Hijack of existing consumer services increases, as Cifas reports 9% rise in 2023

Criminals are turning more to targeting existing consumer services in 2023, with telecom, online retail and plastic card products particularly under attack.

In its latest Fraudscape report, Cifas – the UK’s leading fraud prevention service – details that its members recorded nearly 278,000 cases to the Cifas National Fraud Database in the first nine months of 2023.

Of this, more than 30,000 cases related to facility takeover – a 9% increase compared to the same time-period in 2022. Facility takeover – also known as account takeover – happens when criminals compromise personal data to hijack an existing product. The latest data from Cifas shows that:

• 42% of facility takeover cases concerned telecoms products (up 71%), and 24% concerned online retail. Facility takeover is also up 11% against plastic cards
• 59% of hijacks occurred via online channels, 18% through telephony channels
• People aged 61+ were more likely to be targeted over any other age group, with just over a quarter (26%) falling victim – a rise of 8% compared to the same timeframe in 2022.

Impersonating banking staff remains a key tactic, with criminals calling victims under the guise of a suspicious transaction being identified within their account. They then persuade the individual to provide personal and financial information or share their screen to access accounts. As a result, they are able to hijack existing consumers services, often upgrading the innocent party’s phone contract to obtain the latest phone handset, purchase goods through their online retail account, extend credit or take out new loans.

Amber Burridge, Head of Intelligence for Cifas, said: ‘Criminals are specifically targeting victims’ existing financial products and services, a development which could be in response to lenders reacting to a challenging economic climate by tightening their affordability checks on new customer applications.

‘They are also pinpointing contact centres where they can socially engineer staff and gain access to accounts. A favoured tactic is taking advantage of remote working employees who may find it more difficult to identify a fraudulent call.

‘Criminals continue to explore new ways in which they can profit from the most vulnerable point in the chain and often that means exploiting a trusting person on the other end of the phone. With key dates coming up – such as Black Friday and Christmas – there will likely be a spike in these types of calls that people receive, so we urge consumers to remain vigilant and never give away personal or financial information.’

Further figures from the National Fraud Database in the first nine months of 2023 show just over 178,500 cases of identity fraud have been recorded – accounting for 64% of total cases. Misuse of facility is also up 3% (nearly 54,000 cases) compared to the same timeframe in 2022.

Four ways to protect yourself from facility takeover fraud:

1. Destroy unwanted documents including bills, bank statements or post that is in your name, preferably by using a shedder.
2. Request copies of your personal credit report from a credit reference agency on a regular basis to check for any entries you do not recognise.
3. Provide as little personal information about yourself on social media as possible and only accept invitations from people you know.
4. Use a redirection service when moving to a new home such as the one provided by the Royal Mail as well as informing your bank, card company and other organisations you have accounts with of your new address.

If you have been a victim of identity fraud or suspect you are ‘high risk’, you can apply to be on the Cifas Protective Registration service which costs £30 and lasts for two years. This places a flag next to your name and personal details in the secure National Fraud Database so that companies and organisations – who have signed up as members of the database – can see you are at risk and take extra steps to protect you.

ENDS

Notes to Editors

For more information, please contact Hayley Paterson, Cifas Press and PR Manager, on 020 4551 7072 or press@cifas.org.uk.

About Cifas

Cifas is an independent, not-for-profit membership organisation that protects businesses and individuals through effective and secure data and intelligence sharing between the private, public and third sectors. In 2023, Cifas member organisations prevented around £1.3 billion of fraud losses. 

Cifas data is included in the Office of National Statistics England and Wales Crime Statistics of police recorded crime and works alongside law enforcement agencies in tackling fraud.

Website | LinkedIn | X

Fraudscape

Fraudscape is Cifas’ annual report which combines data from its National Fraud Database (NFD) and Internal Fraud Database (IFD), alongside intelligence provided by Cifas members, partners and law enforcement. Download the Fraudscape 2023 nine-month update here.

Contact us at press@cifas.org.uk