UK businesses under increasing attack by criminals as latest Cifas data reveals reported cases of fraud up 16%

Cifas, the UK’s leading fraud prevention service, has today released its annual Fraudscape report, detailing the latest data and intelligence recorded by Cifas members during 2021. The report reveals that a new case of fraudulent conduct was filed by organisations every 90 seconds on average, with over 360,000 cases recorded to the National Fraud Database - an increase of 16% on 2020. As a result, Cifas members saved around £1.3bn through prevented fraud losses in 2021.

Identity Fraud

Cases involving identity fraud increased by nearly a quarter (22%) in 2021 when compared to the previous year, with over 226,000 cases recorded to the National Fraud Database.

Banking and plastic cards were hit hardest by criminals abusing stolen details to apply for products and services. Fraudsters also focused their attention on loan products which saw a 39% increase in fraudulent activity, and are likely to continue to be targeted as a response to the rise in living costs.

Money Muling

A fifth of cases recorded to the National Fraud Database in 2021 relate to the misuse of facilities, which has grown by 17% to over 79,000 cases.

A large number of misuse cases related to bank accounts, with nearly three-quarters (72%) showing behaviours indicative of money mule activity, which increased by nearly a quarter (24%) to over 50,000 cases. Of these cases, a large number were aged 21-30 years - up 32%. There was is also a notable rise in those aged under 21, with cases up by 19%.

Facility Takeover

The majority of the remaining cases filed to the National Fraud Database were recorded for facility takeover fraud, with 37,000 instances recorded to the Database. Criminals focused their efforts on gaining access to existing accounts, particularly in relation to online retail and telecoms products. 2021 also saw a shift towards gaining access to existing plastic card accounts, which rose by nearly a fifth (19%).

Insider Threat

Nearly 270 cases involving employee or job applicant fraud were filed to the Internal Fraud Database in 2021. 2 out of 5 of these were in relation to dishonest actions by staff, such as by stealing cash or equipment from their employer. There was also a 10% growth in unsuccessful attempts made by job applicants who had lied in their application, with most of these individuals attempting to hide adverse credit or employment histories.

Mike Haley, CEO of Cifas, said: ‘Our latest figures show that businesses and consumers are currently facing a tsunami of fraud, and unfortunately I think things may get worse before they get better. The predicted rise in the cost of living will give criminals new opportunities to commit fraud, and I expect that consumers will be bombarded by increasingly sophisticated phishing attempts, including fake job offers, money-making opportunities and offers that are too good to be true.

‘Businesses will also find themselves under greater attack from fraudulent activity, with criminals increasingly looking for vulnerabilities in systems and processes. An attempt of identity fraud is made, on average, every two and a half minutes against businesses, and sadly when these attempts are successful, criminals can go on to use the proceeds to commit other criminal offences - and even finance terrorist activity.’

Amber Burridge, Head of Fraud Intelligence for Cifas, said: ‘Members of the public are at more risk than ever of falling victim to fraud and scams. It is important that they take proactive steps to protect themselves by thinking carefully when receiving an unsolicited call or email asking for money or financial details.

‘Anyone that believes they are being targeted by fraudsters or has been a victim of fraud must report it to Action Fraud and tell their bank immediately if they have supplied money or their financial details. Scam calls and texts can be reported to 7726 and emails to report@phishing.gov.uk. As a result of people using these channels, the National Cyber Security Service has removed over 76,000 scams across 139,000 URLs since April 2020, demonstrating the real impact that reporting this kind of activity can have.’

Notes to Editors:

Cifas’ full Fraudscape report will be available to view at www.fraudscape.co.uk from 00:01 on Thursday 28 April 2022. The report’s website will be updated quarterly with new data and intelligence from Cifas, our members and partners.

Included in the report is a video interview with Chris Haden, CEO of Engeneum, who was impersonated 22 times by criminals. A summary of Chris’ story can be found below.

Case Study – Chris Haden

Chris Haden, 62, is CEO of Engeneum, a provider of digital asset management solutions for businesses. In July, Chris received a text message from his bank to let him know they had blocked an online transaction he hadn’t made. He then received a text from scammers impersonating his bank, asking him to input his banking details to a website, which he ignored. Chris contacted his bank to let them know these attempts weren’t from him, and believed this would be the end of the impersonations.

Chris then received notification that a new direct debit had been created on his account, and then received a letter from his pension provider to say they had followed his instructions to move his pensionable age and to pay his pension in a lump sum, with payment to be made that day. Chris then looked at his credit report to find 112 credit searches had been completed against him, half of which were hard searches.

After contacting the organisations searching against his details, Chris discovered 22 attempts were made to impersonate him, with eight being successful. Included in this were two loans for £9,000 and £7,000, as well as spending £8,000 on a credit card and two new bank cards.

Many of the organisations made aware of Chris’ impersonation reported this to Cifas’ National Fraud Database to alert other organisations to the risk of identity fraud if they match to Chris’ details. Chris also took out a Cifas Protective Registration to place the warning flag against his name for two years.

Chris says this experience massively disrupted his life. After contacting the organisations where he had been impersonated, Chris had the loans and cards cancelled and references to these removed from his credit profile.

For further information:

press@cifas.org.uk

Contact us at press@cifas.org.uk