Spectrum Equity

Ideas & Insights

Growth Insights| February 2026

The New Face of Fraud: A Conversation with Netcraft CEO Ryan Woodley

Netcraft CEO Ryan Woodley
Link to Netcraft portfolio page
Netcraft logo
Link to Netcraft portfolio page
Netcraft logo

Parag Khandelwal

Managing Director

Parag Khandelwal, Managing Director at Spectrum Equity, sits down with Ryan Woodley to discuss how AI is transforming the cybercrime landscape – and why the old playbook no longer applies.

Last year, Americans lost $470 million to text-message scams alone – more than five times the amount in 2020. The toll booth and DMV texts that flood our phones every week are just the tip of the iceberg. Behind them lies a sophisticated ecosystem of crime-as-a-service platforms, AI-powered tools, and threat actors who can spin up a convincing scam in minutes.

Ryan Woodley, CEO of Netcraft, has spent years on the front lines of this battle. His company takes down one-third of the world’s phishing sites – working with infrastructure providers across the globe to shut down attacks before they can do maximum damage. In this conversation, he breaks down what’s changed, what hasn’t, and why even the savviest among us are vulnerable.

The shifting scam landscape

Parag Khandelwal: I keep getting texts about unpaid toll booths. What is going on in the world of scams this year – and do they actually work?

Ryan Woodley: I wish it wasn’t the case, but it’s a daily topic of conversation. It wasn’t that long ago where, when we talked about scams, we’d be talking about websites that impersonated popular brands, or some poorly worded emails. That landscape has changed dramatically. We’re seeing scams in virtually every forum we interact with online – and they’re growing not just in scale, but in sophistication.

Khandelwal: Is it actually accelerating, or is it the same perennial growth you’ve been experiencing?

Woodley: It’s definitely accelerated. As we’ve experienced a revolution in tooling that’s supported our ability to defend better, threat actors have taken advantage of similar advancements to make their approach more efficient and effective. Pew Research found that 60% of Americans said they received a scam weekly, and a third of those, daily. I bet if we all looked at our junk email boxes, we’d see tons of scams on a daily basis.
How AI has changed the online fraud game.

Khandelwal: What’s driving this surge?

Woodley: The scams are far more compelling than they used to be. Years ago, the reason attacks were limited to the biggest brands and came in poorly worded emails is because we were still dealing with technology barriers and language barriers. AI tooling has really eroded those barriers. Threat actors with little to no technical sophistication – no native language skills – are able to develop and deploy scams within minutes that target millions of consumers.

It used to be cost-effective only to target the largest brands. With AI tools now, you can spin up a scam targeting the long tail of companies and word them in perfect English – or whatever the native language is.

Khandelwal: It feels like all of the elements required for a growth marketer are here – except it’s powering the other side.

Woodley: That’s funny in a bad way. As technologists, we embrace SaaS tooling for the innovation, efficiency, and cost-effectiveness. Criminals are no different. They’re profit-motivated, so they’re availing themselves of the same tools. It’s wild to think, but just as there’s a ChatGPT out there, there’s a FraudGPT that criminals are using to perpetuate their scams.

Khandelwal: Do these attacks skew any way demographically?

Woodley: A sad thing happened in our family not too long ago. My daughter fell victim to one of those smishing attacks. It wasn’t long before that that my mom did as well. So I think it covers the spectrum. There are certain populations that are especially vulnerable, but unfortunately, we see it across the age spectrum.

While the sophistication of the methods has evolved – the tooling, the infrastructure – the tactics themselves haven’t. They prey on our emotions, our sense of urgency, our deference to authority. Those toll texts say, “Pay this fine within 24 hours or your license will be suspended.” It’s coming from someone in authority, and it appeals to fear. Some of these scams are, “Mom, I’m in trouble. I need your help.” That’s very emotionally compelling.

Khandelwal: These attacks are more persistent, multi-headed, sophisticated. It seems like you and I could spend tonight and spin up an attack without any training – given the tooling available now.

Woodley: I think that’s why it spans the entire demographic spectrum. Deploying a scam today is as easy as a threat actor using a vibe coding tool to copy a website they want to replicate, using embedded tooling to translate their lure content, hosting it for cheap or free, and then using a crime-as-a-service platform with SIM banks – large pools of cellular SIM cards – to distribute that lure to tens of thousands or hundreds of thousands of consumers simultaneously.

Levelling the playing field: Faster speed, deeper investment

Khandelwal: How important is speed in taking down these attacks? Do they have a half-life?

Woodley: It makes a huge difference. We talk about the “window of victimization” – the time where the attack is available to be visited by a victim, where harm can occur. Hours and minutes matter. Our focus is on getting that as close to zero as humanly possible. Greater than 90% of visits to attacks happen within the first 24 hours. So the difference between taking down an attack in one or two hours, which is what we do, versus eight or ten hours is dramatic. The closer you can get to inception, the more you can minimize harm.

Khandelwal: How are you that much faster? What’s different?

Woodley: It’s not one thing. We’ve been doing this for 20 years. The power of the platform comes through the technology we’ve developed and the relationships we have with partners and infrastructure providers across the globe. We interact with thousands of hosts and registrars who have an interest in removing malicious activity from their platforms. Over the years, we’ve developed automated connections – custom integrations – where we send them evidence of the attack, and they use it to close down the account or take down the website. The vast majority of our takedowns use some form of custom integration. That’s the only way to drive takedown times to near zero.

Khandelwal: What do people do otherwise?

Woodley: You send an email to an abuse inbox and hope it works its way through the operations queue. They may reply back asking for more information. You may never hear back. Days and weeks go by, and at that point, you’re well beyond the window of maximum victimization – most of the harm has already occurred.

Khandelwal: You’ve talked about how AI is being used by defenders and by bad actors. Who’s the net beneficiary?

Woodley: Well, if more money is being lost to scams than is being spent on cyber defense, maybe that’s a macro indicator that there’s still more harm happening. We’re pretty bleeding heart about this. Our vision is to protect the world from cybercrime. It’s self-serving to say we need to continue to invest in defense – but the reality is, we’re not necessarily winning the global battle today. We need to invest more in leveling the playing field.

Khandelwal: You mentioned that both sides use similar tooling. Do they operate under similar rules?

Woodley: That’s exactly it – it’s not a level playing field. Legitimate companies operate in heavily regulated spaces. Criminals leverage technology in completely unregulated environments. That’s a structural disadvantage we’re working against, and it means we have to be more thoughtful, more intentional, and leverage every advantage we can identify.

How individuals can protect themselves

Khandelwal: Even for savvy people, this feels overwhelming. Any advice for the average person?

Woodley: A healthy dose of skepticism is always warranted. Know the tactics they use. If you get a call from someone saying they’re from your bank, hang up and call back the number you know. If you get an email that looks fishy, look at the header – look at the domain it was sent from. If you don’t recognize it, it’s probably not legitimate. If you receive a text with an offer that’s too good to be true from a number you don’t recognize – whether it’s an investment opportunity or a job – report it as junk. It probably is too good to be true.

Some tried and true strategies are still valid. You can still look at the URL in the address bar and check for misspellings or look-alike elements – O’s and zeros. Those are still tactics commonly used by fraudsters. But the reality is, you can’t always tell.

Netcraft has free tools available – browser extensions and a mobile app that blocks phishing sites, fake online stores, and crypto scams. You can also report a suspicious URL at report.netcraft.com, or email a fishy-looking email to scam@netcraft.com. We can check it for you.

Ryan Woodley is CEO of Netcraft, a UK-based cybersecurity company that detects and disrupts online fraud at scale. Parag Khandelwal is a Managing Director at Spectrum Equity, where he leads the firm’s European investment efforts and the London office. As of the date of this conversation, Netcraft is a current portfolio company of Spectrum Equity.

To improve readability, this interview has been edited for clarity and conciseness. These edits do not materially alter the meaning of the discussion.

The content on this site, including but not limited to blog posts, portfolio news, Spectrum news, and external coverage, is for informational purposes only and does not constitute investment advice. Use of any information presented is at your own risk. Spectrum Equity is not responsible for any content reposted above from any third party website, and has not verified the accuracy of any third party content contained above. Spectrum Equity makes no guarantees or other representations regarding any results that may be obtained from use of this content. Investment decisions should always be made in consultation with a financial advisor and based on individual research and due diligence. Past performance is not indicative of future results, and there is a possibility of loss in connection with an investment in any Spectrum Fund.

Inclusion in any third-party list, award, rating, ranking, or other recognition is not indicative of Spectrum Equity’s future performance and may not be representative of any investor’s experience. To the fullest extent permitted by law, Spectrum Equity disclaims all liability for any inaccuracies, omissions, or reliance on the information, analysis, or opinions presented.