Terms explained:
National Fraud Database (NFD) - is used to share fraud risk information about actual or attempted fraudulent conduct against organisations.
Internal Fraud Database (IFD) - is used to share fraud risk information that specifically relates to individual staff members who tried to commit or committed fraudulent or other relevant conduct against or within an organisation.
Identity Fraud - when a subject abuses personal data to impersonate an innocent party, or creates a fictitious identity (synthetic identity), to open a new account or obtain a product.
Facility Takeover - when a subject abuses personal data to hijack an existing account or product - for example, a bank account or phone contract.
Misuse of Facility - the misuse of an account, policy or product, for example, allowing criminal funds to pass through an account or paying in an altered cheque.
Internal Fraud - fraudulent conduct or theft committed by an employee of the company or an individual applying to work for a company.
Vishing, Phishing, Smishing – an attempt to gain personal information (or persuade someone to do something) through the use of email, telephone and SMS communications.
Social Engineering - a method of manipulating people to reveal personal information about themselves or to persuade them to do something they would not otherwise do.
Money Mule - a person who (intentionally or unintentionally) transfers money acquired illegally, usually through their own bank account, on behalf of others.
BOT - a software application that runs automated tasks across the internet.Malware - software which is specifically designed to disrupt or damage a computer system.
Remote Access Software – allows a third party to access another computer remotely.
Welcome to this year’s edition of Fraudscape, which is key to understanding the challenges and threats we face as a community, and which areas we need to focus on to fight fraud together.
This report combines data from our National Fraud Database (NFD) and Internal Fraud Database (IFD), along with intelligence provided by Cifas members, partners and law enforcement. In 2021, Cifas members saved over £1.3bn through prevented fraud losses, but we know we can prevent and detect even more fraud by developing a better understanding of key fraud threats and enablers – which is the main purpose of this report.
Despite the obstacles brought about by last year, we recognise that 2022 brings its own unique challenges and threats. New ways of working as well as ongoing uncertainty around the UK economy and the rise in the cost of living will almost certainly provide a rich seam of opportunity for fraudsters.
In addition, those struggling financially may be tempted to commit fraud in order to generate additional income during these difficult times.
As the UK’s leading fraud prevention service, our role in protecting Cifas members, stakeholders and the public from fraud has never been more important. Now is the time for the fraud prevention community and the wider UK public to collaborate and deliver a targeted and proactive approach to stop fraud. Let’s take the fight to fraud.
What do the overall findings tell us?
The volumes of cases recorded to the NFD are close to pre-pandemic levels, with over 360,000 cases recorded in 2021.
Levels of identity fraud reached over 226,000 cases and account for 63% of all cases recorded to the NFD – a 22% increase (nearly a quarter) on 2020. Identity fraud continues to impact the plastic card and banking sectors but rises in the online retail and loans sector have also been identified.
The sophistication of cyber enabled attacks such as phishing and smishing continues to grow, as does the quality of false documentation provided to support the subsequent fraudulent applications. There is concern that the rise in living costs will encourage criminals to target loan products and deferred credit services and exploit organisations that have more relaxed lending criteria than others.
Misuse of facility accounts for just over a fifth of cases, with over 79,000 cases recorded, and is up 17% from 2020. The majority of cases relate to bank accounts, with 72% of cases (nearly three-quarters) holding intelligence indicative of mule activity. The significance of this can be seen in conjunction with the continued rise in scam activity and the requirement for an account to transfer funds obtained from those scams.
Of note, there has also been a rise in misuse of plastic cards, with the main filing reason being payment fraud. The sector may be increasingly targeted as a direct result of economic stresses due to rising living costs.
Levels of facility takeover declined slightly by 3%, but over 37,000 cases were still recorded. Although the majority of cases impact the telecoms and online retail sectors, 2021 saw a growth in cases in the plastic card sector. Advances in technology and an increased use of digital channels will continue to be exploited by criminals to target not only victims, but also organisations, in an attempt to gain access to accounts. With more people using online banking and mobile payments, criminals will seek to gain access to these existing accounts, particularly if credit providers tighten their lending criteria.
The insider threat remains a key concern. Although the number of individuals recorded for dishonest conduct has reduced by 7%, this is likely as a result of organisations not being able to conduct as many interviews and investigations into staff conduct through various lockdown measures. Of note is the growth in false employment application (unsuccessful), particularly in relation to concealing adverse credit or previous employment history.
As remote and hybrid working become the norm it is important that organisations conduct regular screening of staff and ensure offboarding processes are fit for purpose within these new working environments. Cases of theft of IT equipment have grown and intelligence has indicated increased numbers of employees forwarding sensitive information to either personal email addresses or email addresses associated with their role.
2021 saw over 360,000 cases of fraudulent conduct recorded to the NFD, which is close to pre-pandemic levels.
Identity fraud remains a key threat and the number of cases recorded has grown by 22% (226,000) in 2021.
Cases of misuse of facility accounted for over a fifth of cases (79,000) recorded in 2021.
A rise in the misuse of plastic cards has also been identified with the most common reason for filing being payment fraud. As living costs increase there is concern that volumes will increase.
Facility takeover accounted for 11% of cases on the NFD with a particular impact on the telecoms and online retail sectors.
Of concern is the growing rise in facility takeover cases involving plastic cards and bank account products.
The insider threat remains a significant concern. In 2021 there was growth in the number of false applications where individuals concealed adverse credit or previous employment. Organisations also face real challenges as remote and hybrid working become embedded with instances of employees abusing personal and sensitive information and the theft of IT equipment being identified.
What do the findings tell us?Identity fraud analysis:
2021 saw an increase in the use of synthetic identities to apply for products and services.
Smishing, phishing and vishing campaigns remain very effective in harvesting personal information.
False documentation and identity packages are becoming increasingly sophisticated.
Identity Fraud Case Study
Cifas Commentary
Digital engagement is a key concern for organisations ensuring identities are verified correctly online. This is due to a marked increase in the sophistication of cyber enabled attacks such as phishing and smishing and the quality of false documentation available.
Social engineering remains one of the preferred tactics to gain access to accounts and personal information. This includes the impersonation of financial institutions and criminals impersonating customers to an organisation in order to gain access to and information from accounts.
As technology makes it easier to use voice spoofing and deepfake technology, both consumers and businesses need to be cautious before releasing any financial or personal information and verify that they are really talking to who they believe they are.
As living costs continue to rise, consumers must be wary of offers that appear to be too good to be true where a criminal is looking to harvest personal and financial information. Businesses also need to bolster their defences, particularly those offering any deferred credit products such as loans or buy now, pay later as criminals will look to target them.
It is really important for both consumers and businesses to carry out thorough checks on who they are dealing with. Genuine businesses can be impersonated to dupe customers and service users to part with their life savings and their personal information. As we embark on this more digital world, it is vital businesses have good policies, systems and processes in place to safeguard themselves against threat actors in a world where online ID verification is becoming more challenging.
Identity fraud remains a key threat and the number of cases recorded has grown by 22% (to 226,000 cases) in 2021, accounting for 63% of all cases recorded to the NFD.
91% of identity fraud cases occurred via an online channel.
Although identity fraud mainly impacts the plastic card and banking sectors, the online retail and loans sectors have also been particularly targeted.
Attempts to access loan products saw a 39% increase, with unsecured personal loans heavily targeted. Although two thirds of attempts were not granted, loans will continue to be a target in light of rising living costs.
Overall, 24% of victims are aged over 61 and this age group is disproportionately targeted for plastic cards and bank accounts.
There has been a 53% rise in those aged between 31 and 40 years targeted for asset finance products and those aged between 51 and 60 years are more likely to be targeted for insurance products.
There has been a 7% rise in companies being impersonated, predominantly for telecoms or loans products.
Analysis Cifas Commentary identity fraud case studyMisuse of facility analysis:
Social media continues to be an enabler for recruiting mules.
Increasing access to online tools such as receipt/refund generators to support fraudulent conduct is of concern.
There are considerable links between mule activity and APP scams.
Mule accounts are being used to receive fraudulently obtained grants, loans and benefit funds.
Cashing out fraudulently obtained funds via cryptocurrency is increasingly concerning organisations.
Cashing out fraudulently obtained funds via cryptocurrency is increasingly concerning organisations.
Cifas Commentary
A real challenge facing organisations is the social perception of what constitutes fraud. In recent research carried out by Cifas, one in 13 people admitted to conducting fraudulent activity in the last 12 months.
17% of respondents to the survey believed money muling to be acceptable and 6% viewed making a false claim of non-delivery of a retail item acceptable. This perception, combined with the accessibility and availability of online services and guides on how to conduct fraudulent conduct, means challenging these perceptions will be essential in influencing the decisions individuals make in the face of financial adversity and rising living costs.
Social media remains a key enabler in the recruitment of mules due to its vast reach. There is however more work to be done to understand the source of illegitimate funds, the role of the account in transferring those funds and the ultimate destination and cash out.
Rising levels of money mule activity over the past year are a significant cause for concern. As ongoing uncertainty around the economy and cost of living increases bite, there is a need for the fraud prevention community to come together and coordinate fraud prevention messaging. We must deter consumers from being tempted by fraudsters offering easy money schemes and ensure they understand the consequences of engaging in fraudulent activity.
What anti-money laundering can learn from fraud prevention:
In the world of financial crime, money laundering and fraud often go hand in hand, but from a prevention perspective the two crimes, though related, are often dealt with in isolation – with fraud frequently allocated more resources and attention as financial institutions seek to protect themselves from losses.
Money laundering is often associated with serious criminal activities like drug trafficking and terrorism financing, but it’s estimated that more than fifty per cent of the world’s laundered funds actually originate from fraud, which begs the question – why are these interconnected crimes tackled in isolation?
These are two serious crimes, so what’s behind the vastly differing approach?
With fraud, there is a tangible risk of financial loss for individuals and organisations across all industries, with the burden of financial reimbursement often falling heavily on banks. Because of this, there’s a clear incentive to prevent financial losses associated with fraud across sectors, and the realisation of this has enabled private entities to put aside competition and work together to combat the challenges of fraud with joint initiatives that rely on intelligence sharing and transparency.
This open, collaborative environment does not yet exist for those tackling anti-money laundering (AML), whether in the financial sector or elsewhere where large sums of money are being used to buy real estate or high value goods.
Unlike fraud which negatively impacts a business's bottom line, laundered funds bring in an estimated $1.86 trillion into the global economy annually, and so the clear opportunity for profits can often overshadow the more opaque threat of regulatory fines and sanctions.
In other words, the lack of regulatory and legal enforcement means there’s not as much incentive for organisations to continue allocating resources to investigate suspicious transactions once compliance checks have been satisfied. Coupled with this, there is currently a lack of legal clarity around the permitted sharing of money laundering data between regulated entities, which limits those organisations that wish to share and do more to combat money laundering.
However, it doesn’t mean that criminal activity isn’t occurring, and that innocent people aren’t having their lives ruined as a result of such crimes. For example, instances of money muling increased by 38% during the pandemic. Fraudsters essentially took an opportunity to exploit the vulnerabilities of those impacted by job losses during the pandemic, luring them into sharing their bank account information with false job advertisements.
A shift in perception and incentives
However, should greater emphasis be placed on investigating suspicious activity beyond current compliance requirements, more can be done to prevent further crimes and financial losses; as laundered funds are distributed throughout the financial system in a series of transactions that appear to be legitimate, it’s often the case that those funds go on to facilitate further instances of mass fraud, and more serious crimes such as people smuggling, drug trafficking and terrorism.
Due to the serious nature of these crimes, greater incentives are needed to ensure that preventing money laundering isn’t solely regarded as a compliance goal, but essential to business success and continuity.
How this is done is the challenge facing governments and law enforcement – the industry needs stronger means of deterrence, which could be tougher penalties and enforcement of laws and regulations, the removal of board and executive staff, the revocation of practising licences, and increasing public awareness to the atrocities that negligence facilitates.
But the financial sector can’t rely on governments and law enforcement to solve this problem – to be successful in combatting money laundering and preventing criminal activity, the industry must come together to tackle the challenge itself – as it’s proven can be done with fraud.
Cross-sector collaboration, facilitated by smart technology.
Unlike fraud, the anatomy of anti-money laundering compliance failures over the past two decades has been identical. If teams from different industries come together to collectively share wisdom, new intelligence and develop joint prevention strategies – then it’s possible to have a significant impact in preventing the financing of criminal activity.
In order to do this, there needs to be a way to quickly share data and intelligence between organisations – as laundered money moves quickly through the financial system, and delays in decisive action can have serious consequences.
Organisations can look to fraud prevention tactics as a model for how this could be best achieved. Secure sharing of transactional data for the purposes of crime prevention, as is done in the United Kingdom with fraud prevention organisations like Cifas, is a positive step forward to preventing the high harm crimes that money laundering enables.
It’s also important that industries move away from manual processes and adopt new technologies that pool existing data to provide real-time risk analysis on both new and existing accounts. This level of transparency, combined with competent people and risk-based processes, will ultimately be key in helping tackle financial crime across the board, enabling industries to more confidently avoid risk and ensure continued profitability and success.
Stephen Platt, Founder and CEO, Riskscreen
Misuse of facility accounts for just over a fifth of cases, with over 79,000 cases recorded and up 17% on 2020.
Most misuse cases are in relation to bank accounts (88%) and these have increased by a third.
72% of misuse on bank accounts has intelligence that indicates mule activity and these cases have risen by 24% in 2021 compared to 2020. Although the majority of cases are in relation to personal accounts, there has been a 24% increase in the abuse of company accounts for this type of activity.
A large proportion of subjects recorded for this type of activity are aged between 21 and 30 years. However, there has also been a 19% rise in those aged under 21 years.
The rise in cases indicating mule activity may be aligned to ongoing problems with authorised push payment fraud (APP). Mule accounts are often needed to transfer funds gained from illegal activities such as scams and then transferred on to facilitate serious and organised crime.
Analysis Cifas CommentaryCifas Commentary
2021 saw an emergence in the use of malware to attack devices to harvest personal and financial information. Popular tactics included smishing texts themed around NHS COVID testing as well as delivery rescheduling.
Malware is also deployed through malicious links received through smishing attacks or through downloadable apps. It is essential that both businesses and consumers regularly run antivirus and antimalware on all devices to check for such malicious software.
More people than ever are using digital channels for online and mobile banking and this presents considerable opportunities for phishing attacks. As well as socially engineering victims to reveal passcodes, criminals are employing call redirection tactics to allow them to impersonate customers and respond to organisations to verify fraudulent activity as genuine.
Advances in technology and an increased use of digital channels will continue to be abused by criminals to target not only individuals, but also organisations, in an attempt to gain access to accounts. A high proportion of account takeovers still come via telephony channels, which are often perceived as the weaker link and may be targeted by the growth in voice spoofing technology.
Leaving the Back Door Open - How phone channel fraud works
There are fundamentally three channels’ criminals exploit to attack banks - as Pindrop CEO Vijay Balasubramaniyan has been narrating over the years. The first and most “traditional” being physical robbery that is (largely) prevented using security systems and trained personnel; the success rates in this scenario are very low and are progressively de-incentivising armed robbers and other forms of physical attacks. The second and most “common” attack is the digital breach. Fraudsters armed with valuable information and strategies will penetrate various infrastructure components starting from the perimeter all the way into the networks’ core systems. The success rate in this scenario is statistically higher but what makes this even more attractive is the ability to hide identity. To counteract, Banks have been conducting significant investments in this space using advanced cybersecurity technologies that have put them in an advantageous position against cyberattacks. As a result, this has pushed criminals to target the least discussed and often overlooked side of the business: the telephony space. With higher success rates and even lower identity risks, this has become a greenfield for fraudsters across the banking world. Without a physical threat or advanced capabilities in cybersecurity, someone with the right pieces of information can steal money right over the phone.
The phone channel is often favoured by fraudsters to either gain information or access customer accounts through social engineering, which simply means tricking contact centre agents into revealing something they shouldn’t or coaxing the agent into verifying a fraudster as a customer. Phone channel security is often reduced to asking secret questions, also known as knowledge-based authentication questions (KBA). Organised crime rings attempting to social engineer their way to account takeover, are often more prepared to answer these questions than their customers. Pindrop’s data shows that fraudsters tend to pass such questions with success more than half of the time whereas the true customer forgets the correct answers 20-40% of the time. Additionally, contact centre agents are often measured on the quality of customer interactions, so being overly suspicious or asking lengthy security questions only counts against their job performance ratings. Agents aren’t typically trained in identifying deception, and the techniques used by fraudsters are designed to not arouse suspicion.
Fraudsters are very well prepared. Through data breaches, personal information is available on the dark web in droves. Crime syndicates will buy this data that contains account numbers and other personal info readily available across social media networks. They compile this information on their target victims and collate enough information to bypass ineffective security like KBA’s, OTP’s (one-time passcodes) that can be easily obtained through social engineering techniques, or other subversion tools like spoofing and voice altering. Once a bad actor gains access to an account once, they can not only move money, but also change other information like email addresses, approve authorised users or change policies.
Even if you have the best online security, nothing protects the phone channel beyond easily discoverable information or easily socially engineered one time codes. The fraudster will use the phone channel as an entry point and even enable easier access to the more heavily guarded online or mobile channel. The phrase has become a bit cliche, but ‘locking the front door, but leaving the window open’ is an appropriate summon of poor phone channel security. Cringe at the cliche, but make sure the security isn’t equally cringe inducing. With most things in life the proper remedy takes a bit of effort. Updating policies and information sharing are of the utmost importance, but technology developed and deployed by experts represents the key for effective consistent protection against organised crime syndicates.
Pindrop
Facility takeover analysis
Social engineering coupled with sophisticated number spoofing and vishing attacks remains a significant threat.
Criminals are deploying impersonation attacks not just on consumers by posing as financial institutions or service providers, but also as the customer to the legitimate business.
There has been a rise in the sophistication of the cyber-attacks. By using bots, criminals are targeting organisations in an attempt to infiltrate and harvest accounts or to respond to consumer enquiries on social media.
Over 37,000 cases of facility takeover were recorded in 2021, similar to 2020 levels. Although the majority of cases impact the telecoms and online retail sectors, 2021 saw 19% growth in cases in the plastic card sector.
Overall, a large proportion of cases have occurred online (47%) or through telephony channels (43%).
A large number of the cases recorded are in relation to unauthorised security or personal detail changes to the account. There has been a rise in unauthorised facility upgrade particularly targeting the telecoms sector. Victims have been duped into believing they are talking to their provider and are coerced into agreeing to false upgrades so criminals can fraudulently obtain handsets.
Overall, a large proportion of victims of takeover tend to be aged over 41 years. Those aged between 31 and 40 years are more likely to be targeted for online retail products, whereas those aged between 41 and 50 years are more likely to be targeted for telecoms products.
Analysis Cifas CommentaryCifas Commentary
Remote and hybrid working have provided real challenges for organisations over the past two years. Instances of work avoidance and inflated overtime have been identified following the introduction of home working and flexible working arrangements.
An unexpected side effect of remote and hybrid working is that it has enabled offboarding employees to steal both commercial and personal data and IT equipment.
A significant concern is the rise in insider threat as a service, where individuals are actively recruited to work in particular roles to carry out dishonest activity and exploit policies and procedures. There are also individuals advertising their insider knowledge on forums in a bid to earn additional money at their employer’s expense.
Organisations must ensure that as agile working agreements develop and increase in popularity, their policies and procedures are fit for purpose. Increases in the cost of living may further tempt staff members into committing dishonest conduct or becoming more vulnerable to staff approaches. It is therefore essential to have appropriate monitoring in place to audit employee behaviour and ensure wellbeing checks are carried out regularly, so that organisations are equipped to assess the true risk the insider threat poses to them.
With high levels of scrutiny for every penny spent at Councils, it’s vital that Local Authorities take the threat of internal fraud seriously. At Lambeth Council during 2021-22 we’ve used Cifas’ data to identify eighteen job candidates who posed an internal fraud risk to us, having previously been identified by other Cifas members as being involved in fraudulent conduct. By managing this risk, we’ve helped to protect public funds from ending up in the pockets of criminals, enabling us to continue to provide the vital services our community depends upon.
Insider threat analysis:
The main concerns for organisations are the challenges around remote and hybrid working and ensuring that appropriate policies and procedures are in place.
Staff approaches (including online approaches) are a continued risk to organisations.
There is growing concern around offboarding employees as individuals may be working their notice period in a remote environment. This has given some staff the opportunity to take advantage by stealing equipment and/or accessing information that they should not have access to.
Insider threat as a service is also an emerging threat where individuals either offer their services to support fraudulent transactions or are recruited to do so.
Why do people commit insider fraud?
The COVID-19 pandemic has seen employees switch to home working, and this has subsequently exposed businesses to an increased risk of ‘insider fraud’.
A knock-on effect of COVID-19 will see fraud committed for a variety of reasons. Employees may have a partner who has lost their job or been furloughed and only receiving 80% of their salary and so out of desperation will have the motivation to commit fraud as a way of keeping a roof over their head and food on the table. Working from home has provided the perfect opportunity for employees to collaborate with organised crime gangs to divulge confidential data to be sold on the dark web. Companies who have a ‘no mobile phone’ policy in the office have no way of controlling that when it comes to an employee working at their dining table. Disgruntled employees will have the motivation and rationalisation to commit fraud because they do not believe it is fair that they need to return to the office to work whilst a shielding colleague can continue to work from home with no commuting expenses or time. We have heard of many companies supporting employees throughout the pandemic and keeping them happy by sending them well-earned treats in the post. Whilst employees like to receive these goodies, employers know that they need to ensure that they have a happy workforce as this can minimise the likelihood of an employee ‘going rogue’.
Of course there has to be a degree of trust or a business cannot operate, and so it is crucial that organisations have a robust counter-fraud culture and internal controls to deal with internal fraud. For this to become established within any organisation, all staff must buy into the reasons why combating fraud is important. They need to understand where the boundaries are between what is and is not acceptable, and see that preventing and dealing with fraud is an integral part of everyone’s role within the organisation.
Having a Learning Strategy in place is the bedrock of creating a counter fraud culture, and demonstrates the tone from the top - from fraud awareness and identifying red flags, to career progression for those undertaking investigations as well as those responsible for gatekeeping functions like Internal Audit, Compliance and Human Resources.
The Cifas Fraud & Cyber Academy has courses looking at why people commit insider fraud, the psychology of fraudsters and how to spot the signs of internal fraud. You can find more details about these as well as our full range of courses here:
Cifas Insider Fraud Specialist Programme | Cifas Academy
Rachael Tiffen, Director of Public Sector and Training, Cifas
Nearly 270 individuals were recorded to the Enhanced Internal Fraud Database in 2021. 41% of cases were in relation to dishonest actions, with the majority of filings in relation to theft of cash from the employer.
There has been a rise in theft of IT equipment. This may be due to reduced controls to monitor staff who are working in a remote or hybrid environment. There have also been examples of staff exiting a business and not returning items provided to them. Most individuals worked within branch or within the contact centre.
False employment application (unsuccessful) accounts for 39% of cases and has increased by 10% since 2020. A large number of filings were in relation to hiding information on applications, such as adverse credit history, concealed address with adverse and concealed employment history.
Overall, a large proportion of those recorded are aged between 21 and 30 years. However, there has been a noted increase in those aged between 41 and 50 years being recorded. There was a 27% increase in those aged between 41 and 50 for dishonest actions. 87% of these people had been in employment 10 years or more.
There was a 33% increase in those aged 31 to 40 for unlawful obtaining or disclosure of commercial data. 57% had been in employment for over 10 years.
Analysis Cifas CommentaryVolumes of cases recorded to the NFD are close to pre-pandemic levels, with over 360,000 cases.
Identity fraud volumes reached over 226,000 cases and account for 63% of all NFD cases – up 22% from 2020.
The sophistication of cyber enabled attacks such as phishing and smishing continues to grow, as does the quality of false documentation provided to support subsequent fraudulent applications.
There is a real concern that due to the rise in living costs, criminals will look to target loan products and deferred credit services and exploit those who have more relaxed criteria than others.
Misuse of facility accounts for just over a fifth of cases, with over 79,000 cases recorded, and is up 17% on last year. The majority of cases are in relation to bank accounts, with 72% of cases holding intelligence indicative of mule activity.
There has also been a rise in misuse on plastic cards, with the main filing reason of payment fraud. The sector may be targeted in light of economic stresses experienced in the UK due to rising living costs.
Facility takeover has declined slightly by 3%, but 37,000 cases were still recorded.
2021 saw a growth in facility takeover cases in the plastic card sector.
Insider threat still remains a key concern. 2021 saw a growth in false employment application (unsuccessful), particularly in relation to concealing details of adverse credit and/or employment history.
Organisations must ensure that as remote/hybrid working agreements develop and increase in popularity, their policies and procedures are fit for purpose.
The increase in the cost of living may tempt staff members into committing dishonest conduct or becoming more vulnerable to staff approaches. It is therefore essential to have appropriate monitoring in place to audit employee behaviour and ensure wellbeing checks are carried out regularly.
A significant concern is the rise in insider threat as a service, where individuals are actively recruited to work in particular roles to carry our dishonest activity and exploit policies and procedures.
Recommendations
It is important that we all report fraud. Only through reporting can we fully understand the nature and scale of the threat the UK faces and adjust our response accordingly. Find out how to report below.
Report scam emails here
Report scam texts here
Report a scam website here
Report Fraud at www.actionfraud.police.uk
It is important that we all report fraud. Only through reporting can we fully understand the nature and scale of the threat the UK faces and adjust our response accordingly. Find out how to report below.
In uncertain times and with rising living costs many people may be tempted to commit fraud. It is important that we coordinate our messaging to deter people and ensure they understand the consequences of engaging in fraudulent activity.
Members of the public are at more risk than ever of falling victim to fraud and scams. It is important that we encourage the public to take proactive steps to protect themselves as outlined in the Take 5 campaign.
Businesses should ensure that they have robust cyber risk management protocols in place to protect themselves and their customers. There is a variety of information and tools that can support business and a selection are listed below.
Press
For any press enquiries please contact press@cifas.org.uk
About Cifas
Cifas is the UK’s fraud prevention community. For over 30 years we have worked with hundreds of organisations to stop fraud and our community is made up of hundreds of organisations from across the sectors, including most banks, credit providers and telecommunication companies. We lead the fight against fraud by sharing data and intelligence, and provide a secure and established home for:
Trusted data of unparalleled depth and diversity – hosting the largest databases of fraud risk in the UK.
Dynamic intelligence to understand the fraud threat landscape now and in the future.
A vast network of organisations and people with a stake in fraud prevention.
Accredited education and trusted training for organisations and individuals.
If you are interested in joining Cifas click here
For more information about our Fraud and Cyber Academy click here
This year will be the first time we regularly update information to Fraudscape over the course of the next 12 months. If you would like to receive notifications when new content is added to Fraudscape let us know here
Join us on the 5th May for our Fraudscape launch webinar where our expert panel will be debating the key themes emerging from this year’s report. Register your interest here