UK businesses under increasing attack by criminals as latest Cifas data reveals
Cifas, the UK’s leading fraud prevention service, has today released its annual Fraudscape report, detailing the latest data and intelligence recorded by Cifas members during 2021. The report reveals that a new case of fraudulent conduct was filed by organisations every 90 seconds on average, with over 360,000 cases recorded to the National Fraud Database – an increase of 16% on 2020. As a result, Cifas members saved over £1.5bn through prevented fraud losses in 2021.
Identity Fraud
Cases involving identity fraud increased by nearly a quarter (22%) in 2021 when compared to the previous year, with over 226,000 cases recorded to the National Fraud Database.
Banking and plastic cards were hit hardest by criminals abusing stolen details to apply for products and services. Fraudsters also focused their attention on loan products which saw a 39% increase in fraudulent activity, and are likely to continue to be targeted as a response to the rise in living costs
Money Muling
A fifth of cases recorded to the National Fraud Database in 2021 relate to the misuse of facilities, which has grown by 17% to over 79,000 cases.
A large number of misuse cases related to bank accounts, with nearly three-quarters (72%) showing behaviours indicative of money mule activity, which increased by nearly a quarter (24%) to over 50,000 cases. Of these cases, a large number were aged 21-30 years – up 32%. There was is also a notable rise in those aged under 21, with cases up by 19%.
Facility Takeover
The majority of the remaining cases filed to the National Fraud Database were recorded for facility takeover fraud, with 37,000 instances recorded to the Database. Criminals focused their efforts on gaining access to existing accounts, particularly in relation to online retail and telecoms products. 2021 also saw a shift towards gaining access to existing plastic card accounts, which rose by a nearly a fifth (19%).
Internal Fraud
Nearly 270 cases involving employee or job applicant fraud were filed to the Internal Fraud Database in 2021. 2 out of 5 of these were in relation to dishonest actions by staff, such as by stealing cash or equipment from their employer. There was also a 10% growth in unsuccessful attempts made by job applicants who had lied in their application, with most of these individuals attempting to hide adverse credit or employment histories.
Mike Haley, CEO of Cifas, said: ‘Our latest figures show that businesses and consumers are currently facing a tsunami of fraud, and unfortunately I think things may get worse before they get better. The predicted rise in the cost of living will give criminals new opportunities to commit fraud, and I expect that consumers will be bombarded by increasingly sophisticated phishing attempts, including fake job offers, money-making opportunities and offers that are too good to be true.
‘Businesses will also find themselves under increasing attack from fraudulent activity, with criminals increasingly looking for vulnerabilities in systems and processes. An attempt of identity fraud is made, on average, every two and a half minutes against businesses, and sadly when these attempts are successful, criminals can go on to use the proceeds to commit other criminal offences – and even finance terrorist activity.’
Amber Burridge, head of fraud intelligence for Cifas, said: ‘Members of the public are at more risk than ever of falling to fraud and scams. It is important that they take proactive steps to protect themselves by thinking carefully when receiving an unsolicited call or email asking for money or financial details.
‘Anyone that believes they are being targeted by fraudsters or has been a victim of fraud must report it to Action Fraud and tell their bank immediately if they have supplied money or their financial details. Scam calls and texts can be reported to 7726 and emails to report@phishing.gov.uk. As a result of people using these channels, the National Cyber Security Service has removed over 76,000 scams across 139,000 URLs since April 2020, demonstrating the real impact that reporting this kind of activity can have.’