Terms explained:
National Fraud Database (NFD) - is used to share fraud risk information about actual or attempted fraudulent conduct against organisations.
Internal Fraud Database (IFD) - is used to share fraud risk information that specifically relates to individual staff members who tried to commit or committed fraudulent or other relevant conduct against or within an organisation.
Identity Fraud - when a subject abuses personal data to impersonate an innocent party, or creates a fictitious identity (synthetic identity), to open a new account or obtain a product.
Facility Takeover - when a subject abuses personal data to hijack an existing account or product - for example, a bank account or phone contract.
Misuse of Facility - the misuse of an account, policy or product, for example, allowing criminal funds to pass through an account or paying in an altered cheque.
Internal Fraud - fraudulent conduct or theft committed by an employee of the company or an individual applying to work for a company.
Vishing, Phishing, Smishing – an attempt to gain personal information (or persuade someone to do something) through the use of email, telephone and SMS communications.
Social Engineering - a method of manipulating people to reveal personal information about themselves or to persuade them to do something they would not otherwise do.
Money Mule - a person who (intentionally or unintentionally) transfers money acquired illegally, usually through their own bank account, on behalf of others.
BOT - a software application that runs automated tasks across the internet.Malware - software which is specifically designed to disrupt or damage a computer system.
Remote Access Software – allows a third party to access another computer remotely.
I am pleased to welcome you to this year’s edition of Fraudscape, which is key to understanding the challenges and threats we face as a community, and which areas we need to focus on to fight fraud together.
This report combines data from our National Fraud Database (NFD) and Internal Fraud Database (IFD), along with intelligence provided by Cifas members, partners and law enforcement. In 2020, Cifas members saved over £1.4bn through prevented fraud losses, but we know we can prevent and detect even more fraud by developing a better understanding of key fraud threats and enablers – which is the main purpose of this report.
The COVID-19 pandemic made 2020 one of the most challenging years the fraud prevention industry has ever faced. The UK lockdown in March 2020 meant that organisations had to adapt quickly, with many moving their businesses online and their staff to remote working. Consumers were also seriously impacted, with the large majority relying on the internet to buy goods, talk to their friends and family, and use services such as online banking. Fraudsters were quick to take advantage of these changes. Throughout the pandemic we have seen criminals target businesses, the government and consumers to abuse stimulus packages and grant relief funds in order to steal personal and financial information to facilitate identity fraud and create malicious campaigns around false vaccinations and false tests.
Only now are we starting to see the impact that the pandemic and its economic fallout have had on levels of fraud in the UK. Early signs indicate that fraud levels will surpass the pre-pandemic levels recorded by Cifas in 2019, and comparisons with the 2008 financial crisis suggest that later this year levels of identity fraud and misuse of facility will increase.
As the UK’s leading fraud prevention service, our role in protecting Cifas members, stakeholders and the public from fraud has never been more important. Now is the time for the fraud prevention community to collaborate, so we can focus on the threats we face together and deliver a targeted and proactive approach to stop fraud.
What do the overall findings tell us?
2020 was clearly one of the most challenging years our industry has faced yet Cifas members still recorded nearly 310,000 cases of fraudulent conduct.
Once again, identity fraud and misuse of facility were important challenges, accounting for 82% of the total cases recorded by members in 2020. COVID-19 has played a key role as a driver of identity fraud in enabling some of the personal information harvesting during this period. COVID-19 related content such as applying and paying for false vaccinations and false tests, and applications for stimulus packages and grant relief funds, has dominated malicious campaigns during the past year.
The abuse of bank accounts has accounted for a large proportion of the cases recorded, with many indicating behaviours that could be associated with money muling. COVID-19 and stimulus packages have also been key drivers for recruitment of mules with business accounts being used to launder funds. This trend has increased over the last year and concerns have been raised as to alternative methods being used by mules to “cash out”, particularly during the lockdown – for example using cryptocurrency.
Facility takeover grew significantly last year, enabled by social engineering techniques such as phishing and smishing. The telecoms and online retail sectors have been heavily targeted, and intelligence indicates activities such as false adverts and spoofing of brands were key in harvesting information to take over accounts.
Despite lower levels of recruitment in 2020, there have been noticeable filings of dishonest actions such as theft from the employer and customer, as well as a rise in the number of individuals recorded for disclosing personal information to third parties. With many organisations forced to move quickly to enable remote working for employees and many choosing to make the switch permanent, there is potential for individuals to be approached to access information they should not. It is essential that organisations invest in understanding the vulnerabilities they have in relation to a remote workforce.
2020 was one of the most challenging years we have faced, yet Cifas members still recorded 309,849 cases of fraudulent conduct to the NFD, which is one case every two minutes.
Identity fraud and misuse of facility were important challenges, accounting for 82% of the total cases recorded in 2020.
Facility takeover grew significantly last year, with the number of cases recorded rising by 21% on 2019.
Despite lower levels of recruitment, there were notable filings of dishonest actions and disclosing personal information to third parties.
Despite the pandemic and economic situation impacting filing volumes, the first six months of 2021 do show a 13% increase in the number of cases recorded to the NFD compared to the same period of 2020.
What do the findings tell us?Identity fraud analysis:
Social media continues to be used to harvest personal and financial information. For example, online quizzes designed to collect detailed personal information.
Bespoke identity packages advertised on the dark web are being used to enable false applications for products and services.
Smishing, phishing and vishing campaigns impersonating delivery services such as DPD and Royal Mail and public bodies such as HMRC to socially engineer individuals to reveal personal and financial information remain a concern.
A rise in family impersonation fraud – particularly to obtain asset finance, loans or credit file related products – has been identified.
The Future of Identity:
With the pandemic pushing many services to go digital, it isn’t surprising there has been an increased effort across the public and private sector to look at how people in the UK prove who they are online and enable them to create a “digital identity”.
There are lots of ways in which this happens today, however the processes are completed in silos, meaning you can only use that digital identity with your bank, or only use it with government. This is expensive for organisations, and not a great experience for users as they must provide information multiple times to different organisations - not to mention the issue of managing all those usernames and passwords.
In the UK there is no national “scheme” or “framework” which supports people in reusing their digital identity. For example, you cannot currently use a digital identity which you have proven with your bank to then open an account with government, or vice versa.
McKinsey have estimated the benefits of extending full digital ID coverage in the UK could unlock economic value equivalent to 3 percent of GDP in 2030.In a post-pandemic world where many more services will be provided online, the need for digital ID will be greater, and in an economy that has taken a tumble, 3% GDP is likely worth having.
Developing a national digital identity program has been work in progress for several years. GOV.UK Verify was developed under the Government Digital Service (GDS), but despite best efforts, was unable to attract enough users to make it viable long term. Since then, the guardianship of developing a national digital identity program has been passed to the Department for Digital, Culture, Media & Sport (DCMS), who have for the last 18 months been working on how to put this into practice.
In 2020, DCMS published a call for evidence which was a consultation to understand what the private sector needed from government in this area. Since then, the DCMS have published the UK Digital Identity and Trust Framework.
But what exactly is a trust framework?
A trust framework is not something new: it is simply a term to describe a set of rules and standards which organisations agree to follow. If an organisation was part of a digital identity trust framework, then you can be confident that the organisation is following standards and agreed requirements to safeguard data, protect your privacy, and prevent fraud.
The UK digital identity and attributes trust framework produced by the DCMS sets out requirements so that organisations know what ‘good’ identity verification looks like. There are also rules for:
• Making sure products and services are inclusive;
• Security;
• Privacy and data protection; and
• Fraud management.
At Cifas these developments are incredibly important to us, and we have been an instrumental part of the work developing the rules around fraud management in the framework. Looking at the ways in which fraud could enter this kind of framework will be an imperative, as will ensuring those risks are managed effectively.
The next iteration of UK Digital Identity and Attributes Trust Framework Alpha is likely to be published during summer 2021 with further government consultation in September 2021.
Cifas will continue to be an active participant in the work being completed by the DCMS because we believe strongly in the benefits of collaboration in the fight against fraud. Enabling consumers in the UK to benefit from a digital identity scheme will not only improve their user experience and security but could also help protect them from the devastating impacts of identity fraud.
Emma Lindley, Cifas
Cifas Commentary
Identity fraud is still a priority area, particularly for banking and plastic cards. Rising levels of impersonation of companies throughout the pandemic mean verification checks will continue to be essential for the private and public sectors. It is highly likely that organised crime groups will continue to target companies if further provision is offered to business to support the economy, as well as using these measures to mask money laundering activities.
Synthetic identities pose a moderate risk to organisations. The increased dependency on digital channels means the onboarding process needs to be tightened to identify these types of identities in light of the vast personal information available online, but the full threat has not yet been fully established.
“These identity fraud findings demonstrate how fraudsters changed their tactics as a result of the pandemic. With organisations restricting new business, criminals placed less focus on impersonating innocent individuals to create new accounts, and instead targeted pre-existing facilities. Despite organisations investing heavily in new technologies to combat identity fraud, criminals will always be on the lookout for new and emerging ways to steal money and information.”
“Sadly, early signs suggest identity fraud levels will surge as the economy recovers, but a vital defence against fraud is in the sharing of information between organisations. Cifas provides an excellent platform for businesses to share data and intelligence to protect themselves and their customers from the devastating impacts of fraud.”
185,578 cases were recorded in 2020, which is a 17% reduction compared to 2019. However, the first six months of 2021 do show a 11% increase on the same period in 2020.
A large proportion of identity fraud victims were aged between 31 and 40 years and 51+.
The plastic card and banking sectors were the most affected, with a slight rise for online retail.
2020 also saw a 23% increase in companies being impersonated. This may be due to the abuse of stimulus package offerings aimed at supporting businesses through the pandemic.
Analysis Cifas Commentary The Future of identityMisuse of facility analysis:
Popular social media platforms are playing a more prominent role in mule recruitment. Videos have included subjects rapping instructions for fraud “methods” and opportunities to feature in music videos in exchange for card details.
Children are receiving messages on social media offering exclusive content in exchange for their parents’ credit card details.
Adverts requesting students to open bank accounts with fintech banks for the purposes of mule activity have been discovered. Adverts include cash bonuses for opening accounts with more than five different providers.
Cifas Commentary
Misuse of bank accounts is a priority area and is likely to be a major threat, not just to the banking sector, but also to loan and asset finance providers as criminals look to alternatives to launder funds.
Social media is a key enabler for recruiting mules with more than two thirds of the UK population using a social media platform.
The pandemic has also changed how mules ‘cash out’ funds. Cashing out via cryptocurrency assets and wallets has become attractive to criminal networks due to the anonymity this provides.
Post-pandemic, there are concerns that attitudes to fraud may shift as individuals believe it is acceptable to claim they are unaware of transactions on their cards or that products they ordered were never delivered.
“Money muling is another name for money laundering and criminals are using people, including the young, as mules to transfer stolen money through their accounts in increasing numbers. The banking industry is working closely with law enforcement to identify, arrest and charge those criminal gangs responsible for recruiting money mules and to raise awareness amongst susceptible groups. Banks also have sophisticated systems in place to detect suspicious transactions, and when they identify a money mule account it will be closed and reported to the authorities.”
“Letting your bank account be used to transfer money given to you by someone else makes you a money mule, and if you’re caught your bank account will be closed and it will be difficult to open an account elsewhere. Through our Don’t Be Fooled campaign, we’re urging young people and students not to give their bank account details to anyone unless they know and trust them, and to remember that if an offer of easy money sounds too good to be true, it probably is.”
What anti-money laundering can learn from fraud prevention:
In the world of financial crime, money laundering and fraud often go hand in hand, but from a prevention perspective the two crimes, though related, are often dealt with in isolation – with fraud frequently allocated more resources and attention as financial institutions seek to protect themselves from losses.
Money laundering is often associated with serious criminal activities like drug trafficking and terrorism financing, but it’s estimated that more than fifty per cent of the world’s laundered funds actually originate from fraud, which begs the question – why are these interconnected crimes tackled in isolation?
These are two serious crimes, so what’s behind the vastly differing approach?
With fraud, there is a tangible risk of financial loss for individuals and organisations across all industries, with the burden of financial reimbursement often falling heavily on banks. Because of this, there’s a clear incentive to prevent financial losses associated with fraud across sectors, and the realisation of this has enabled private entities to put aside competition and work together to combat the challenges of fraud with joint initiatives that rely on intelligence sharing and transparency.
This open, collaborative environment does not yet exist for those tackling anti-money laundering (AML), whether in the financial sector or elsewhere where large sums of money are being used to buy real estate or high value goods.
Unlike fraud which negatively impacts a business's bottom line, laundered funds bring in an estimated $1.86 trillion into the global economy annually, and so the clear opportunity for profits can often overshadow the more opaque threat of regulatory fines and sanctions.
In other words, the lack of regulatory and legal enforcement means there’s not as much incentive for organisations to continue allocating resources to investigate suspicious transactions once compliance checks have been satisfied. Coupled with this, there is currently a lack of legal clarity around the permitted sharing of money laundering data between regulated entities, which limits those organisations that wish to share and do more to combat money laundering.
However, it doesn’t mean that criminal activity isn’t occurring, and that innocent people aren’t having their lives ruined as a result of such crimes. For example, instances of money muling increased by 38% during the pandemic. Fraudsters essentially took an opportunity to exploit the vulnerabilities of those impacted by job losses during the pandemic, luring them into sharing their bank account information with false job advertisements.
A shift in perception and incentives
However, should greater emphasis be placed on investigating suspicious activity beyond current compliance requirements, more can be done to prevent further crimes and financial losses; as laundered funds are distributed throughout the financial system in a series of transactions that appear to be legitimate, it’s often the case that those funds go on to facilitate further instances of mass fraud, and more serious crimes such as people smuggling, drug trafficking and terrorism.
Due to the serious nature of these crimes, greater incentives are needed to ensure that preventing money laundering isn’t solely regarded as a compliance goal, but essential to business success and continuity.
How this is done is the challenge facing governments and law enforcement – the industry needs stronger means of deterrence, which could be tougher penalties and enforcement of laws and regulations, the removal of board and executive staff, the revocation of practising licences, and increasing public awareness to the atrocities that negligence facilitates.
But the financial sector can’t rely on governments and law enforcement to solve this problem – to be successful in combatting money laundering and preventing criminal activity, the industry must come together to tackle the challenge itself – as it’s proven can be done with fraud.
Cross-sector collaboration, facilitated by smart technology.
Unlike fraud, the anatomy of anti-money laundering compliance failures over the past two decades has been identical. If teams from different industries come together to collectively share wisdom, new intelligence and develop joint prevention strategies – then it’s possible to have a significant impact in preventing the financing of criminal activity.
In order to do this, there needs to be a way to quickly share data and intelligence between organisations – as laundered money moves quickly through the financial system, and delays in decisive action can have serious consequences.
Organisations can look to fraud prevention tactics as a model for how this could be best achieved. Secure sharing of transactional data for the purposes of crime prevention, as is done in the United Kingdom with fraud prevention organisations like Cifas, is a positive step forward to preventing the high harm crimes that money laundering enables.
It’s also important that industries move away from manual processes and adopt new technologies that pool existing data to provide real-time risk analysis on both new and existing accounts. This level of transparency, combined with competent people and risk-based processes, will ultimately be key in helping tackle financial crime across the board, enabling industries to more confidently avoid risk and ensure continued profitability and success.
Stephen Platt, Founder and CEO, Riskscreen
68,083 cases of misuse of facility were recorded last year, which, despite the 19% reduction from 2019, still accounts for more than a quarter of cases recorded. However, the first six months of 2021 do show a 23% increase on the same period in 2020.
The main product overwhelmingly targeted for misuse is bank accounts, which make up just over three quarters of misuse cases. 78% of cases involving the misuse of bank accounts have intelligence that indicates money mule activity.
A high proportion of adults aged 21 to 30 years were identified in cases where intelligence indicates mule activity.
There was a 26% increase in misuse of company accounts, which may be linked to the abuse of stimulus packages.
Analysis Cifas Commentary What can AML learn from fraud preventionCifas Commentary
Levels of fraudulent conduct involving account takeover grew significantly during the pandemic as existing accounts were targeted, enabled by social engineering techniques such as phishing and smishing.
The telecoms and online retail sectors have been highly targeted, and intelligence indicates activities such as false adverts and spoofing of brands played an important role in harvesting the right information to take over victims’ accounts.
Intelligence also suggests that the telephony channel was perceived as an easier target as 44% of facility takeover cases were carried out via the telephone route.
With threat actors perceiving telephony channels as the weakest link – it is easier to socially engineer a person than it is to socially engineer technology – it has never been more important for businesses to educate their staff and ensure their telephony defences are as robust as their digital channels.
“The pandemic was a catalyst for consumer digitalisation and the findings from this year’s Fraudscape summarise the effects of the global increase of consumer personal data online. The findings detail the concerning rise in facility takeover, and over the past year Cifas intelligence has recorded an increase in phishing, smishing, data breaches and spoofing attacks against consumer demographics.”
“For sectors such as telecoms, banking and online accounts, the effects can be noted, with a significant increase in ‘victims’ filed to the database over the reporting period. Post-pandemic, ‘fraud’ and ‘cybercrime’ should be reviewed as one. Fraudsters have leveraged data-sharing on the dark web and digital forums to further their criminality.”
“Cifas has supported members with the fight against cybercrime, ensuring we collaborate to detect and prevent – highlighting that data sharing is key to fighting the rise of facility takeover noted this year.’’
Leaving the Back Door Open - How phone channel fraud works
There are fundamentally three channels’ criminals exploit to attack banks - as Pindrop CEO Vijay Balasubramaniyan has been narrating over the years. The first and most “traditional” being physical robbery that is (largely) prevented using security systems and trained personnel; the success rates in this scenario are very low and are progressively de-incentivising armed robbers and other forms of physical attacks. The second and most “common” attack is the digital breach. Fraudsters armed with valuable information and strategies will penetrate various infrastructure components starting from the perimeter all the way into the networks’ core systems. The success rate in this scenario is statistically higher but what makes this even more attractive is the ability to hide identity. To counteract, Banks have been conducting significant investments in this space using advanced cybersecurity technologies that have put them in an advantageous position against cyberattacks. As a result, this has pushed criminals to target the least discussed and often overlooked side of the business: the telephony space. With higher success rates and even lower identity risks, this has become a greenfield for fraudsters across the banking world. Without a physical threat or advanced capabilities in cybersecurity, someone with the right pieces of information can steal money right over the phone.
The phone channel is often favoured by fraudsters to either gain information or access customer accounts through social engineering, which simply means tricking contact centre agents into revealing something they shouldn’t or coaxing the agent into verifying a fraudster as a customer. Phone channel security is often reduced to asking secret questions, also known as knowledge-based authentication questions (KBA). Organised crime rings attempting to social engineer their way to account takeover, are often more prepared to answer these questions than their customers. Pindrop’s data shows that fraudsters tend to pass such questions with success more than half of the time whereas the true customer forgets the correct answers 20-40% of the time. Additionally, contact centre agents are often measured on the quality of customer interactions, so being overly suspicious or asking lengthy security questions only counts against their job performance ratings. Agents aren’t typically trained in identifying deception, and the techniques used by fraudsters are designed to not arouse suspicion.
Fraudsters are very well prepared. Through data breaches, personal information is available on the dark web in droves. Crime syndicates will buy this data that contains account numbers and other personal info readily available across social media networks. They compile this information on their target victims and collate enough information to bypass ineffective security like KBA’s, OTP’s (one-time passcodes) that can be easily obtained through social engineering techniques, or other subversion tools like spoofing and voice altering. Once a bad actor gains access to an account once, they can not only move money, but also change other information like email addresses, approve authorised users or change policies.
Even if you have the best online security, nothing protects the phone channel beyond easily discoverable information or easily socially engineered one time codes. The fraudster will use the phone channel as an entry point and even enable easier access to the more heavily guarded online or mobile channel. The phrase has become a bit cliche, but ‘locking the front door, but leaving the window open’ is an appropriate summon of poor phone channel security. Cringe at the cliche, but make sure the security isn’t equally cringe inducing. With most things in life the proper remedy takes a bit of effort. Updating policies and information sharing are of the utmost importance, but technology developed and deployed by experts represents the key for effective consistent protection against organised crime syndicates.
Pindrop
Facility takeover analysis
Large scale criminal forums with thousands of members offering subscription based products such as personalised social engineering scripts/recordings and deep fakes are of concern.
Posts selling personal data or “dumps” including personal banking logins, compromised accounts and full identity profiles have been regularly identified.
Continued instances of paid adverts directing consumers to malicious websites to harvest personal information.
An increase in victims receiving calls from a “security team” requiring access to their account where the customer is encouraged to hand over a one-time password sent to their phone has been increasingly reported.
38,421 cases were recorded last year, which is a 21% increase compared to 2019. However, the first six months of 2021 do show a 14% increase on the same period of 2020.
44% of cases were carried out via telephony channels, and there was a 22% increase in this type of activity suggesting that there may be a perception that telephony channels are weaker.
41% of products are taken over within two weeks of the product being applied for. This is highly prevalent for bank accounts and telecoms products.
Analysis Cifas Commentary Leaving the back door openCifas Commentary
The insider fraud threat remains a priority for Cifas and its members. Despite lower levels of recruitment in 2020, there have been noticeable filings of dishonest actions such as theft from the employer and customer, as well as a rise in the number of individuals recorded for disclosing personal information to third parties. In some cases, employees have been identified advertising knowledge of internal processes and systems in return for payment.
With many organisations forced to move quickly to enable remote working for employees and many committing to that way of working in the future, there is potential for individuals to be approached to divulge information they should not It is essential that organisations invest in understanding the vulnerabilities they have in relation to a remote workforce.
Organisations will need to consider risks such as reduced supervision of staff and external factors such as financial pressures brought about by the economic situation that may make staff more susceptible to engaging in dishonest conduct.
“Fraudscape highlights the continued risk of internal fraud to employers and their customers. The pandemic has had a seismic impact on the labour market, especially on back office roles, yet we see the continued presence of internal fraud. Additionally, remote working and financial pressures for households across the UK pose a great threat to employers and society at large. This is a threat that businesses – working alongside organisations such as Cifas – have a responsibility to help overcome."
Insider threat analysis:
There are increasing instances of employees advertising their knowledge of internal processes and systems online in forums in return for payment, as well as employees working remotely, falsely claiming additional overtime and expenses.
There is potential for a rise in falsified references, qualifications and employment history as the job market becomes more competitive. Attitudes already suggest that as many as 30% of job applicants include fake references on CVs.
Organisations adopting agile working longer term will need to consider a range of issues around poor cyber security measures, threats posed by use of personal devices, phishing emails, business email compromise and data breaches. They will also need to understand the risk of reduced supervision of staff, segregation of duties and broader access to sensitive information.
External factors such as financial pressures resulting in coercive pressure from family or cohabiters to engage in dishonest conduct, as well as gambling and drug addictions, have been identified as contributing factors to internal fraud cases.
Why do people commit insider fraud?
The COVID-19 pandemic has seen employees switch to home working, and this has subsequently exposed businesses to an increased risk of ‘insider fraud’.
A knock-on effect of COVID-19 will see fraud committed for a variety of reasons. Employees may have a partner who has lost their job or been furloughed and only receiving 80% of their salary and so out of desperation will have the motivation to commit fraud as a way of keeping a roof over their head and food on the table. Working from home has provided the perfect opportunity for employees to collaborate with organised crime gangs to divulge confidential data to be sold on the dark web. Companies who have a ‘no mobile phone’ policy in the office have no way of controlling that when it comes to an employee working at their dining table. Disgruntled employees will have the motivation and rationalisation to commit fraud because they do not believe it is fair that they need to return to the office to work whilst a shielding colleague can continue to work from home with no commuting expenses or time. We have heard of many companies supporting employees throughout the pandemic and keeping them happy by sending them well-earned treats in the post. Whilst employees like to receive these goodies, employers know that they need to ensure that they have a happy workforce as this can minimise the likelihood of an employee ‘going rogue’.
Of course there has to be a degree of trust or a business cannot operate, and so it is crucial that organisations have a robust counter-fraud culture and internal controls to deal with internal fraud. For this to become established within any organisation, all staff must buy into the reasons why combating fraud is important. They need to understand where the boundaries are between what is and is not acceptable, and see that preventing and dealing with fraud is an integral part of everyone’s role within the organisation.
Having a Learning Strategy in place is the bedrock of creating a counter fraud culture, and demonstrates the tone from the top - from fraud awareness and identifying red flags, to career progression for those undertaking investigations as well as those responsible for gatekeeping functions like Internal Audit, Compliance and Human Resources.
The Cifas Fraud & Cyber Academy has courses looking at why people commit insider fraud, the psychology of fraudsters and how to spot the signs of internal fraud. You can find more details about these as well as our full range of courses here:
Cifas Insider Fraud Specialist Programme | Cifas Academy
Rachael Tiffen, Director of Public Sector and Training, Cifas
290 individuals were recorded to the IFD in 2020 compared to 432 in 2019. However, the pandemic has limited recruitment and new risks have emerged with remote working. The pandemic has had a significant impact on employment, with 693,000 payroll jobs lost since March 2020.
Dishonest actions remained the highest reported case type, accounting for 44% of cases.
Cases recorded for unlawful obtaining or disclosure of personal data have risen by 43%. The individuals involved tended to be aged between 31 and 40 years and working in a branch or a store.
Analysis Cifas Commentary why do people commit INSIDER fraud?Much of the impact of COVID-19 on fraud is still to be seen. Perpetrators are highly likely to exploit a range of vulnerabilities and uncertainties, including employment scams, travel scams and investment fraud, as well as the stimulus packages on offer.
The impersonation of companies throughout the pandemic means it is highly likely companies will be increasingly targeted if further provision is offered to business to support the economy.
Identity fraud remains a priority for all sectors, due to the rise of synthetic identities and readily available access to false documentation.
The rise in cybercrime as a service, such as phishing kits, fraud tool kits and hacking services, is an extremely high threat to all sectors.
Social media continues to be a key enabler for recruiting mules with more than two thirds of the UK population using a social media platform.
The pandemic has changed how mules “cash out”. Cashing out via cryptocurrency assets and wallets has become attractive to criminal networks due to the anonymity this provides.
Facility takeover has seen a significant rise during the pandemic. It is highly likely that digital channels will continue to be favoured but as organisations bolster their defences, threat actors may look to exploit vulnerabilities via telephony channels.
Remote working remains a threat and so it is essential that organisations review their working from home policies and audit the data and information that staff have access to.
Economic uncertainty as a result of the pandemic may put financial strain on employees who then may justify carrying out certain activities for financial gain. It is essential to screen staff not just at application, but throughout employment.
Together we must:
Protect businesses and their customers from fraud and financial crime, ensuring that all sectors implement standard checks and processes to identify and prevent fraud.
Collaborate with each other and share data, intelligence and learning to improve financial crime information sharing, and enrich our understanding of the threats the UK faces.
Ensure all organisations implement strong and effective internal fraud controls across all stages of the employee lifecycle.
Speak with a collective voice to raise the profile and awareness of the impact of fraud on businesses and the public, reinforcing the message that action must be taken to reduce fraud and its subsequent benefit in helping to fund serious organised crime.
Press
For any press enquiries please contact press@cifas.org.uk
About Cifas
Cifas is the UK’s fraud prevention community. For over 30 years we have worked with hundreds of organisations to stop fraud and our community is made up of hundreds of organisations from across the sectors, including most banks, credit providers and telecommunication companies. We lead the fight against fraud by sharing data and intelligence, and provide a secure and established home for:
Trusted data of unparalleled depth and diversity – hosting the largest databases of fraud risk in the UK.
Dynamic intelligence to understand the fraud threat landscape now and in the future.
A vast network of organisations and people with a stake in fraud prevention.
Accredited education and trusted training for organisations and individuals.
If you are interested in joining Cifas click here
For more information about our Fraud and Cyber Academy click here