Fraud “becoming more complex and sophisticated” asserts Cifas

Following the launch of its half-year Fraudscape report, which details the latest fraud risk data and intelligence recorded by Cifas’ 750-strong member organisations, alarm bells have been raised around concerns about the ease with which criminals can access Artificial Intelligence (AI) and fraud toolkits in order to deceive UK businesses and consumers.

The data, recorded between January and June 2024, reveals the tactics favoured by fraudsters include spoofing, brand impersonations, phishing campaigns and using AI technologies to facilitate data harvesting and social engineering.

Facility (account) takeover

Cases of facility (account) takeover fraud filed to the NFD were up 99% compared to the same period in 2023, with over 37,000 cases in total. The most impacted age group are those individuals aged over 61 (25%), closely followed by those aged between 41 and 50 (23%). Online retail and telecoms sectors represent 36% and 40% (respectively) of all facility takeover cases.

Phishing remains a common tactic. Cifas members report that organised crime groups are executing high-quality and convincing brand impersonations – and using Remote Access Technology software to take control of a consumer’s device, while pretending to be customer service support – in order to dupe people into divulging sensitive data.

Cifas’ intelligence also shows criminals are increasingly aware of counter-fraud controls used by businesses and regularly change their tactics to avoid detection.

Identity fraud

More than 127,000 cases of identity fraud were recorded between January and June this year: a 4% increase on 2023. This was largely driven by significant increases in impersonation fraud in relation to mobile phones (up 102%), personal store cards (up 59%) and personal current accounts (up 19%).

Social engineering tactics using sophisticated spoofing and brand impersonation techniques are recurring themes in the cases of identity fraud filed to the NFD. In some cases, criminals have researched LinkedIn profiles to impersonate genuine employees at financial institutions and encouraged victims to divulge personal data or transfer funds.

Misuse of facility fraud

Over 37,000 cases of misuse of facility fraud were recorded in the first half of 2024. This represents a 9% rise on 2023. This is nearly one-fifth of all cases filed to the NFD (18%).

Misuse of company accounts rose 51% and personal loans increased by 109%. Cifas members have reported that individuals opened credit accounts with no intention of making payments (a common driver being the cost-of-living pressures).

In total, upwards of 11,000 false application cases were made to the NFD.

Exploiting new technologies

Mike Haley, CEO of Cifas, explained: “With almost 40% of all reported crime now acts of fraud, our data and intelligence demonstrates how concerned organisations should be at the ease with which criminals are able to obtain the tools they need to commit fraud at scale. Fraudsters continue to exploit new technologies such as AI and ‘Fraud-as-a-Service’. They abuse the popularity of social media platforms to defraud consumers and businesses.”

Haley added: “Combating fraud must be a national priority. It’s only through greater collaboration and the sharing of critical data and intelligence across all sectors including law enforcement, the private sector and Government agencies that we will be able to deal with the UK’s fraud emergency and keep business and people safe.”

*Download Cifas’ 2024 Fraudscape six-month report