In 2024, Cifas members recorded a case to the NFD every two minutes, with identity fraud again the most commonly reported fraud risk type, accounting for 59% of all filings. The second most reported case type was facility (account) takeover. This was the driver behind the overall rise in cases, recording an unprecedented 76% increase in filings, with fraudulent activity particularly against the telecoms and online retail sector. These together accounted for over 55,000 filings.
This increase reflects reporting on the scale of UK fraud and associated harm more widely. The Crime Survey for England and Wales reported a 19% rise in fraud incidents (year ending September 2024) and GASA (Global Anti-Scam Alliance) estimated that UK individuals lost £11.4billion to scams, up £4billion on the previous year.
The increase in identity fraud cases is predominantly linked to an unprecedented spike in impersonations targeting the telecoms sector (up 73%). These mainly relate to mobile phone products - a rise of over 16,000 cases (87%). The rise in cases is linked to a well-established impersonation/account takeover fraud involving victims receiving scam calls offering the latest upgrades or discounts on a new handset.
Other products targeted in identity frauds include personal store cards (up 35%), personal bank accounts (up 12%), personal credit cards (up 8%) and motor insurance (up 8%). Collectively these products accounted for 63% of identity fraud cases highlighting a growing fraud threat in these sectors.
The most common filing reasons are ‘impersonation – current address fraud’ and ‘impersonation – previous address fraud’ which account for 82% of all cases.
The greatest number of victims are over 61yrs (25%). This is consistent with 2023 filings.
The rise in misuse of facility cases is primarily linked to the misuse of company current accounts and the evasion of repayments for personal loans. The majority of cases (68%) concern bank accounts that have been filed for ‘funds received – conduct unexplained’, ‘payment fraud’ and ‘retaining wrongful credit’.
One in ten cases related to the misuse of a company account (over 8,000 cases in 2024, a 198% increase over 2023) which points to the growing threat posed by companies being targeted to facilitate fraudulent activity including the laundering of funds.
Organisations continue to report applications submitted for loans, assets, and credit cards where there is no clear intention of payments being made.
The reduction in money muling cases is partly explained by a number of organisations filing fewer cases in 2024. This reflects regulatory concern at the criminalisation of some vulnerable young people as a consequence of reporting. This has resulted in greater, and welcome, caution on the part of some organisations when filing muling activity involving young people.
Despite this overall reduction, some organisations who have observed significant volumes/increases in money muling cases, with many defining muling as an ‘ever-expanding issue with no respite’.
Muling cases account for 57% of bank account misuse cases filed to the NFD. This underpins the ongoing threat posed by personal and company accounts being used for muling. With over 34,000 cases of suspected money muling filed to Cifas, it is unsurprising that Cifas members have described muling as an ‘ever-expanding issue’.
Cifas members have reported concerns at the growth of ‘money making opportunities’ promoted on social media platforms. This is predominantly targeted at ‘young people’ who are often vulnerable individuals. Much of this content is disguised as attractive employment opportunities with generous working patterns and benefits.
Filings by Cifas members reveal that it is most often personal current accounts (77%) that are used in muling. This is down from 90% in 2023 following the growth in the use of company current account for muling.
Filings in relation to the use of company current accounts rose to 4,500 cases, accounting for one in five suspected mule cases filed to the NFD.
It is younger people, individuals under 30 years old who account for the majority of cases (61%).
The statistics highlight the ongoing challenge of educating young people around the dangers of engaging in money mule activity.
Consistent with the filings recorded in 2023, the majority of cases were facilitated through online channels (67%). It is noteworthy that the number of takeover attempts occurring ‘in store’ recorded to the NFD is up by 83% potentially indicating a rise in less sophisticated ‘back-to-basics’ or ‘in person’ takeover attempts.
Research1 also shows that account takeover through the mass targeting of consumers online grew quickly in 2024. This has been driven by sophisticated use of malware and automated attacks that have become more difficult to detect.
A high proportion of account takeovers are targeted at the online retail sector. Key tactics employed by criminals includes changing consumers details on accounts or diverting orders to alternative addresses or collection sitters.
The age group most impacted by account takeovers are those aged 61 and over. They account for 29% of such cases filed to the NFD (previously 27%). Filings in relation to this age group also increased by 90% when compared to 2023, with people targeted in relation to telecom products and cards (up 52%).
Consistent with filings in 2023, 40% of cases were in relation to bank accounts. A significant number of cases were filed for ‘residence - undisclosed address and adverse’ accounting for 46% of bank account related filings. Combined with ‘documents-false’, these two filing reasons account for 82% of cases involving bank accounts.
Cifas research1 suggests that nearly half (48%) of adults believe it is ‘reasonable’ to commit some form of first party fraud, with members citing a growing social acceptance of engaging in this activity. This willingness to commit fraud is perhaps reflected in the filings to the NFD in relation to false applications.
The most common reason for filing was ‘documents-false’ (30%). These tended to focus on the bank account and insurance sectors which together accounted for 69% of such cases filed. The cause of the increase in filing for this reason has been an uplift in insurance filings, up 272% when compared with 2023, particularly in relation to motor insurance applications. Insurance cases were also up overall, caused by a spike in ‘false no claims discount’, up 86% on 2023.
Filings from the communications sector increased by 69%, covering both mobile phones and home media. Most of this increase related to cases concerning undisclosed addresses or adverse credit whereby individuals may provide fictious or dated information in order to obtain the higher end devices.
Despite this decrease, insider threat remains a significant risk to organisations with particular vulnerabilities caused by continued remote working, especially reduced supervision, and ongoing cost-of-living pressures. Detecting or predicting insider activity can be challenging, particularly where employees have good knowledge of company systems and are able to mask their activity or alter their tactics to fly under the radar.
The reduction in cases reported to the Insider Threat Database is driven by declines in filing in relation to two high volume case types, 'dishonest action' (down 21%) and 'false employment unsuccessful' (down 30%). The reductions in these case types mostly centred on filings of ‘concealed adverse‘ and ‘theft of cash and IT equipment’.
Consistent with figures for 2023, the leading case types were ‘dishonest action by staff’ (47%) followed by ‘false employment application (unsuccessful)’ accounting for 29%. The high proportion of ‘dishonest action by staff’ (nearly half of cases) recorded despite the reductions noted above, highlights the threat posed by existing as opposed to new employees , and the importance of regular screening to mitigate risks.
It is to note that the majority of the ‘dishonest action’ cases were discovered through internal controls and audit functions (57%) – highlighting the importance of strong internal fraud controls and training.
Welcome to this year’s Fraudscape. It provides a detailed overview and analysis of the fraud risk data filed by Cifas members to the National Fraud Database (NFD) and Insider Threat Database (ITD) in the twelve months to December 2024, and presents these with intelligence provided by Cifas members, partners and law enforcement. Together the insight from these different sources provides a compelling account of the challenges and threats facing the fraud prevention community, as well as the emerging threat vectors which will require focus and dedication to address.
The headlines make for grim reading. A record number of cases were filed to the National Fraud Database in 2024, over 421,000 in total with cases of identity fraud the most reported (over 249,000 cases). This is particularly noteworthy as total figures for 2023 were 9% down on the year before. 2024 also saw an unprecedented 76% rise in cases of facility (account) takeover, specifically in the telecoms and online retail sectors.
A key driver for these rises appears to be rapid technological change and the easy availability of AI services and ‘fraud toolkits. Geopolitical uncertainty and continued pressures at the cost of living have provided opportunity for criminals to exploit. These issues have a direct impact on the data filed by organisations to the NFD. These same circumstances may also provide incentive for those who may be struggling financially to commit fraud to bolster incomes. Indeed, cases of false application and misuse of facility rose by 10% and 1% respectively in 2024.
The data filed to the NFD reflects the national picture. Fraud is as prevalent as ever. It accounts for almost 40% of all crime reported in England and Wales and is estimated to cost the UK economy £219 billion each year, money that is stolen and used to fund other forms of crime.1 Losses to the public sector are estimated to be as much as £81 billion.2 This is money that could otherwise be used to fund our public services. Consumers, many of them vulnerable, lost £11.4 billion to scams in 2024 alone.3 In 2024, it was those aged 61+ who were most likely to be victims of identity fraud and account takeovers.
The Fraudscape data demonstrates the extent to which fraud is not just industrialised but digitised. The services that enable us to stay connected also expose us to criminals. Fully 80% of all scams are now digitally enabled with fraudsters moving with ease between platforms, services, and technologies. In 2024, 80% of false applications and 86% of identity frauds occurred through online channels.
The threat from fraud is also global and organised, with criminal gangs now mimicking the size and structures of large corporations. Scam factories in south-east Asia and West Africa house hundreds of enslaved workers in appalling conditions, criminalising the vulnerable and economically insecure and forcing them to build and operate a sophisticated infrastructure of call centres and websites intended for the sole purpose of stealing people’s money.
AI is also transforming the capability of fraudsters to operate at scale, harvesting data quickly on targets, producing near-perfect fake documents in seconds, enabling attacks on networks at an entirely new scale and, through the use of deep fakes and AI generated images and voices, impersonating people, both consumers and authority figures, to steal their data and their savings. It has made the threat from fraud not only more compelling and difficult to detect, but more urgent.
It is only through working together, specifically through the sharing of data and intelligence that we will beat the criminals. Cifas’ exists for this very purpose. Through the use of our products and services, our members drawn from across key sectors, including banking, telecoms and technology saved over £2.1 billion in fraud losses.
This year’s Fraudscape report makes clear that while progress is being made, there is still much more to do.
We hope that you find this report and its data insightful. But more importantly, it is used as a call to action to strengthen fraud defences and take the fight to the criminals.
Over 421,000 cases were filed to the National Fraud Database in 2024, a rise of 13% (over 46,000 cases) and a record number of cases. It is also the largest annual increase in fraud type filings ever recorded by Cifas
Identity fraud is still the most commonly reported fraud risk type, representing 59% of cases filed to the NFD (previously 64%). The vast majority of cases concerned fraud committed through online channels (86%). This is consistent with previous years and highlights the scale by which victims are impersonated using online platforms, and reflecting the ongoing shift towards digital applications for products/services
Misuse of facility accounts for 18% of cases filed to the NFD. This is the third highest case type filed to the NFD in 2024 by Cifas members (previously second)
Almost half of all account takeovers relate to a mobile phone accounts (48%) with filings on account takeover in the telecoms sector rising by 105%. Most filings (41%) relate to ‘unauthorised addition of facility’ ie upgrading a mobile handset to a contract, which increased by 96%. There has also been a surge in ‘unauthorised SIM Swaps’, up 1055% (nearly 3,000 cases from 289 in 2023), impacting multiple telecoms organisations
This increase highlights the ongoing challenge of individuals using false information or purposefully omitting adverse information to gain personal benefits or access to products/services. False application filings saw the largest increase in the number of online applications instead of other means (80% vs 73% in 2023) suggesting that more than ever criminals are using online channels in order to submit falsified applications
We are a not-for-profit membership organisation that brings different sectors together for the common goal of eliminating fraud and financial crime. Over 750 organisations work with us, all benefiting from each other's data, intelligence and learning - using the cutting edge financial crime prevention systems and tools we develop and deliver. For over 30 years we have been trusted by our partners to provide them with the systems and tools they need to detect and prevent fraud and financial crime, saving them billions of pounds in prevented losses.