Although identity fraud fell overall, five sectors reported increases compared with 2024. The biggest rises were in bank accounts (+5,372 cases, +10%) and insurance (+3,355 cases, +26%). Within banking, personal instant and easy-access accounts saw a dramatic 455% rise (+7,131 cases), suggesting threat actors are shifting towards the targeting of basic banking products using stolen or synthetic identities. In insurance, increases continue to be driven by motor insurance, which is up 26% year-on-year.

Plastic cards remain the most affected sector, accounting for 36% of all identity fraud. Personal credit cards are overwhelmingly the main target of these, representing 92% of filings. Communications and online retail are also significant, together making up 33% of all identity fraud cases.

Victims of impersonation are older with those over 61 most commonly targeted. Filings in relation to this age group rose by 13%, representing 29% of all cases. Those aged 51–60 follow at 21%. Identity fraud involving victims under 21 increased by 8%, linked to the greater willingness among younger people to share personal information online.

Our assessment indicates that online fraud will continue to become more sophisticated, supercharged by AI-powered impersonation, synthetic media, and accessible fraud‑as‑a‑service tools that are likely to ensure identity fraud and account takeover remain major threats. The use of synthetic identities is becoming industrialised, with criminals building convincing long-term profiles that blur the lines between real users and AI-generated imposters. At the same time, more individuals are selling or sharing their identity documents under financial strain, creating increased opportunities for misuse.

The bank account sector continues to be the main source of misuse filings (82% of cases), rising 44% in 2025 - driven largely by a 35% increase in filings in relation to personal current accounts. Payment fraud is now the largest category in this sector, accounting for 31% of filings, up from 20% in 2024.

Increasing bank account misuse reflects the evolving recruitment tactics of fraudsters, with victims  encouraged to pass on funds or share banking details. In some cases, personal information is being sold to criminal networks to support account opening and misuse.

Overall, payment fraud rose 239% during 2025 and now makes up 40% of all misuse filings, mainly driven by personal current accounts and credit cards. Evasion of payment is also up 22%, linked to high volumes of loan, asset, and credit card applications with no intent to repay.

Additionally, misuse cases in the communications (which includes telecoms) sector rose 106% in 2025, mainly due to mobile phone filings linked to evasion of payment. Although driven by a small number of members, this may signal a shift towards customers avoiding payment for everyday items.

1  Cifas’ research points to an increasing societal acceptance of first-party fraud, this is reflected in member data which also shows  increases in both payment evasion and broader account misuse. Misuse of personal money transfer accounts also increased +43%, suggesting criminals are expanding into other account types to avoid detection.

Cases primarily involved personal bank accounts, which accounted for 89% of money muling filings, as well as business bank accounts, which comprised 4% in 2025. This newly introduced Cifas filing category now enables muling activity to be more reliably tracked across an expanding range of facilities, such as personal credit cards, pre-paid cards and money transfer accounts.

The rising misuse of bank accounts reflects some of the many ways individuals receive fraudulent funds or give away their banking details.

Intelligence indicates that some people are actively selling their personal information to criminal networks, allowing them to construct credit profiles using some or all of that data and open accounts for illicit use.

Concerningly, 35% of Gen-Zs surveyed by Cifas have said they would transfer money to a stranger for a fee1. Although this group poses a risk, a high proportion of offboarded customers are aged 30–39, with increases also seen in those aged under 16, highlighting the need for impactful messaging to all. Separately, Cifas research also shows a fifth of individuals don’t believe that money muling is illegal, highlighting a lack of knowledge and understanding of the significant risks involved.2

intelligence from Cifas members highlights muling as a persistent threat, with diverse recruitment tactics ranging from job scams to customers receiving overpayments when selling items via online marketplaces. Social media is a key channel for luring new mules and advertising ‘quick money’ schemes. Although greater awareness might lead to criminals changing fraudulent techniques, recruitment tactics are predicted to remain focused on mimicking employment or business opportunities.

The telecommunications sector recorded the  greatest volume of account takeover cases. It now accounts for the majority of such cases (62%, previously 48%), driven by the  sustained rise in mobile phone-related filings.

The leading filing reason for account takeover in 2025 was ‘unauthorised addition of facility’ and ‘unauthorised security/personal details change’, with filings predominantly relating to  mobile phones, online retail, and personal credit cards.

There has been a notable rise in unauthorised SIM swaps (+38%). This increase appears to be driven by the growing availability of stolen personal data, and the use of more automated methods for compromising accounts.

Victims aged 61 and above are the most frequently targeted age range, accounting for 31% of cases, with filings in relation to this age group up 10% compared with 2024.

Criminals are  exploiting AI to enhance malicious communications and automate large-scale credential attacks, contributing to the rising threat of takeovers. Techniques such as hyper-personalised scams, deepfake audio targeting call centres and SIM hijacking are becoming more prevalent, enabling attackers to bypass authentication processes and mimic legitimate login behaviour, making unauthorised access harder to detect.

As methods become more advanced, SIM swap attacks are expected to continue rising, fuelled by widespread reliance on mobile-based authentication. Account takeovers are also becoming more integrated into multichannel operations, where criminals combine and enrich stolen data to maximise impact and financial return. As organisations strengthen their defences, attackers are increasingly focusing on stealth – disabling customer alerts, flooding inboxes, spoofing devices, and slowly altering profile details to blend malicious behaviour with normal user activity.

In 2025, 65% of false applications were received through online channels, down from 80% in 2024. This reduction is mainly due to a rise in false mobile app applications. The trend indicates a shift towards app‑based application methods, particularly in banking.

The bank account sector was the largest source of false applications (38% in 2025), though numbers have still fallen. Undisclosed adverse addresses were the most common filing reason, accounting for 46% of cases (up from 40%). In contrast, false document filings for personal current accounts decreased by 41%, reflecting reports from members around improved controls and greater investment in fraud detection tools.

The insurance sector recorded a 30% drop in filings, following unusually high volumes in 2024. This was mostly driven by the reporting of fewer cases from a small number of members.

Members reported that false applications are still  a major concern. Although often seen as a ‘victimless’ crime, first-party frauds such as these are becoming more common, contributing to rising prices and premiums. Independent Cifas research1  also shows a growing social acceptance of this behaviour. An example of this is the increase in filings relating to tenant referencing which increased by 263% driven by false and altered documents.

Those aged 25–342  are most likely to engage in first-party fraud, with behaviour driven by cost-of-living pressures, uncertainty at  what constitutes fraud, and greater exposure to advertising and  malicious content offering unrealistically attractive deals and rates.

Cifas members also reported widespread income and affordability manipulation, supported by realistic fake document websites. Risks are further heightened by AI-enabled document forgery and unregulated brokers posing as ‘application helpers’, with some fake documents reused repeatedly across multiple applications.

‘Dishonest action by staff to obtain a benefit by theft or deception’ is the most common case type and again accounts for the largest share of filings made to the ITD. Volumes increased by 28%, rising from 116 to 148. It now accounts for 48% of all cases. The most frequent filing reasons were abuse of company time or privilege (15%), false expenses submissions (13%), and theft of IT equipment (11%).

Internal controls and audits uncovered 45% of dishonest behaviour, with staff reporting responsible for a further 21%, highlighting the critical role of employee awareness and speak-up cultures.

‘False employment application – unsuccessful’ was the next highest volume and saw a notable increase on 2024 (+25%). As fraudulent job applications continue to rise, this underscores the need for strong pre-employment screening to stop unsuitable or high-risk individuals entering organisations. The most common issues were hidden adverse credit history (40%), followed by concealed employment history (20%) and concealed employment records (15%). Although formal filings remained steady, intelligence reports on false references  increased, often driven by reference houses selling fake work histories or training certificates —allowing candidates to bypass vetting and gain access to sensitive data.

Employee dishonesty is increasingly centred on abuse of company time and privilege. Although multiple/dual working is a growing risk area, interest in tackling it – especially in the private sector – is also growing. The rise of such social media-driven ‘overemployment’ contributes to performance issues, conflicts of interest, and potential data security risks.

Employees are also seeking to supplement income through a wide range of dishonest methods. This is reflected in more than 24 categories of filings – from inflated expenses to manipulation of reward schemes. As some organisations broaden staff benefits with only limited controls, there is a high likelihood these perks –such as staff discounts or loyalty rewards – will be exploited or resold for financial gain.

Online insider approaches, often disguised as legitimate networking on platforms like LinkedIn, are a growing blind spot for organisations. Those holding large volumes of personal data, including telecoms and banks, may be particularly exposed.