One in eight workers (13%) admit to selling company logins, Cifas research reveals

• Further 13% of respondents say it is justifiable to sell access to an ex-colleague
• Insider risk increasingly shaped by culture, not just controls
• Training and access governance critical to reducing internal fraud exposure

New findings from the UK’s fraud prevention service, Cifas, reveal a worrying shift in attitudes towards insider‑enabled fraud, with 13% of employees saying they have either sold their company login details to a former colleague, or know someone who has, in the past 12 months.

For organisations, the normalisation of credential sharing significantly increases exposure to insider threat, cyber, and financial crime, by providing criminals with a trusted route into internal systems.

Cifas’ Workplace Fraud Trends report shows that 13% of respondents also believed selling access to company systems was ‘justifiable’. While three quarters (75%) said the act was completely unjustified, the level of acceptance suggests a growing complacency around internal controls and staff responsibility.

The research further shows almost one third of senior managers (32%) and one in three directors surveyed (36%) said the behaviour was justifiable. Among C‑suite executives, this figure rose to nearly half (43%). Business owners were the outliers – with four‑fifths (81%) saying selling login details was justifiable.

With World Password Day approaching on 7 May, the results serve as a timely reminder that effective fraud prevention relies not only on secure systems, but on strong access governance, regular staff training, and a clear organisational stance on misuse of credentials.

Rachael Tiffen, Director of Learning at Cifas, said: “Selling login details might seem insignificant to those involved, but it can open the door to serious fraud and financial harm. These findings show how vital it is for organisations to build fraud‑aware cultures, where employees at all levels understand their responsibilities and the consequences of their actions.

“Counter‑fraud training plays a central role in helping staff recognise manipulation, appreciate the risks associated with insider activity, and act with integrity when handling access to systems and data.”

Joby Carpenter, Fraud and Emerging Threats Lead at ACAMS, the anti-financial crime certification and intelligence company, added: “These findings point to an unsettling reality: for a meaningful minority of staff, selling company logins is no longer beyond the line – and that should concern every employer.

“The sale of credentials gives bad actors a ready‑made route into trusted systems and can enable fraud, cyber intrusion and broader illicit activity. Cifas’ survey suggests insider risk is not only persistent, but in some settings it’s becoming normalised. For firms, this underlines the need to treat insider threat as a core fraud and financial crime issue, supported by strong culture, proportionate controls, targeted training, and effective access governance.”

Discover more insights in Cifas’ Workplace Fraud Trends report.

ENDS

Cifas has a range of best-in-class products and services to help organisations tackle insider fraud, including:

• Insider Threat Protect helps target internal risks through data, intelligence, and learning.
• Cifas Fraud and Cyber Academy courses and the Digital Learning programme empower workforces with critical fraud prevention skills – adding a vital layer of protection.

Notes to Editors

For more information, please contact Hayley Paterson, Cifas Press and PR Manager, on 07494 751992 or press@cifas.org.uk.

About Cifas

Cifas is the UK’s leading not-for-profit fraud prevention service with nearly 800 members from across key economic sectors including banking, retail, insurance, and telecoms. Cifas protects businesses and individuals from fraud through the sharing of data and intelligence sharing between the private, public and third sectors. In addition to providing products and services – which helped businesses prevent more than £2.4 billion in fraud losses in 2025 – Cifas delivers specialist training through its Cifas Fraud and Cyber Academy and Digital Learning programme. Website | LinkedIn | X

Contact us at press@cifas.org.uk