or a keynote to spark the conversation, I’d be glad to help. This is what I do: bringing criminological insight, lived experience research, and practical fraud-prevention strategies to life.