Tag Archives: CIFAS

Criminals target UK’s youth as cases of identity fraud increase

Cifas, the UK’s leading fraud prevention service, has released new figures showing a 52% rise in young identity fraud victims in the UK. In 2015, just under 24,000 (23,959) people aged 30 and under were victims of identity fraud. This is up from 15,766 in 2014, and more than double the 11,000 victims in this age bracket in 2010.

The figures have been published on the same day as a new short film, entitled ‘Data to Go’, is launched online to raise awareness of this type of fraud. Shot in a London coffee shop in March this year, the film uses hidden cameras to capture baffled reactions from people caught in a stunt where their personal data, all found on public websites, is revealed to them live on a coffee cup.

Identity fraud happens when a fraudster pretends to be an innocent individual to buy a product or take out a loan in their name. Often, victims don’t even realise that they’ve been targeted until a bill arrives for something they didn’t buy or they experience problems with their credit rating.

IdentityTheftNew

To carry out this kind of fraud successfully, fraudsters usually have access to their victim’s personal information such as name, date of birth, address, their bank details and information on who they hold accounts with. Fraudsters gain such detail in a variety of ways, including through hacking and data loss, as well as using social media to put the pieces of someone’s identity together. 86% of all identity frauds in 2015 were perpetrated online.

People of all ages can be at risk of identity fraud, but with growing numbers of young people falling victim, Cifas is calling for better education around fraud and financial crime.

Fraudsters are opportunists

Simon Dukes, CEO of Cifas, said: “Fraudsters are opportunists. As banks and lenders have become more adept at detecting false identities, so the fraudsters have instead focused on stealing and using genuine people’s details. Society, Government and industry all have a role to play in preventing fraud. However, our concern is that the lack of awareness about identity fraud is making it even easier for fraudsters to obtain the information they need.”

Dukes continued: “The likes of Facebook, Twitter, LinkedIn and other online platforms are much more than just social media sites – they’re now a hunting ground for identity thieves. We’re urging people to check their privacy settings today and think twice about what information they share. Social media is fantastic, and the way we live our lives online gives us huge opportunities. Taking a few simple steps will help us to enjoy the benefits while reducing the risks. To a fraudster, the information we put online is a goldmine.”

IdentityTheftSign

Commander Chris Greany, the City of London Police’s national co-ordinator for economic crime, added: “We’ve known for some time that identity fraud has become the engine that drives much of today’s criminality, and so it’s vitally important that people keep their personal information safe and secure. In the fight against fraud, education is key and it’s great that Cifas and its members are taking identity fraud seriously and working together to raise awareness of how the issue is now increasingly affecting young people through the launch of this film.”

As part of the campaign, Cifas commissioned a survey with Britain Thinks to find out more about 18-24 year olds’ attitudes towards personal data and identity fraud. The survey found that young people are alarmingly unaware that they’re at risk:

  • Only 34% of 18-24 year olds say they learned about online security when they were at school
  • 50% of the 18-24 year olds surveyed believe they would never fall for an online scam (compared to the national average of 37%)
  • Only 57% of 18-24 year olds report thinking about how secure their personal details are online (compared to 73% for the population as a whole)

They’re also less likely to install anti-virus software on their mobile phone than the national average (27% compared to 37%).

Organisations such as the City of London Police, Action Fraud, Get Safe Online, Her Majesty’s Government’s Cyber Streetwise campaign, Financial Fraud Action UK and Cifas members including Coventry Building Society, BT and Secure Trust Bank are all supporting the campaign and sharing the new film across their social media networks.

Cifas is also appealing to youth organisations, schools and universities to share the film so it reaches as many young people as possible.

Leave a comment

Filed under Risk UK News, Uncategorized

“Beware what you share” warns new CIFAS guide on social media usage

People are being warned by CIFAS – the UK’s Fraud Prevention Service – of the consequences of sharing too much information on social media platforms.

‘Beware What You Share’ is a new publication designed to highlight the often unexpected dangers of posting too much information online through social networking sites such as Facebook. From pointing out what a fraudster will see when someone posts their holiday details through to understanding privacy settings on popular social networking sites, ‘Beware What You Share’ points out some of the common dangers and encourages individuals to think about how information might be used by those who are not in their close circle of friends or family.

“With a new academic year in its infancy, and the festive season looming large on the horizon, the latter part of the year is invariably one where younger people, for example, will be meeting new acquaintances and creating friendships that will last a lifetime,” stated Richard Hurley, communications manager at CIFAS.

“Social media is now an essential part of that whole process, of course, but in the same way that you wouldn’t advertise all of your personal details in the pub to a group of people you have not long known, you also need to be very careful that you don’t share far too much information in the online space.”

CIFAS is urging people to be aware in terms of the information they post on social media platforms

CIFAS is urging people to be aware in terms of the information they post on social media platforms

The second publication in a planned series designed to educate young people about fraud and how to protect themselves, this new document has already been sent to universities and colleges and is available online.

The aim is not to stop social media from being used, but rather to educate young people around the potential risks they’ll face by effectively ‘living their life in public’. The guide contains eight examples of ‘seeing what a fraudster might see when looking at your social media profiles’, from highlighting that someone is away from home and that their house is empty through to where they work and details of those companies with which they have online accounts. Each small piece of information can be used to create a much larger picture, in turn increasing an individual’s chances of falling victim to fraud.

“Ask yourself, would you reveal all of this information in one chat in the pub?”

“The pressures on young people – to fit in, to socialise, to make friends and so on – are immense,” added Hurley. “Social media is undoubtedly the easiest way to do all of this, but it’s worth remembering something. Would you – in a pub, with people you were only just getting to know – tell them all about your address, holiday plans, shopping habits and the rest? No. You would not open yourself up so quickly.”

Hurley concluded: “‘Beware What You Share’ highlights very succinctly how putting too much information online is the equivalent of telling a stranger everything about yourself at a first meeting. The majority of people are, of course, simply wanting to connect and be friends, but individuals need to be aware that there are some people who are just waiting to use any information that’s revealed.”

CIFAS provides the UK’s most comprehensive databases of confirmed fraud data as well as an extensive range of fraud prevention services to over 300 organisations operational across the public and private sectors.

Member organisations share information in order to prevent fraud and emanate from a variety of sectors including banking, grant giving, credit card provision, asset finance, retail credit, mail order and online retail, insurance, telecommunications, factoring, share dealing, vetting agencies, contact centres and insurance brokering sectors.

Leave a comment

Filed under Risk UK News

“Nearly half of all frauds are identity crimes” reveals CIFAS

Data-driven identity crimes – ie frauds carried out using a victim’s identity details to obtain new accounts or take over existing ones – accounted for over 45% of all the confirmed frauds identified in the first three quarters of 2014. These figures issued by CIFAS continue the pattern seen in recent years, underlining the severity of the challenge facing consumers and businesses.

While identity fraud existed before the proliferation of online services, the use by online crooks of data such as passwords and e-mails or personal data harvested through hacking attacks and social engineering can now be considered the ‘norm’ in terms of fraud.

The 45% figure may represent a small decrease from some of the proportions recorded in previous years, but identity crimes represent as strong a challenge as ever to the financial well-being of organisations and consumers.

CIFAS’ communications manager Richard Hurley commented: “For the modern fraudster, knowing somebody’s personal or financial details is a licence to print money and the continuing preponderance of such data-driven financial crime must serve as a warning. Defeating it means we have to demand that organisations do more to handle our data securely, and ramp up their fraud prevention efforts accordingly. Individually, however, we also have a responsibility to look after our own details. Without doing so, we are effectively handing access to our bank accounts to a complete stranger.”

Data-driven identity crimes - ie frauds carried out using a victim’s identity details to obtain new accounts or take over existing ones - accounted for over 45% of all the confirmed frauds identified in the first three quarters of 2014

Data-driven identity crimes – ie frauds carried out using a victim’s identity details to obtain new accounts or take over existing ones – accounted for over 45% of all the confirmed frauds identified in the first three quarters of 2014

Victims of fraud must not be forgotten

Since 2010, there have consistently been over 100,000 instances of victimisation each year. The figures for 2014 to date indicate that this year will repeat the pattern, with almost 90,000 victims of identity crime already pinpointed by the organisations using the CIFAS National Fraud Database.

“Fraud is far from a victimless crime,” noted Hurley. “Not only do the victims suffer an immediate financial cost but they also have to contend with the time taken to sort out the mess left behind and the worry caused by not knowing how the fraudster managed to steal their details. While it’s understandable that a financial cost is always asked for in relation to fraud, it must be remembered that fraud has a far more lasting and personal impact upon victims. It’s one that cannot be summed up in terms of monetary value alone.”

While fraud may never be eliminated, figures such as these – and the patterns of recent years – prove that UK plc must become more aggressive in its approach to fraud prevention.

CIFAS CEO Simon Dukes explained: “While many organisations have put in place robust and comprehensive strategies designed to combat online crooks, and have empowered their customers to do the same, that doesn’t mean all organisations have done so.”

Dukes concluded: “Surely now every organisation and individual must recognise that if they don’t co-operate with others in terms of identifying and implementing good practice, data sharing and responsible online behaviour then they instantly become the weakest link in the chain. This means that they encourage fraudsters to continue their crimes, in turn damaging us all individually and collectively.”

Leave a comment

Filed under Risk UK News

“Fraudulent employment applications at record high” warns CIFAS

In the first half of 2014, over half (63%) of all confirmed frauds recorded to the CIFAS Internal Fraud Database were Employment Application Frauds: frauds where job applicants have made serious fraudulent declarations about employment history, qualifications, criminal records and so on.

This is in keeping with the trends recorded during the previous year and, states CIFAS, underlines how vital it is for applicants to understand that telling lies in an application is far from harmless or acceptable. In fact, applicants who submit false or exaggerated information run the risk of dismissal and – in worse case scenarios – the possibility of criminal charges.

The scale of the fraud also shows that organisations are running more stringent checks now than ever before.

While it is of concern that there are increasing numbers of individuals who are turning to fraud in order to gain employment, it’s encouraging that the proportion of applicants who were unsuccessful remained high (at 79%). This means that organisations are sifting these out before there’s any chance of financial, reputational or regulatory damage being done.

In the first half of 2014, over half of all the confirmed frauds (63%) recorded to the CIFAS Internal Fraud Database were Employment Application Frauds

In the first half of 2014, over half of all the confirmed frauds (63%) recorded to the CIFAS Internal Fraud Database were Employment Application Frauds

The most common reason for recording unsuccessful Employment Application Frauds was the concealing of adverse credit history when the position (frequently in financial services) has a regulatory requirement of a clean credit and financial history. For successful Employment Application Frauds, however, the main reason was the concealing of unspent criminal convictions. This is likely to be due to the time lag between an individual accepting a job and the relevant vetting and Disclosure and Barring Service (formerly CRB) checks to be completed and returned to the new employer.

Fraudulent declarations “can have very serious consequences”

CIFAS CEO Simon Dukes commented: “While competition for jobs is fierce, the temptation to lie in order to make an application or CV stand out might seem appealing. However, fraudulent declarations regarding qualifications, employment history and experience, etc can have very serious consequences. Not only might it lead to dismissal when discovered, but if an applicant finds him or herself in a position for which they are not suitable due to a fraudulent declaration then they can cause financial damage to an organisation and lead it towards reputational and regulatory trouble as well.”

Dukes concluded: “Organisations have long been expected to verify the details given to them by customers. They have now come to recognise that they also need to apply those same standards to prospective employees. For applicants, then, it really is better for them to be honest rather than trying to mislead as this could merely land them in bigger trouble as a result.”

Leave a comment

Filed under Risk UK News

CIFAS awarded Cyber Essentials Plus certification

CIFAS – the UK’s Fraud Prevention Service – has been awarded the UK Government’s Cyber Essentials Plus certificate: an important accreditation that underlines the continued commitment to battling cyber security threats and risks.

The Cyber Essentials Plus certificate is a part of the UK Government’s new Cyber Essentials Scheme, which seeks to improve the response of UK businesses to cyber security threats as well as certify their capabilities.

CIFAS – a data sharing scheme that brings together over 300 organisations from across the public and private sectors to prevent fraud through the sharing of data – received the certification from Dionach. Dionach is accredited by CREST to carry out Cyber Essentials and Cyber Essentials Plus certification services. CIFAS had to complete the Cyber Essentials questionnaire and was subjected to an external perimeter vulnerability scan as well as an onsite workstation assessment.

CIFAS has been awarded the Cyber Essentials Plus certificate

CIFAS has been awarded the Cyber Essentials Plus certificate

Security of services and data

Simon Dukes – CEO at CIFAS – commented: “The security of services and data is something that we take exceptionally seriously. As more services move online so has more fraudulent activity. The need to take strong, robust and agreed measures to combat the cyber threat is at the heart of CIFAS’ message to all organisations and individuals in the UK today.”

Dukes added: “Achieving this certification is evidence of our commitment to cyber security. We are very pleased to be involved with the Cyber Essentials Scheme and we strongly urge all UK organisations – whether private, public or third sector – to join the collaborative efforts being taken to counter the threat posed by cyber criminals.”

Dionach’s business development director Rob Embers stated: “It’s good to see important organisations like CIFAS taking the lead in such critical areas. Cyber Essentials will help develop a good base line level of security within the UK and allow organisations to conduct business over the Internet with more sense of trust. We hope that this will be the first of many certifications to be provided by Dionach.”

Leave a comment

Filed under Risk UK News

London Mayor’s Office for Policing and Crime launches new Business Crime Strategy

The London Mayor’s Office for Policing and Crime (MOPAC) has launched a new 48-page Business Crime Strategy designed specifically to help protect London-based companies from acts of criminality.

The crime threat in the UK is changing. Criminals are becoming more sophisticated and more crime has moved off the streets and into the online world. MOPAC’s Business Crime Strategy – endorsed by the Metropolitan Police Service, the National Crime Agency and the City of London Police – outlines how each provider will build their capability to tackle fraud and economic crimes.

This is the first strategy of its kind. It represents a ‘Call to Arms’ for the police, businesses, local authorities and others to work together to build confidence and prevent and cut business crime. More than this, it sets out clear, deliverable plans to achieve end goals, with commitments from MOPAC and law enforcement alongside a challenge to businesses themselves.

Read the document in full

London's Mayor Boris Johnson: tackling crime in the capital

London’s Mayor Boris Johnson: tackling crime in the capital

On the Business Crime Strategy, Stephen Head (Commander and National Police Co-ordinator for Economic Crime at the City of London Police) said: “The threat from fraud, particularly cyber-enabled fraud, continues to grow and every section of society is now at risk. It’s therefore increasingly important that the police and businesses work even more closely together to counter this threat. The collaborative approach advocated by MOPAC and highlighted in this strategy is absolutely right if we’re to be successful in continuing to meet this challenge.”

He continued: “As the National Policing Lead for Fraud, the City of London Police will continue to work with MOPAC and others to ensure that London remains one of the safest and most business-friendly cities in the world, with a policing approach that’s fit and appropriate for tackling 21st Century crimes.”

Affording context to the Business Crime Strategy

Further to this, the following information is designed to give context to information included in the Business Crime Strategy…

Since taking responsibility for Action Fraud in April this year, the City of London Police has instigated a programme of work designed to offer an enhanced service for the victims of fraud and cyber crime. Since the end of May 2014, all victims who report to Action Fraud now receive a written update on the status of their report after 28 days, if not before. Action Fraud also provides expert advice and guidance to concerned individuals or businesses.

Action Fraud and the National Fraud Intelligence Bureau (NFIB), hosted and run by the City of London Police, is funded by Government to receive reports of fraud and cyber crimes from individuals, SMEs and large corporations. Outside Action Fraud, it also accepts reports of business fraud through a number of organisations including the UK Payments Council and CIFAS.

The combined Action Fraud and NFIB services do not investigate reported crimes of itself. The NFIB uses cutting-edge technology to automatically identify links between crimes and, in quick time, develops and disseminates crime packages for investigation by UK law enforcement agencies. It also proactively disrupts criminality and enriches the UK fraud and cyber threat picture.

During the 2013-2014 financial year, of the totality of fraud and cyber crimes reported into the NFIB no less than 53,556 packages were identified as having viable lines of enquiry and disseminated to UK law enforcement for investigation or intelligence purposes. In the same time period, some 118,000 additional crimes were targeted for disruption while over 805 alerts were disseminated for prevention purposes.

As the MOPAC Business Crime Strategy demonstrates, CIFAS reports on fraud against businesses. These reports often add value to the thousands of Action Fraud packages disseminated for investigation by UK law enforcement.

It’s important to note that police forces accept crimes for investigation based on the availability of viable lines of enquiry. In the past, forces have prioritised Action Fraud reports over CIFAS because of the quality of the data. However, the NFIB is working with forces and CIFAS to improve the quality of all data to create more opportunities for UK law enforcement to accept and investigate reports.

Informing Government and UK law enforcement

Action Fraud and the NFIB use the large number of reported fraud and cyber crimes to help inform Government and UK law enforcement about the scale of the threat that exists at a local, regional and national level in order to help drive their response to the benefit of victims. This has resulted in some police forces committing considerable additional resources to address these emerging threats.

For example, the Metropolitan Police Service is adding further capability to accept fraud and cyber crime packages for investigation which will then provide an enhanced service to victims.

The City of London Police proactively aims to improve the policing response to fraud and cyber crime and ensure that all business victims receive an efficient and effective service, particularly as reporting continues to increase. For instance, the force is creating a system whereby businesses can easily report multiple instances of fraud and cyber crime to Action Fraud.

Additionally, the force plays host to a number of fraud teams and specialist units that service business victims of fraud and cyber crime including the insurance industry, the credit and payment industry and intellectual property rights holders. ​​​​​

Leave a comment

Filed under Risk UK News

‘Over 60% of fraud is data driven identity crime’ warns CIFAS

CIFAS – the UK’s Fraud Prevention Service – has issued a warning that six out of every 10 frauds recorded to the CIFAS database in 2013 were dependent on the abuse of identity details.

As previously revealed in this year’s Fraudscape report, the use of fictitious identities or the abuse of identity details to obtain a product or service in the name of an innocent victim (Identity Fraud) accounted for 49% – well over 100,000 – of all confirmed frauds recorded in the UK during 2013.

Fraud in the cyber age

While identity fraud has long been a serious issue, there have now been over 100,000 confirmed cases recorded every year since 2009.

In addition, since 2008 the use by online crooks of data such as passwords and e-mails to hijack an existing account has also increased significantly, in turn demonstrating that recent patterns of online financial crime can now be considered the ‘norm’ in terms of fraud.

While identity fraud has long been a serious issue, there have now been over 100,000 confirmed cases recorded every year since 2009

While identity fraud has long been a serious issue, there have now been over 100,000 confirmed cases recorded every year since 2009

CIFAS communications manager Richard Hurley commented: “2007 is often known in the IT security world as 1BC (One Year Before Cyber). Since 2008, figures collected from organisations that share data through CIFAS undoubtedly confirm that we are now in the age of cyber fraud. Since then, we have seen identity fraud break the 100,000 confirmed victims barrier every year for five straight years, and have seen the two types of identity crime, combined, hover around or exceed the ‘60% of all fraud’ level for the past three years.”

Hurley added: “While it’s true that, without the Internet, organised criminals would still find a way to commit such frauds, these figures prove more than ever before that fraud is now a cyber industry.”

Can the online fraudsters be countered?

In an age when many increasingly rely upon online services and retailers, the need to counter the fraud risks becomes greater.

While we can all do more as individuals to keep ourselves safe when online (such as only using secure Internet connections, using complex passwords and keeping our systems fully updated in terms of security), and while organisations must also do more to protect the information that they collect from customers, it’s worth considering whether other changes might be necessary.

This is at the heart of the latest poll on the homepage of the CIFAS website.

Richard Hurley noted: “We all want the online world to be a safe and easy place to do business. However, the simplicity that we rely upon – such as using only a few pieces of information to identify or verify oneself – plays into the hands of hackers and online criminals. Whereas, traditionally, the concept of a person’s identity is akin to a tapestry of details such as passport, voters’ roll and bank statement, in the digital era do we now need to include additional information in order to prove that we are who we say we are?”

In an age when we increasingly rely upon online services and retailers, the need to counter the fraud risks becomes greater

In an age when we increasingly rely upon online services and retailers, the need to counter the fraud risks becomes greater

Continuing this theme, Hurley stated: “While, on the one hand, this might seem like a solution, it raises the spectre of organisations knowing more and more about individuals. This is something that, naturally, presses some uncomfortable buttons. It also risks putting more personal data injeopardy by giving it to other organisations.”

In conclusion, Hurley said: “Nonetheless, society at large will increasingly need to accept that the convenience of current methods might need to be reviewed in order to bolster personal security: whether it’s through using different data in a smarter way, software to recognise the devices that we use or biometrics.”

Leave a comment

Filed under IFSECGlobal.com News