SEON research unveils UK’s biggest business fraud ‘hot spots’

UK-centric research conducted by anti-fraud expert SEON has revealed the areas with the highest rates of business fraud per 100,000 members of the population. The research uses data from Action Fraud and records both the total number of fraud reports in each area as well as the total number of business or corporate fraud cases. It then compares this to population data, giving relative rates of fraud and business fraud in each geographical area. 

The City of London is found to have the highest rate of corporate fraud per 100,000 people in the country at 100.92 cases. This is arguably of little surprise, given that the City of London is the centre of the UK’s financial industry and home to a huge number of businesses, while also playing host to a comparably small number of individuals.

Nottinghamshire has the second-highest rate of corporate fraud in the country, making the county a much riskier place in which to do business than the majority of the country.

In third place is North Yorkshire. This largely rural county is home to several well-off small cities and market towns, such as York and Harrogate, which act as business hubs for the area and are likely the focus of fraudsters’ attentions in the region.

UK’s business fraud ‘hot spots’

Rank	Police Force	Population	Corporate Fraud Reports	Corporate Fraud Reports per 100,000 People
1	City of London	10,900	11	100.92
2	Nottinghamshire	1,170,500	163	13.93
3	North Yorkshire	831,600	103	12.39
4	Cumbria	499,800	48	9.60
5	Hertfordshire	1,195,700	92	7.69
6	Kent	1,868,200	123	6.58
7	North Wales	703,400	46	6.54
8	Cheshire	1,069,600	68	6.36
9	Humberside	934,400	59	6.31
10	Gwent	598,200	37	6.19

County Durham, the territory policed by the Durham Constabulary, has the highest average losses per report of business fraud in the country. The huge sum involved is more than three times higher than every region other than second place, which it is still noticeably higher than.

Areas with most costly incidents

Rank	Police Force	Corporate Fraud Reports	Corporate Fraud Losses	Average Losses per Corporate Fraud Report
1	Durham	6	£762,800	£127,133
2	City of London	11	£1,300,000	£118,182
3	Lancashire	43	£1,700,000	£39,535
4	Warwickshire	14	£545,200	£38,943
5	Merseyside	25	£599,400	£23,976
6	PSNI	54	£1,000,000	£18,519
7	Derbyshire	21	£387,200	£18,438
8	Metropolitan	305	£4,900,000	£16,066
9	Thames Valley	101	£1,600,000	£15,842
10	Greater Manchester	110	£1,700,000	£15,455

In second place is the City of London. While still being much higher than the majority of other regions, it’s perhaps surprising that the City of London didn’t top the leader board in this instance given that it plays host to the UK’s finance industry.

Lancashire is the third most expensive place to be hit by business fraud. While substantially lower than the average losses incurred in County Durham and in the City of London, the figure involved is still high enough to put some small companies out of business altogether.

The City of London places top as the region most susceptible to all forms of fraud, with 143,092 reports per 100,000 people. The second region most susceptible to all forms of fraud, with 568 reports of fraud per 100,000 people, is the area covered by Dyfed-Powys Police in Wales. 

Northumbria tops the list as the most expensive part of the UK in which to fall victim to any type of fraud, with average losses per incident standing at £11,661.

*Further information concerning the SEON research results is available online at https://seon.io/resources/business-fraud-hotspots/ 

Fraud and cyber crime

UK residents and businesses have seen financial losses of £2.5 billion from fraud and cyber crime over the course of the past year, a new study reveals. Research undertaken by Payback Ltd analysed data drawn from the National Fraud Intelligence Bureau to reveal that the UK has reported almost 500,000 cases of fraud and cyber crime that have resulted in financial loss.

Spanning data from November 2020 to November 2021, it was found that the UK has reported an average 40,586 cases of fraud and cyber crime per month, with an average financial loss of £5,700 per case.

The height of cyber crime activity appeared during the earlier months of the year. In February, the UK reported 47,800 cases equating to £267.6 million in financial losses, while in March more than 48,500 cases amounted to losses of £219.3 million.

Monthly breakdown of UK Cyber Crime and Fraud reports (November 2020 to November 2021)

	Total # Reports	Total Financial Loss (£)	Average loss per reported case (£)
Nov 2020	36,277	165,400,000	4,559
Dec 2020	35,739	163,500,000	4,575
Jan 2021	41,347	138,700,000	3,355
Feb 2021	47,801	267,600,000	5,598
Mar 2021	48,546	219,300,000	4,517
Apr 2021	41,404	161,800,000	3,908
May 2021	39,614	220,500,000	5,566
Jun 2021	35,024	167,500,000	4,782
Jul 2021	35,701	173,900,000	4,871
Aug 2021	32,636	165,300,000	5,065
Sept 2021	28,160	245,800,000	8,729
Oct 2021	32,995	187,000,000	5,668
Nov 2021	31,791	231,100,000	7,269

Fraudulent activity using online shopping and auctions amounts to more than 100,000 reported cases through the year (100,168 in total) that equate to a value of £77.1 million in financial loss. The overall umbrella of ‘consumer fraud’ includes other criminal activity such as dating scams and bogus tradesmen, and accounts for £437.2 million of the country’s losses last year.

Overall, fraud and cyber crime cases relating to individual British residents account for 87% of the country’s total report volume. This translates to £1.8 billion of financial losses incurred over a reported 421,473 cases. Those aged 20-29 reported the most instances of criminal activity, with 82,000 reports made across the course of the year, followed closely by those aged 30-39, who clocked in 80,000-plus reports.

There were 62,976 reports made by British businesses throughout 2021, equating to a total reported financial loss of £736.3 million.

Commenting on the research findings, a spokesperson for Payback Ltd stated: “It’s difficult to see such high figures relating to fraudulent and criminal activity taking place over the course of the year. It is now imperative that members of the British public exercise caution when making financial transactions of any kind. They must ensure that they’re confident any transactions are conducted via official, safe and legal means.”

London Digital Security Centre introduces ‘Cyber Crisis Simulation’ event to help businesses prepare for cyber breaches

The London Digital Security Centre (LDSC) is inviting senior representatives from SMEs across London to attend its ‘Cyber Crisis Simulation’ Breakfast Briefing at the University of Greenwich. The event takes place on Thursday 3 August from 10.00 am to noon. The ‘Cyber Crisis Simulation’ itself will be run by Cyber Rescue, which is one of the LDSC’s carefully selected partners.

Reputations are ruined when businesses are unprepared for the consequences of a cyber breach. With that in mind, this new event will help businesses to prepare for the day that happens so that they can act accordingly in mitigating disaster.

The simulation will be based on learnings from over 100 major data breaches and cover the following topics: why shock and ambiguity are common responses in the Boardroom, where Command and Control systems are stressed after a major breach, who expects what among regulators, customers, partners and the police, how the exponential growth in cyber attacks puts jobs on the line and what companies can do today to protect themselves from the cyber attacks of tomorrow.

There are an estimated one million SMEs operating in London and, each month, more than 1,000 of them report being the victim of a cyber crime or fraud to Action Fraud. The Department for Digital, Culture, Media and Sport’s Report published in April this year found that just under half (46%) of all businesses have identified at least one breach or attack in the last year. Of those, 45% were micro or small businesses.

The new event is part of a series organised by the London Digital Security Centre to help protect businesses – and primarily micro to medium-sized concerns – to operate in a secure digital environment.

John Unsworth, CEO of the London Digital Security Centre, commented: “Small and medium-sized businesses shouldn’t be fooled into thinking that criminals don’t target them, or that they’re safe from online vulnerabilities. Any company that holds data is a viable target.”

For further details and to register for the event visit: https://www.eventbrite.co.uk/e/cyber-crisis-simulation-tickets-36271637444

London Digital Security Centre and Oxford University pool resources to develop White Paper on Digital Security for SMEs

Oxford University, in association with the London Digital Security Centre (LDSC), will be looking at the challenges faced by SMEs and their importance to the economy as a supply chain link to larger companies and Government in order to produce an academic White Paper entitled ‘Developing Security Education and Awareness Programmes for SMEs’ for publication this coming November.

The White Paper will provide an overall review of the LDSC’s approach and effectiveness on security education for SMEs. This work will provide recommendations for assessing the effectiveness of such programmes in future and the LDSC’s specifically.

Providing education and training for this sector is crucial in order to ensure that cyber security capacity measures (such as ‘10 Steps to Cyber Security – Cyber Essentials’) are actually implemented. This White paper will explore current offerings on cyber security education and training for SMEs and identify the existing gaps.

Drafted by Dr Maria Bada and Dr Jason Nurse, the authors have already published similar work on the effectiveness of cyber security awareness raising. This new White Paper will build on previous knowledge and expertise using interviews and focus groups to collect information.

Dr Bada commented: “Our aim is to review the London Digital Security Centre’s approach to security education for SMEs and the motivation for this initiative. We will critically reflect on the effectiveness of the LDSC’s approach thus far. Our methodology is based on qualitative and quantitative data.”

The LDSC has already recognised the challenges that SMEs face when it comes to cyber security and is helping businesses to embrace digital innovations and operate in a secure online environment such that they protect themselves against cyber criminals.

John Unsworth, CEO at the LDSC, concluded: “Our role is to help improve the security posture of SMEs operating in London. It’s vital we understand their motivation and the issues they face to ensure the training and advice we give is implemented. This is particularly important given that over 1,000 SMEs in London report a digital crime to Action Fraud every month.”

Research suggests up to 45% of fraud linked directly to organised crime

New research conducted by the Police Foundation and Perpetuity Research has found that between 31% and 45% of fraud may be linked to organised crime. This is up to three times higher than the 15% level found in previous studies.

The research, which was funded by The Dawes Trust, looked at a large sample of frauds taking place in the Midlands and the South West. It found that fraud linked to organised crime was more harmful to victims than other types of fraud. On average, individual victims of organised fraud were likely to lose significantly more money per fraud offence (£10,260) than victims of non-organised fraud (£3,982).

Professor Martin Gill CSyP FSyI, director of Perpetuity Research and one of the research report’s authors, said: “We know that fraud, and particularly online fraud, is the new volume crime. Our research shows that organised crime groups play a much larger role in fraud than has previously been estimated, and that fraud linked to organised crime causes much more harm than other types of fraud.”

Investment fraud was most likely to be linked to organised crime, with around 70% of this fraud type estimated to be perpetrated by organised crime groups. Between a third (38%) and over a half (59%) of mass-marketing fraud is estimated to be linked to organised crime.

The research also found that the police response to fraud was inadequate. Unlike traditional crime types such as burglary and vehicle crime, victims who report a fraud rarely receive a visit from a police officer or any other official.

Response to organised fraud

There are many agencies holding a wide range of powers which could bolster the local response to organised fraud. However, at present these agencies only work together on an ad hoc basis and systematic data sharing is virtually non-existent.

Given the complexity, the expense and the low success rate of fraud investigations, a more problem-oriented, multi-agency approach would, the researchers argue, be somewhat more effective.

Police Foundation director Rick Muir explained: “Despite its increasing scale across the UK, fraud doesn’t currently receive the recognition it deserves and tends to fall between the gaps of a number of agencies, including the police. While the offenders of organised fraud are difficult to prosecute, it’s clear there are vulnerable victims to safeguard, communities to protect and crimes to be prevented. It’s more important than ever to ensure that agencies and authorities don’t relinquish their responsibilities in tackling it.”

On average, Action Fraud receives details on 25,000 reported frauds per month. Based on the researchers’ estimates, this means that between 7,000 and 12,000 reported frauds could be perpetrated by organised criminals every month.

In practice, only a small proportion of these incidents are ever investigated by police forces. Furthermore, forces are not systematically recording the outcomes of fraud investigations, and are therefore not being properly held to account.

Criminals target UK’s youth as cases of identity fraud increase

Cifas, the UK’s leading fraud prevention service, has released new figures showing a 52% rise in young identity fraud victims in the UK. In 2015, just under 24,000 (23,959) people aged 30 and under were victims of identity fraud. This is up from 15,766 in 2014, and more than double the 11,000 victims in this age bracket in 2010.

The figures have been published on the same day as a new short film, entitled ‘Data to Go’, is launched online to raise awareness of this type of fraud. Shot in a London coffee shop in March this year, the film uses hidden cameras to capture baffled reactions from people caught in a stunt where their personal data, all found on public websites, is revealed to them live on a coffee cup.

Identity fraud happens when a fraudster pretends to be an innocent individual to buy a product or take out a loan in their name. Often, victims don’t even realise that they’ve been targeted until a bill arrives for something they didn’t buy or they experience problems with their credit rating.

To carry out this kind of fraud successfully, fraudsters usually have access to their victim’s personal information such as name, date of birth, address, their bank details and information on who they hold accounts with. Fraudsters gain such detail in a variety of ways, including through hacking and data loss, as well as using social media to put the pieces of someone’s identity together. 86% of all identity frauds in 2015 were perpetrated online.

People of all ages can be at risk of identity fraud, but with growing numbers of young people falling victim, Cifas is calling for better education around fraud and financial crime.

Fraudsters are opportunists

Simon Dukes, CEO of Cifas, said: “Fraudsters are opportunists. As banks and lenders have become more adept at detecting false identities, so the fraudsters have instead focused on stealing and using genuine people’s details. Society, Government and industry all have a role to play in preventing fraud. However, our concern is that the lack of awareness about identity fraud is making it even easier for fraudsters to obtain the information they need.”

Dukes continued: “The likes of Facebook, Twitter, LinkedIn and other online platforms are much more than just social media sites – they’re now a hunting ground for identity thieves. We’re urging people to check their privacy settings today and think twice about what information they share. Social media is fantastic, and the way we live our lives online gives us huge opportunities. Taking a few simple steps will help us to enjoy the benefits while reducing the risks. To a fraudster, the information we put online is a goldmine.”

Commander Chris Greany, the City of London Police’s national co-ordinator for economic crime, added: “We’ve known for some time that identity fraud has become the engine that drives much of today’s criminality, and so it’s vitally important that people keep their personal information safe and secure. In the fight against fraud, education is key and it’s great that Cifas and its members are taking identity fraud seriously and working together to raise awareness of how the issue is now increasingly affecting young people through the launch of this film.”

As part of the campaign, Cifas commissioned a survey with Britain Thinks to find out more about 18-24 year olds’ attitudes towards personal data and identity fraud. The survey found that young people are alarmingly unaware that they’re at risk:

• Only 34% of 18-24 year olds say they learned about online security when they were at school
• 50% of the 18-24 year olds surveyed believe they would never fall for an online scam (compared to the national average of 37%)
• Only 57% of 18-24 year olds report thinking about how secure their personal details are online (compared to 73% for the population as a whole)

They’re also less likely to install anti-virus software on their mobile phone than the national average (27% compared to 37%).

Organisations such as the City of London Police, Action Fraud, Get Safe Online, Her Majesty’s Government’s Cyber Streetwise campaign, Financial Fraud Action UK and Cifas members including Coventry Building Society, BT and Secure Trust Bank are all supporting the campaign and sharing the new film across their social media networks.

Cifas is also appealing to youth organisations, schools and universities to share the film so it reaches as many young people as possible.

Top 10 online-enabled frauds hitting British wallets to the tune of £670 million

Organisers of Get Safe Online – the joint public-private sector Internet safety initiative – have revealed the financial and emotional cost of cyber crime. In a specially commissioned poll of 2,000 people by Vision Critical for Get Safe Online Week 2014 (running from 20 to 26 October), half (50%) of those who have been a victim of cyber crime (including online fraud or cases resulting in economic loss, ID theft, hacking or deliberate distribution of viruses and online abuse) said they felt either ‘very’ or ‘extremely’ violated by their ordeal.

Separate figures prepared by the National Fraud Intelligence Bureau (NFIB) for Get Safe Online Week offer an indication as to the sheer scale of online crime, with over £670 million lost nationwide to the Top 10 Internet-enabled frauds reported between 1 September 2013 and 31 August this year. The £670 million statistic emanates from reported instances of fraud, calculated when the first contact with victims was via an online function.

Given that a significant number of Internet-enabled fraud cases still pass by unreported, the true economic cost to the UK is likely to be significantly higher.

The Get Safe Online survey also reveals that over half (53%) of the population now views online crime just as seriously as they do ‘physical world’ crimes, destroying the notion that online crime is ‘faceless’ and less important than other crimes. As a result, more cyber crime victims (54%) wish to unmask a perpetrator but only 14% have succeeded in doing so.

Get Safe Online Week 2014 is focused on awareness around individuals not becoming the victim of cyber fraud

As stated, half (50%) of those individuals surveyed for Get Safe Online Week have been a victim of online crime although only 32% of these people reported the fact. Around half (47%) of victims did not know to whom they should report an online crime, although this figure is expected to drop due to the ongoing work of Action Fraud (the UK’s national fraud reporting centre) and the considerable Government resources now dedicated to fighting cyber crime.

On a more positive note, victims in the Get Safe Online poll said that their experiences have shocked them into changing their behaviour for the better, with nearly half (45%) opting for stronger passwords and 42% now being extra vigilant when shopping online. Over a third (37%) always log out of accounts when they go offline and nearly a fifth (18%) have changed their security settings on their social media accounts.

In stark contrast, however, most people still don’t have the most basic protection in place. More than half (54%) of mobile phone users and around a third (37%) of laptop owners do not have a password or PIN number for their device. That figure rises to over half (59%) for PC users and two thirds (67%) when it comes to tablet owners.

The ‘Don’t Be A Victim’ Infographic produced by the team at Get Safe Online

Supporting law enforcement’s response to cyber crime

Commenting on the survey results, Francis Maude (Minister for the Cabinet Office) stated: “The UK cyber market is worth over £80 billion a year and rising. The Internet is undoubtedly a force for good, but we simply cannot stand still in the face of these threats which already cost our economy billions every year.”

Maude continued: “As part of this Government’s long-term economic plan, we want to make the UK one of the most secure places in which to do business in cyberspace. We have an £860 million Cyber Security Programme in place which supports law enforcement’s response to cyber crime, and we’re also working with the private sector to help all businesses protect their vital information assets.”

Francis Maude MP: Minister for the Cabinet Office

In conclusion, the Cabinet Office leader added: “Our Get Safe Online and Cyber Streetwise campaigns provide easy to understand information for the public on how and why they should protect themselves. Cyber security is not an issue for Government alone. We must all take action to defend ourselves against the threats now being posed.”

Tony Neate, CEO at Get Safe Online, explained: “Our research shows just how serious a toll cyber crime can take, both on the wallet and on well-being. This has been no more apparent than in the last few weeks with various large-scale personal photo hacks of celebrities and members of the general public. Unfortunately, this is becoming more common now that we live a greater percentage of our lives in the online space.”

Neate went on to state: “This year, Get Safe Online Week is all about ‘Don’t Be A Victim’. We can all take simple steps to protect ourselves, including putting a password on our computers and mobile devices, never clicking on a link sent by a stranger, using strong passwords and always logging off from an account or website when we’re finished. The more the public do this, the more criminals will not be able to hide behind a cloak of anonymity.”

Tony Neate: CEO at Get Safe Online

Detective Superintendent Pete O’Doherty, head of the NFIB at the City of London Police, said: “Cheap and easy access to the Internet is changing the world and transforming our lives. What many of us may be less aware of is the fact that financial crime has moved online and poses a major threat to people of all ages and from all walks of life. Men and women, young and old, rich and poor. It matters little who you are, where you live or what you do.”

O’Doherty continued: “It’s vitally important people are fully aware of the dangers around fraud and Internet-enabled fraud which is why the City of London Police, in its role as the National Policing Lead for Fraud and home to the National Fraud Intelligence Bureau, is fully supportive of Get Safe Online’s week of action.”

Importantly, O’Doherty added: “I would also call on anyone who has fallen victim to an online fraud to report this to Action Fraud. It’s only then that local police forces will be able to track down the main offenders and ensure victims receive the best possible support as they try to recover from what can be an extremely difficult and upsetting experience.”

Have you been a victim of cyber-enabled fraud?

George Anderson, director of product marketing at Internet security specialist Webroot, has also offered his views on the survey results.

“It’s sad but not surprising that 53% of British people have fallen victim to cyber crime,” asserted Anderson. “The Internet has been assimilated into our daily lives to the point where it’s easy to forget how hazardous it is if the proper security measures are not taken.”

Anderson continued: “The key to making the UK a safe Internet user zone is education. As a country, as communities and as individuals we should be actively promoting awareness of Internet safety and security issues. The Government’s research should not scare people away from online activities, but rather start the process of serious and continuous conversations whereby we evaluate the online precautions we take both at home and at work. Education should start at an early age, with parents and education bodies working to ensure future generations populated by ‘security savvy’ individuals.”

Adding to that message, Anderson said: “Understanding what preventative measures we can take ranges from a rudimentary awareness through to in-depth technical knowledge. However, far too many people have become too complacent with modern technology to even practice the basics. The modern person should by now know that computers ought to be protected by updated, Best-of-Breed anti-spyware and anti-virus software. They should practice safe surfing habits and harbour a full comprehension of online activities that would place their information at more risk than others. Also, they ought to be able to identify and understand website privacy policies and know when or when not to impart information regarding personal data.”

*If you think you may have been the victim of cyber-enabled economic fraud (ie where you have lost money), you should report the occurrence to Action Fraud and include as much detail as possible. Telephone: 0300 123 2040. Alternatively, visit: http://www.actionfraud.police.uk

**If you have been the victim of online abuse or harassment, you should report it to your local police force

***For general advice on how to stay safe online visit: http://www.GetSafeOnline.org

Financial Conduct Authority launches ‘Scamsmart’ campaign to combat investment fraud

The Financial Conduct Authority (FCA) has launched a national campaign entitled ‘Scamsmart’ which is designed to warn of the dangers concerning investment fraud and how potential scams might be spotted.

A massive £1.2 billion is lost to investment fraud in the UK every year, with the victims of this criminality losing £20,000 each on average. The fraudsters use a number of tactics to entice their victims into investing in products which don’t exist (for example land-banking schemes, carbon credits and rare earth metals).

The FCA believes that those most at risk of investment fraud are people in retirement who are actively seeking to find a good return on their savings. One consumer told the FCA that he was called out of the blue by a firm that offered to buy the shares he held in a company. The deal sounded legitimate and the website looked professional. It wasn’t until the individual concerned was asked to pay a £5,000 bond to enable the deal to go through that they became suspicious.

Investment scams generally involve high-pressured selling using boiler room tactics for products which often don’t exist (including land-banking schemes, carbon credits and rare earth metals)

Martin Wheatley, CEO of the FCA, commented: “Those operating investment scams use very sophisticated techniques to build trust and can dupe even experienced investors out of their savings. With large numbers of people at risk, it’s important to know how to spot the signs of a potential scam. We would caution against anyone taking a risk on a firm or individual who isn’t authorised by the FCA. Our message is simple: don’t accept a cold call.”

City of London Police Commander Steve Head, who is also the Police National Co-ordinator for Economic Crime, added: “For many years now, tackling investment fraud has been a major priority for the City of London Police. It’s a crime that hits older people hardest, with the victims losing money they’ve worked hard to save their whole lives and often destroys retirement plans.”

Head continued: “The City of London Police is fully supportive of the FCA’s campaign and backs its call for people to always hang up on cold callers. If anyone does fall victim to an investment fraud, it’s vital they report the matter to Action Fraud in order to give law enforcement the best chance of tracking down those responsible and dismantling their criminal operations”.

Key signs of a potential investment fraud

There are several key signs that an investment fraud might be in play. These are as follows:

*You are contacted unexpectedly about an investment opportunity through a cold call, e-mail or a follow-up call after receiving a promotional brochure out of the blue
*You’re pressured to invest in a time-limited offer (or example a bonus or discount is promised if you invest before a set date)
*The risks to your money are downplayed (for example you’re told that you will own assets you can sell yourself if the investment doesn’t work as expected or legal jargon is used to suggest the investment is very safe)
*The returns sound too good to be true (ie better interest rates are stated than those offered elsewhere)
*You are called repeatedly and kept on the phone for a long time
*You’re told that the offer is only available for a limited time or to a limited group of people

For further information visit the FCA’s Scamsmart website

London Mayor’s Office for Policing and Crime launches new Business Crime Strategy

The London Mayor’s Office for Policing and Crime (MOPAC) has launched a new 48-page Business Crime Strategy designed specifically to help protect London-based companies from acts of criminality.

The crime threat in the UK is changing. Criminals are becoming more sophisticated and more crime has moved off the streets and into the online world. MOPAC’s Business Crime Strategy – endorsed by the Metropolitan Police Service, the National Crime Agency and the City of London Police – outlines how each provider will build their capability to tackle fraud and economic crimes.

This is the first strategy of its kind. It represents a ‘Call to Arms’ for the police, businesses, local authorities and others to work together to build confidence and prevent and cut business crime. More than this, it sets out clear, deliverable plans to achieve end goals, with commitments from MOPAC and law enforcement alongside a challenge to businesses themselves.

Read the document in full

London’s Mayor Boris Johnson: tackling crime in the capital

On the Business Crime Strategy, Stephen Head (Commander and National Police Co-ordinator for Economic Crime at the City of London Police) said: “The threat from fraud, particularly cyber-enabled fraud, continues to grow and every section of society is now at risk. It’s therefore increasingly important that the police and businesses work even more closely together to counter this threat. The collaborative approach advocated by MOPAC and highlighted in this strategy is absolutely right if we’re to be successful in continuing to meet this challenge.”

He continued: “As the National Policing Lead for Fraud, the City of London Police will continue to work with MOPAC and others to ensure that London remains one of the safest and most business-friendly cities in the world, with a policing approach that’s fit and appropriate for tackling 21st Century crimes.”

Affording context to the Business Crime Strategy

Further to this, the following information is designed to give context to information included in the Business Crime Strategy…

Since taking responsibility for Action Fraud in April this year, the City of London Police has instigated a programme of work designed to offer an enhanced service for the victims of fraud and cyber crime. Since the end of May 2014, all victims who report to Action Fraud now receive a written update on the status of their report after 28 days, if not before. Action Fraud also provides expert advice and guidance to concerned individuals or businesses.

Action Fraud and the National Fraud Intelligence Bureau (NFIB), hosted and run by the City of London Police, is funded by Government to receive reports of fraud and cyber crimes from individuals, SMEs and large corporations. Outside Action Fraud, it also accepts reports of business fraud through a number of organisations including the UK Payments Council and CIFAS.

The combined Action Fraud and NFIB services do not investigate reported crimes of itself. The NFIB uses cutting-edge technology to automatically identify links between crimes and, in quick time, develops and disseminates crime packages for investigation by UK law enforcement agencies. It also proactively disrupts criminality and enriches the UK fraud and cyber threat picture.

During the 2013-2014 financial year, of the totality of fraud and cyber crimes reported into the NFIB no less than 53,556 packages were identified as having viable lines of enquiry and disseminated to UK law enforcement for investigation or intelligence purposes. In the same time period, some 118,000 additional crimes were targeted for disruption while over 805 alerts were disseminated for prevention purposes.

As the MOPAC Business Crime Strategy demonstrates, CIFAS reports on fraud against businesses. These reports often add value to the thousands of Action Fraud packages disseminated for investigation by UK law enforcement.

It’s important to note that police forces accept crimes for investigation based on the availability of viable lines of enquiry. In the past, forces have prioritised Action Fraud reports over CIFAS because of the quality of the data. However, the NFIB is working with forces and CIFAS to improve the quality of all data to create more opportunities for UK law enforcement to accept and investigate reports.

Informing Government and UK law enforcement

Action Fraud and the NFIB use the large number of reported fraud and cyber crimes to help inform Government and UK law enforcement about the scale of the threat that exists at a local, regional and national level in order to help drive their response to the benefit of victims. This has resulted in some police forces committing considerable additional resources to address these emerging threats.

For example, the Metropolitan Police Service is adding further capability to accept fraud and cyber crime packages for investigation which will then provide an enhanced service to victims.

The City of London Police proactively aims to improve the policing response to fraud and cyber crime and ensure that all business victims receive an efficient and effective service, particularly as reporting continues to increase. For instance, the force is creating a system whereby businesses can easily report multiple instances of fraud and cyber crime to Action Fraud.

Additionally, the force plays host to a number of fraud teams and specialist units that service business victims of fraud and cyber crime including the insurance industry, the credit and payment industry and intellectual property rights holders. ​​​​​

Action Fraud issues alert over ‘Cryptowall’ malware

The National Fraud Intelligence Bureau has received the first reports from victims of a new type of malware known as ‘Cryptowall’. This is similar in nature to older malware which can encrypt all files on infected machines.

VirusCryptowall is the latest in a line of viruses which, once they are on an infected machine, encrypt all files in a way which is either difficult or impossible to remedy. A pop-up screen will inform victims that they can pay a fee (often in Bitcoin) to obtain the encryption key to unlock the machine, but this key is rarely returned.

Therefore, if you become infected it will mean you lose access to all your files on a permanent basis.

End users are being advised to watch out for the Cryptowall malware

Cryptowall poses a significant threat both due to the damage it can cause and because of the range of ways in which users might become infected. These include:

*e-mails containing attachments which look innocent but which are in fact executable files containing the malware.
*e-mails containing links to websites which, once visited, will automatically download Cryptowall onto the machine.
*Links within reputable websites (for instance embedded links to videos or adverts) can cause damage if the user does not have an up-to-date version of the plug-in they’re using.

Protect yourself from Cryptowall

Having up-to-date virus protection mechanism is, of course, essential but it will not always prevent the end user from becoming infected.

On that basis, Action Fraud advises the following additional prevention tips:

*Make sure that your Internet browser and any plug-ins (such as Flash, Java and Silverlight) are up-to-date.
*Don’t click on links or open attachments from unknown e-mail addresses. Remember that fraudsters can ‘spoof’ an e-mail address to make it look like one used by someone you trust. If you are unsure, check the e-mail header to identify the true source of any such attachment or link.
*Beware of links contained within websites – for example adverts or video files on sites which look trustworthy.
*Back-up your files to a location not directly linked to your machine or network.
*Close connections on business networks that you don’t need – this will help to prevent the spread of the virus from infected machines.

Over £21 million lost to social engineering scams since the beginning of 2014

Get Safe Online, the UK Government and private sector-backed information service on Internet safety and security, is raising awareness of ‘social engineering’ scams through a new series of informative videos offering advice and tips.

A type of confidence trick, ‘social engineering’ is the use of deceit to manipulate or trick victims into certain actions including divulging personal or financial information. Examples include phishing e-mails and fraudulent phone calls asking for personal or financial information – known as ‘vishing’ – or phone calls from fraudsters impersonating computer technical support agents.

According to FFA UK, approximately 23% of people in the UK have received a cold call requesting personal or financial information, potentially putting them at risk of becoming a victim.

In the first five months of this year alone, some of the UK’s main High Street banks have reported losses of over £21 million from vishing attacks on their customers, with over 2,000 vishing attacks resulting in an average loss of over £10,000 per victim.

Social engineering exploits human nature and plays on victims’ emotions such as protecting themselves, their family and finances, gaining something of advantage or willingness to please others. It’s a factor in many types of fraud.

Schemes may be elaborate and highly convincing

Tony Neate, CEO of Get Safe Online, commented: “It’s important that the public are aware of what social engineering actually is, as there are so many types which can lead to the theft of your money or identity. It can be easy to fall prey to social engineering because schemes can be elaborate and highly convincing, with approaches usually made by somebody you think you should trust or appears to be in authority. It’s not just individuals who are likely victims, it’s also businesses.”

Get Safe Online – the UK Government and private sector-backed information service on Internet safety and security – is raising awareness of ‘social engineering’ scams through a new series of informative videos offering advice and tips

Neate added: “We hope that by raising awareness of how to avoid becoming a victim of social engineering through our online videos and activity with our partners, we can help prevent it from happening to others.”

Alasdair MacFarlane, head of customer security at NatWest, said: “NatWest is committed to providing safe and secure banking alongside an excellent level of customer service. Fraudsters are always looking for new ways to gain access to money which is why we offer our customers a Secure Banking Promise, as well as lots of advice on our website to help them avoid falling victim to a scam. We’re delighted to be working with Get Safe Online in raising awareness on this important issue.”

Dawn Cornwall, fraud and security manager at Lloyds Banking Group, explained: “At Lloyds Banking Group we are committed to making sure our customers’ Internet banking experience is as safe as possible. We use cutting-edge technology to protect their personal information and privacy. We also have our online guarantee in place if a customer experiences fraud in Internet banking and a wealth of advice and guidance on our websites. We’re really pleased to be working with Get Safe Online on the Social Engineering campaign.”

Alex Grant, Barclays’ managing director of fraud prevention, stated: “We’ve seen from our own interaction with customers who have fallen victim to social engineering frauds that the loss of hard-earned savings causes great emotional distress, as well as having a significant financial impact. This is why raising awareness about social engineering scams and protecting customers from fraud is one of our highest priorities. Barclays fully endorses this awareness campaign and we’re pleased that our sponsorship of Get Safe Online is helping provide consumer education and promote awareness of scams such as these.”

Detective Superintendent Peter O’Doherty is the head of the NFIB and Action Fraud. Speaking about the Get Safe Online initiative, he said: “The face of crime has significantly changed in recent years, with much of today’s offending being conducted not on a face-to-face basis but over the phone and through a computer. People need to be aware there are ruthless, calculating criminals using social engineering scams to obtain personal and financial information that makes them a profit and individuals and businesses the victims of crime. This multi-media Get Safe Online campaign will shine a light on these practices and help the public know when they are being targeted and the best ways in which to protect themselves.”

How to avoid becoming the victim of social engineering

Getsafeonline.org offers a number of tips on how to avoid becoming a victim of social engineering:

• Always be wary of people requesting confidential or personal information by whatever means, however convincing they may seem
• Never reveal personal or financial data including usernames, passwords, PINs or other forms of ID
• Be very careful that people or organisations to whom you are supplying payment card information are genuine, and then never reveal passwords. Remember that a bank or other reputable organisation will never ask you for your password via e-mail or a phone call
• If you receive a phone call requesting confidential information, verify that it’s authentic by asking for a full and correct spelling of the person’s name and a call back number
• Check the number matches the contact number on the relevant website. Even then, the criminal may have used special software to display the authentic number
• If you are asked by a caller to end the call and phone your bank or card provider, call the number on your bank statement or other document from your bank – or on the back of your card. However, be sure to use another phone from the one you received the call on to ensure that a fraudster is not on the line by having kept the call open. If you cannot access another phone, be sure to hang up for at least five minutes before you dial out, or call a friend (whose voice you recognise) before making another call
• Do not open e-mail attachments from unknown sources
• Do not readily click on links in e-mails from unknown sources. Instead, roll your mouse pointer over the link to reveal its true destination, displayed in the bottom left corner of your screen. Beware if this is different from what is displayed in the text of the link from the email
• Do not attach external storage devices or insert CD-ROMs/DVD-ROMs into your computer if you are not certain of the source, or just because you are curious about their contents

*For more advice on how to avoid this type of fraud visit: http://www.getsafeonline.org/socialengineering to watch the online advice videos

About Get Safe Online

Now entering its eighth year of operation, Get Safe Online (www.getsafeonline.org) is the UK’s national Internet security awareness initiative.

A joint partnership between the UK Government, the National Crime Agency (NCA), Ofcom, law enforcement bodies and private sector sponsors from the worlds of technology, communication, retail and finance, the initiative continues to educate, inform and raise awareness of online security issues to encourage confident and safe use of the Internet.

GetSafeOnline.org is supported by Barclays, Bob’s Business, Creative Virtual, the Department for Business, Innovation and Skills, HM Government, HSBC, Kaspersky Lab, Lloyds Banking Group, the National Crime Agency, Symantec, the National Fraud Authority and Action Fraud, Ofcom, HSBC, Microsoft, PayPal, Symantec, Standard Life, Gumtree, Camelot, Detica, StubHub, Nominet, PurchaseSeal, ValidSoft, Business Link, the Charity Commission, Citizens Advice, the Association of Chief Police Officers, the Information Systems Security Association, e-Crime Wales, Information Risk Management plc, the Institute of Information Security Professionals, RG (Interactive Media in Retail Group), the International Association of Accountants Innovation and Technology Consultants, the Internet Services Providers’ Association, Neighbourhood and Home Watch, PTA-UK, SafeBuy, Safer Jobs, the Scottish Crime and Drug Enforcement Agency, Scottish Police College, the Scottish Business Crime Centre and UK Online Centres.