In 2024, Cifas members recorded a case to the NFD every two minutes, with identity fraud again the most commonly reported fraud risk type, accounting for 59% of all filings. The second most reported case type was facility (account) takeover. This was the driver behind the overall rise in cases, recording an unprecedented 76% increase in filings, with fraudulent activity particularly against the telecoms and online retail sector. These together accounted for over 55,000 filings.
This increase reflects reporting on the scale of UK fraud and associated harm more widely. The Crime Survey for England and Wales reported a 19% rise in fraud incidents (year ending September 2024) and GASA (Global Anti-Scam Alliance) estimated that UK individuals lost £11.4billion to scams, up £4billion on the previous year.
The increase in identity fraud cases is predominantly linked to an unprecedented spike in impersonations targeting the telecoms sector (up 73%). These mainly relate to mobile phone products - a rise of over 16,000 cases (87%). The rise in cases is linked to a well-established impersonation/account takeover fraud involving victims receiving scam calls offering the latest upgrades or discounts on a new handset.
Other products targeted in identity frauds include personal store cards (up 35%), personal bank accounts (up 12%), personal credit cards (up 8%) and motor insurance (up 8%). Collectively these products accounted for 63% of identity fraud cases highlighting a growing fraud threat in these sectors.
The most common filing reasons are ‘impersonation – current address fraud’ and ‘impersonation – previous address fraud’ which account for 82% of all cases.
The greatest number of victims are over 61yrs (25%). This is consistent with 2023 filings.
The rise in misuse of facility cases is primarily linked to the misuse of company current accounts and the evasion of repayments for personal loans. The majority of cases (68%) concern bank accounts that have been filed for ‘funds received – conduct unexplained’, ‘payment fraud’ and ‘retaining wrongful credit’.
One in ten cases related to the misuse of a company account (over 8,000 cases in 2024, a 198% increase over 2023) which points to the growing threat posed by companies being targeted to facilitate fraudulent activity including the laundering of funds.
Organisations continue to report applications submitted for loans, assets, and credit cards where there is no clear intention of payments being made.
The reduction in money muling cases is partly explained by a number of organisations filing fewer cases in 2024. This reflects regulatory concern at the criminalisation of some vulnerable young people as a consequence of reporting. This has resulted in greater, and welcome, caution on the part of some organisations when filing muling activity involving young people.
Despite this overall reduction, some organisations who have observed significant volumes/increases in money muling cases, with many defining muling as an ‘ever-expanding issue with no respite’.
Muling cases account for 57% of bank account misuse cases filed to the NFD. This underpins the ongoing threat posed by personal and company accounts being used for muling. With over 34,000 cases of suspected money muling filed to Cifas, it is unsurprising that Cifas members have described muling as an ‘ever-expanding issue’.
Cifas members have reported concerns at the growth of ‘money making opportunities’ promoted on social media platforms. This is predominantly targeted at ‘young people’ who are often vulnerable individuals. Much of this content is disguised as attractive employment opportunities with generous working patterns and benefits.
Filings by Cifas members reveal that it is most often personal current accounts (77%) that are used in muling. This is down from 90% in 2023 following the growth in the use of company current account for muling.
Filings in relation to the use of company current accounts rose to 4,500 cases, accounting for one in five suspected mule cases filed to the NFD.
It is younger people, individuals under 30 years old who account for the majority of cases (61%).
The statistics highlight the ongoing challenge of educating young people around the dangers of engaging in money mule activity.
Consistent with the filings recorded in 2023, the majority of cases were facilitated through online channels (67%). It is noteworthy that the number of takeover attempts occurring ‘in store’ recorded to the NFD is up by 83% potentially indicating a rise in less sophisticated ‘back-to-basics’ or ‘in person’ takeover attempts.
Research1 also shows that account takeover through the mass targeting of consumers online grew quickly in 2024. This has been driven by sophisticated use of malware and automated attacks that have become more difficult to detect.
A high proportion of account takeovers are targeted at the online retail sector. Key tactics employed by criminals includes changing consumers details on accounts or diverting orders to alternative addresses or collection sitters.
The age group most impacted by account takeovers are those aged 61 and over. They account for 29% of such cases filed to the NFD (previously 27%). Filings in relation to this age group also increased by 90% when compared to 2023, with people targeted in relation to telecom products and cards (up 52%).
Consistent with filings in 2023, 40% of cases were in relation to bank accounts. A significant number of cases were filed for ‘residence - undisclosed address and adverse’ accounting for 46% of bank account related filings. Combined with ‘documents-false’, these two filing reasons account for 82% of cases involving bank accounts.
Cifas research1 suggests that nearly half (48%) of adults believe it is ‘reasonable’ to commit some form of first party fraud, with members citing a growing social acceptance of engaging in this activity. This willingness to commit fraud is perhaps reflected in the filings to the NFD in relation to false applications.
The most common reason for filing was ‘documents-false’ (30%). These tended to focus on the bank account and insurance sectors which together accounted for 69% of such cases filed. The cause of the increase in filing for this reason has been an uplift in insurance filings, up 272% when compared with 2023, particularly in relation to motor insurance applications. Insurance cases were also up overall, caused by a spike in ‘false no claims discount’, up 86% on 2023.
Filings from the communications sector increased by 69%, covering both mobile phones and home media. Most of this increase related to cases concerning undisclosed addresses or adverse credit whereby individuals may provide fictious or dated information in order to obtain the higher end devices.
Despite this decrease, insider threat remains a significant risk to organisations with particular vulnerabilities caused by continued remote working, especially reduced supervision, and ongoing cost-of-living pressures. Detecting or predicting insider activity can be challenging, particularly where employees have good knowledge of company systems and are able to mask their activity or alter their tactics to fly under the radar.
The reduction in cases reported to the Insider Threat Database is driven by declines in filing in relation to two high volume case types, 'dishonest action' (down 21%) and 'false employment unsuccessful' (down 30%). The reductions in these case types mostly centred on filings of ‘concealed adverse‘ and ‘theft of cash and IT equipment’.
Consistent with figures for 2023, the leading case types were ‘dishonest action by staff’ (47%) followed by ‘false employment application (unsuccessful)’ accounting for 29%. The high proportion of ‘dishonest action by staff’ (nearly half of cases) recorded despite the reductions noted above, highlights the threat posed by existing as opposed to new employees , and the importance of regular screening to mitigate risks.
It is to note that the majority of the ‘dishonest action’ cases were discovered through internal controls and audit functions (57%) – highlighting the importance of strong internal fraud controls and training.
The consistent dominance of identity fraud filings and surging levels of facility (account) takeover filings look to deliver yet another record number of filings by the end of 2025, should the trends set out in this report continue.
With UK fraud expected to continue evolve in both its scale and sophistication, the latest data from Cifas and its industry partners indicate that fraud it is not only becoming more socially acceptable but criminals are increasingly leveraging advanced technologies, particularly artificial intelligence (AI), to exploit vulnerabilities.
1:Over 217,000 cases recorded in the first half of 2025 a 1% increase on the same period of 2024
2:Facility (account) takeover climbed 1% to more than 38,000 cases and now represents 18% of all reported fraud to the NFD
3: Cifas members reported a steep increase in cases relating to telecommunications products and services, which now account for 69% of all facility takeover filings, up 40% on the same period for 2024
4: Misuse of facility cases rose 35%, surpassing 51,000 cases and making up a quarter (24%) of all recorded fraud risk to the NFD
5:Identity fraud fell by 7% in the first six months of 2024, largely due to a 40% drop in filings reported in the telecommunications sector. However, it still accounts for the majority of cases recorded to the NFD (118,726 cases)
6: In the first half of 2025, 16,061 cases indicative of money muling activity were reported to the NFD. This is a 17% decrease on the same period for the 2024. This shift may be linked to some organisations hesitating to file younger individuals and the ongoing adjustment to new filing categories made available by Cifas
7: The first six months of 2025 saw a 25% decrease in filings related to false applications compared to the same period in 2024, with just over 8,500 cases reported. However, 'Other' and online retail sectors saw significant increases
8:Cifas’ Insider Threat Database saw a 32% uplift in cases. Organisations reported more employees were concealing their background information to secure roles or engage in dishonest activity to boost income
Most filings are in the bank account and plastic card sectors, making up 63% (previously 59%) of total identity fraud cases. Filings from the insurance and public sectors increased by 25% (+1494) and 88% respectively, whereas loan sector fraud decreased by 12% (1,008 cases). The insurance sector saw the biggest overall change. The increase was primarily in relation impersonation for motor insurance. Gambling products saw a 109% increase in filings in first half of 2025 (+330).
The size of this increase is explained partly by the reduction in identity fraud filings to the NFD but also by an overall increase in the number of misuse of facility cases against bank accounts and the 'other' sector (12,500). The ‘other’ sector is largely driven by an uplift in online payment filings by a small number of banking organisations.
The misuse of bank accounts is the dominant reason for filing under this category, accounting for 73% of filings, over 6,000 cases higher (+20% than for the same period in 2024). This increase is most acute in relation to personal current accounts (23%), mainly 'funds received-conduct unexplained' and 'funds received-money muling,' – a new category for recording mule activity.
Misuse of plastic cards products also increased (+6%) with fraudsters particularly targeting personal credit cards, accounting for (75% of filings under this category). Filings in relation to communications services and products saw a rise of 90% (albeit from a low base), following an uplift in evasion of payment against mobile phone products (+572).
This change is partly a consequence of regulatory caution to discourage the unnecessary criminalisation of vulnerable young people who may have engaged in muling activity, as well as changes made to filing categories in relation to muling activity by Cifas (as well as the publication of new guidance) in Q1 2024.
Filings in relation to online retail and plastic cards were also substantial and jointly accounted for nearly 9,000 of the cases recorded so far this year.
Online channels continue to be exploited heavily for this purpose, with 68% of account takeovers facilitated digitally. Criminals are leveraging compromised and stolen data to hijack existing online customer accounts, particularly telecoms and online retail accounts where high-value goods/devices are particularly targeted for resale.
Most sectors saw declines in false application filings, notably telecommunications (-81%) and asset finance (-27%). Cases in relating to bank accounts and insurance accounted for 64% of filings, with common filing reasons including ‘undisclosed addresses’ and ‘false documents’.
Insight from the ITD show that employees are engaging in a range of dishonest activity to supplement their income, with many actively concealing information about their backgrounds to secure roles. Persistent threats include employees working multiple roles without their employers knowledge, using fraudulent reference houses and digital recruitment or placement of insiders where individuals aim to access sensitive data.
The Fraudscape six-month update is a comprehensive analysis of filings by Cifas members to the National Fraud Database (NFD) and Insider Threat Database (ITD) in the first half of 2025. It compares these with those from the same period in 2024. Over 217,000 cases were filed to the NFD, marking a rise of 1%. This is an unprecedented number of cases, and builds on the record number of cases filed in 2024.
This was largely due to a 40% reduction of cases in relation to the communications sector. The decrease in this sector suggests a tactical shift rather than a true decline, with criminals increasingly pivoting to facility takeover fraud, particularly when targeting mobile phone products. However, identity fraud still accounts for the majority of cases recorded to the NFD
Over 51,000 misuse of facility cases, where an account or product is misused by the genuine account holder, were reported to the NFD from January to June 2025.
This represents a, 35% increase on the same period in 2024 and making it the second highest case type
Between January-June 2025, filings in relation to facility (account) takeover increased to more than 38,000, a 1% rise on the same period in 2024. These cases account for a significant proportion of all filing to the NFD, comprising 18% of all cases. Cifas members reported a steep increase in cases relating to telecommunications products and services, which now account for 69% of all facility takeover filings, up 40% on the same period for 2024
The first six months of 2025 saw a 25% decrease in filings related to false applications compared to the same period in 2024, with just over 8,500 cases reported. However, the ‘Other’ sector saw a significant increase.
We believe that the increase is linked to the growth of false tenant reference applications involving false/altered documents, potentially driven by rental unaffordability, economic strain, and stricter affordability checks.
Cases filed to Cifas’ Insider Threat Database (ITD) increased by 32% to 160 cases in 2025 compared to 121 in the same period of 2024. Organisations continue to report that ongoing
cost-of-living pressures and continued growth in remote working are fuelling insider threat risks
Welcome to this year’s Fraudscape. It provides a detailed overview and analysis of the fraud risk data filed by Cifas members to the National Fraud Database (NFD) and Insider Threat Database (ITD) in the twelve months to December 2024, and presents these with intelligence provided by Cifas members, partners and law enforcement. Together the insight from these different sources provides a compelling account of the challenges and threats facing the fraud prevention community, as well as the emerging threat vectors which will require focus and dedication to address.
The headlines make for grim reading. A record number of cases were filed to the National Fraud Database in 2024, over 421,000 in total with cases of identity fraud the most reported (over 249,000 cases). This is particularly noteworthy as total figures for 2023 were 9% down on the year before. 2024 also saw an unprecedented 76% rise in cases of facility (account) takeover, specifically in the telecoms and online retail sectors.
A key driver for these rises appears to be rapid technological change and the easy availability of AI services and ‘fraud toolkits. Geopolitical uncertainty and continued pressures at the cost of living have provided opportunity for criminals to exploit. These issues have a direct impact on the data filed by organisations to the NFD. These same circumstances may also provide incentive for those who may be struggling financially to commit fraud to bolster incomes. Indeed, cases of false application and misuse of facility rose by 10% and 1% respectively in 2024.
The data filed to the NFD reflects the national picture. Fraud is as prevalent as ever. It accounts for almost 40% of all crime reported in England and Wales and is estimated to cost the UK economy £219 billion each year, money that is stolen and used to fund other forms of crime.1 Losses to the public sector are estimated to be as much as £81 billion.2 This is money that could otherwise be used to fund our public services. Consumers, many of them vulnerable, lost £11.4 billion to scams in 2024 alone.3 In 2024, it was those aged 61+ who were most likely to be victims of identity fraud and account takeovers.
The Fraudscape data demonstrates the extent to which fraud is not just industrialised but digitised. The services that enable us to stay connected also expose us to criminals. Fully 80% of all scams are now digitally enabled with fraudsters moving with ease between platforms, services, and technologies. In 2024, 80% of false applications and 86% of identity frauds occurred through online channels.
The threat from fraud is also global and organised, with criminal gangs now mimicking the size and structures of large corporations. Scam factories in south-east Asia and West Africa house hundreds of enslaved workers in appalling conditions, criminalising the vulnerable and economically insecure and forcing them to build and operate a sophisticated infrastructure of call centres and websites intended for the sole purpose of stealing people’s money.
AI is also transforming the capability of fraudsters to operate at scale, harvesting data quickly on targets, producing near-perfect fake documents in seconds, enabling attacks on networks at an entirely new scale and, through the use of deep fakes and AI generated images and voices, impersonating people, both consumers and authority figures, to steal their data and their savings. It has made the threat from fraud not only more compelling and difficult to detect, but more urgent.
It is only through working together, specifically through the sharing of data and intelligence that we will beat the criminals. Cifas’ exists for this very purpose. Through the use of our products and services, our members drawn from across key sectors, including banking, telecoms and technology saved over £2.1 billion in fraud losses.
This year’s Fraudscape report makes clear that while progress is being made, there is still much more to do.
We hope that you find this report and its data insightful. But more importantly, it is used as a call to action to strengthen fraud defences and take the fight to the criminals.
Over 421,000 cases were filed to the National Fraud Database in 2024, a rise of 13% (over 46,000 cases) and a record number of cases. It is also the largest annual increase in fraud type filings ever recorded by Cifas
Identity fraud is still the most commonly reported fraud risk type, representing 59% of cases filed to the NFD (previously 64%). The vast majority of cases concerned fraud committed through online channels (86%). This is consistent with previous years and highlights the scale by which victims are impersonated using online platforms, and reflecting the ongoing shift towards digital applications for products/services
Misuse of facility accounts for 18% of cases filed to the NFD. This is the third highest case type filed to the NFD in 2024 by Cifas members (previously second)
Almost half of all account takeovers relate to a mobile phone accounts (48%) with filings on account takeover in the telecoms sector rising by 105%. Most filings (41%) relate to ‘unauthorised addition of facility’ ie upgrading a mobile handset to a contract, which increased by 96%. There has also been a surge in ‘unauthorised SIM Swaps’, up 1055% (nearly 3,000 cases from 289 in 2023), impacting multiple telecoms organisations
This increase highlights the ongoing challenge of individuals using false information or purposefully omitting adverse information to gain personal benefits or access to products/services. False application filings saw the largest increase in the number of online applications instead of other means (80% vs 73% in 2023) suggesting that more than ever criminals are using online channels in order to submit falsified applications
We are a not-for-profit membership organisation that brings different sectors together for the common goal of eliminating fraud and financial crime. Over 750 organisations work with us, all benefiting from each other's data, intelligence and learning - using the cutting edge financial crime prevention systems and tools we develop and deliver. For over 30 years we have been trusted by our partners to provide them with the systems and tools they need to detect and prevent fraud and financial crime, saving them billions of pounds in prevented losses.
