SEON research unveils UK’s biggest business fraud ‘hot spots’

UK-centric research conducted by anti-fraud expert SEON has revealed the areas with the highest rates of business fraud per 100,000 members of the population. The research uses data from Action Fraud and records both the total number of fraud reports in each area as well as the total number of business or corporate fraud cases. It then compares this to population data, giving relative rates of fraud and business fraud in each geographical area. 

The City of London is found to have the highest rate of corporate fraud per 100,000 people in the country at 100.92 cases. This is arguably of little surprise, given that the City of London is the centre of the UK’s financial industry and home to a huge number of businesses, while also playing host to a comparably small number of individuals.

Nottinghamshire has the second-highest rate of corporate fraud in the country, making the county a much riskier place in which to do business than the majority of the country.

In third place is North Yorkshire. This largely rural county is home to several well-off small cities and market towns, such as York and Harrogate, which act as business hubs for the area and are likely the focus of fraudsters’ attentions in the region.

UK’s business fraud ‘hot spots’

Rank	Police Force	Population	Corporate Fraud Reports	Corporate Fraud Reports per 100,000 People
1	City of London	10,900	11	100.92
2	Nottinghamshire	1,170,500	163	13.93
3	North Yorkshire	831,600	103	12.39
4	Cumbria	499,800	48	9.60
5	Hertfordshire	1,195,700	92	7.69
6	Kent	1,868,200	123	6.58
7	North Wales	703,400	46	6.54
8	Cheshire	1,069,600	68	6.36
9	Humberside	934,400	59	6.31
10	Gwent	598,200	37	6.19

County Durham, the territory policed by the Durham Constabulary, has the highest average losses per report of business fraud in the country. The huge sum involved is more than three times higher than every region other than second place, which it is still noticeably higher than.

Areas with most costly incidents

Rank	Police Force	Corporate Fraud Reports	Corporate Fraud Losses	Average Losses per Corporate Fraud Report
1	Durham	6	£762,800	£127,133
2	City of London	11	£1,300,000	£118,182
3	Lancashire	43	£1,700,000	£39,535
4	Warwickshire	14	£545,200	£38,943
5	Merseyside	25	£599,400	£23,976
6	PSNI	54	£1,000,000	£18,519
7	Derbyshire	21	£387,200	£18,438
8	Metropolitan	305	£4,900,000	£16,066
9	Thames Valley	101	£1,600,000	£15,842
10	Greater Manchester	110	£1,700,000	£15,455

In second place is the City of London. While still being much higher than the majority of other regions, it’s perhaps surprising that the City of London didn’t top the leader board in this instance given that it plays host to the UK’s finance industry.

Lancashire is the third most expensive place to be hit by business fraud. While substantially lower than the average losses incurred in County Durham and in the City of London, the figure involved is still high enough to put some small companies out of business altogether.

The City of London places top as the region most susceptible to all forms of fraud, with 143,092 reports per 100,000 people. The second region most susceptible to all forms of fraud, with 568 reports of fraud per 100,000 people, is the area covered by Dyfed-Powys Police in Wales. 

Northumbria tops the list as the most expensive part of the UK in which to fall victim to any type of fraud, with average losses per incident standing at £11,661.

*Further information concerning the SEON research results is available online at https://seon.io/resources/business-fraud-hotspots/ 

Fraud and cyber crime

UK residents and businesses have seen financial losses of £2.5 billion from fraud and cyber crime over the course of the past year, a new study reveals. Research undertaken by Payback Ltd analysed data drawn from the National Fraud Intelligence Bureau to reveal that the UK has reported almost 500,000 cases of fraud and cyber crime that have resulted in financial loss.

Spanning data from November 2020 to November 2021, it was found that the UK has reported an average 40,586 cases of fraud and cyber crime per month, with an average financial loss of £5,700 per case.

The height of cyber crime activity appeared during the earlier months of the year. In February, the UK reported 47,800 cases equating to £267.6 million in financial losses, while in March more than 48,500 cases amounted to losses of £219.3 million.

Monthly breakdown of UK Cyber Crime and Fraud reports (November 2020 to November 2021)

	Total # Reports	Total Financial Loss (£)	Average loss per reported case (£)
Nov 2020	36,277	165,400,000	4,559
Dec 2020	35,739	163,500,000	4,575
Jan 2021	41,347	138,700,000	3,355
Feb 2021	47,801	267,600,000	5,598
Mar 2021	48,546	219,300,000	4,517
Apr 2021	41,404	161,800,000	3,908
May 2021	39,614	220,500,000	5,566
Jun 2021	35,024	167,500,000	4,782
Jul 2021	35,701	173,900,000	4,871
Aug 2021	32,636	165,300,000	5,065
Sept 2021	28,160	245,800,000	8,729
Oct 2021	32,995	187,000,000	5,668
Nov 2021	31,791	231,100,000	7,269

Fraudulent activity using online shopping and auctions amounts to more than 100,000 reported cases through the year (100,168 in total) that equate to a value of £77.1 million in financial loss. The overall umbrella of ‘consumer fraud’ includes other criminal activity such as dating scams and bogus tradesmen, and accounts for £437.2 million of the country’s losses last year.

Overall, fraud and cyber crime cases relating to individual British residents account for 87% of the country’s total report volume. This translates to £1.8 billion of financial losses incurred over a reported 421,473 cases. Those aged 20-29 reported the most instances of criminal activity, with 82,000 reports made across the course of the year, followed closely by those aged 30-39, who clocked in 80,000-plus reports.

There were 62,976 reports made by British businesses throughout 2021, equating to a total reported financial loss of £736.3 million.

Commenting on the research findings, a spokesperson for Payback Ltd stated: “It’s difficult to see such high figures relating to fraudulent and criminal activity taking place over the course of the year. It is now imperative that members of the British public exercise caution when making financial transactions of any kind. They must ensure that they’re confident any transactions are conducted via official, safe and legal means.”

Top 10 online-enabled frauds hitting British wallets to the tune of £670 million

Organisers of Get Safe Online – the joint public-private sector Internet safety initiative – have revealed the financial and emotional cost of cyber crime. In a specially commissioned poll of 2,000 people by Vision Critical for Get Safe Online Week 2014 (running from 20 to 26 October), half (50%) of those who have been a victim of cyber crime (including online fraud or cases resulting in economic loss, ID theft, hacking or deliberate distribution of viruses and online abuse) said they felt either ‘very’ or ‘extremely’ violated by their ordeal.

Separate figures prepared by the National Fraud Intelligence Bureau (NFIB) for Get Safe Online Week offer an indication as to the sheer scale of online crime, with over £670 million lost nationwide to the Top 10 Internet-enabled frauds reported between 1 September 2013 and 31 August this year. The £670 million statistic emanates from reported instances of fraud, calculated when the first contact with victims was via an online function.

Given that a significant number of Internet-enabled fraud cases still pass by unreported, the true economic cost to the UK is likely to be significantly higher.

The Get Safe Online survey also reveals that over half (53%) of the population now views online crime just as seriously as they do ‘physical world’ crimes, destroying the notion that online crime is ‘faceless’ and less important than other crimes. As a result, more cyber crime victims (54%) wish to unmask a perpetrator but only 14% have succeeded in doing so.

Get Safe Online Week 2014 is focused on awareness around individuals not becoming the victim of cyber fraud

As stated, half (50%) of those individuals surveyed for Get Safe Online Week have been a victim of online crime although only 32% of these people reported the fact. Around half (47%) of victims did not know to whom they should report an online crime, although this figure is expected to drop due to the ongoing work of Action Fraud (the UK’s national fraud reporting centre) and the considerable Government resources now dedicated to fighting cyber crime.

On a more positive note, victims in the Get Safe Online poll said that their experiences have shocked them into changing their behaviour for the better, with nearly half (45%) opting for stronger passwords and 42% now being extra vigilant when shopping online. Over a third (37%) always log out of accounts when they go offline and nearly a fifth (18%) have changed their security settings on their social media accounts.

In stark contrast, however, most people still don’t have the most basic protection in place. More than half (54%) of mobile phone users and around a third (37%) of laptop owners do not have a password or PIN number for their device. That figure rises to over half (59%) for PC users and two thirds (67%) when it comes to tablet owners.

The ‘Don’t Be A Victim’ Infographic produced by the team at Get Safe Online

Supporting law enforcement’s response to cyber crime

Commenting on the survey results, Francis Maude (Minister for the Cabinet Office) stated: “The UK cyber market is worth over £80 billion a year and rising. The Internet is undoubtedly a force for good, but we simply cannot stand still in the face of these threats which already cost our economy billions every year.”

Maude continued: “As part of this Government’s long-term economic plan, we want to make the UK one of the most secure places in which to do business in cyberspace. We have an £860 million Cyber Security Programme in place which supports law enforcement’s response to cyber crime, and we’re also working with the private sector to help all businesses protect their vital information assets.”

Francis Maude MP: Minister for the Cabinet Office

In conclusion, the Cabinet Office leader added: “Our Get Safe Online and Cyber Streetwise campaigns provide easy to understand information for the public on how and why they should protect themselves. Cyber security is not an issue for Government alone. We must all take action to defend ourselves against the threats now being posed.”

Tony Neate, CEO at Get Safe Online, explained: “Our research shows just how serious a toll cyber crime can take, both on the wallet and on well-being. This has been no more apparent than in the last few weeks with various large-scale personal photo hacks of celebrities and members of the general public. Unfortunately, this is becoming more common now that we live a greater percentage of our lives in the online space.”

Neate went on to state: “This year, Get Safe Online Week is all about ‘Don’t Be A Victim’. We can all take simple steps to protect ourselves, including putting a password on our computers and mobile devices, never clicking on a link sent by a stranger, using strong passwords and always logging off from an account or website when we’re finished. The more the public do this, the more criminals will not be able to hide behind a cloak of anonymity.”

Tony Neate: CEO at Get Safe Online

Detective Superintendent Pete O’Doherty, head of the NFIB at the City of London Police, said: “Cheap and easy access to the Internet is changing the world and transforming our lives. What many of us may be less aware of is the fact that financial crime has moved online and poses a major threat to people of all ages and from all walks of life. Men and women, young and old, rich and poor. It matters little who you are, where you live or what you do.”

O’Doherty continued: “It’s vitally important people are fully aware of the dangers around fraud and Internet-enabled fraud which is why the City of London Police, in its role as the National Policing Lead for Fraud and home to the National Fraud Intelligence Bureau, is fully supportive of Get Safe Online’s week of action.”

Importantly, O’Doherty added: “I would also call on anyone who has fallen victim to an online fraud to report this to Action Fraud. It’s only then that local police forces will be able to track down the main offenders and ensure victims receive the best possible support as they try to recover from what can be an extremely difficult and upsetting experience.”

Have you been a victim of cyber-enabled fraud?

George Anderson, director of product marketing at Internet security specialist Webroot, has also offered his views on the survey results.

“It’s sad but not surprising that 53% of British people have fallen victim to cyber crime,” asserted Anderson. “The Internet has been assimilated into our daily lives to the point where it’s easy to forget how hazardous it is if the proper security measures are not taken.”

Anderson continued: “The key to making the UK a safe Internet user zone is education. As a country, as communities and as individuals we should be actively promoting awareness of Internet safety and security issues. The Government’s research should not scare people away from online activities, but rather start the process of serious and continuous conversations whereby we evaluate the online precautions we take both at home and at work. Education should start at an early age, with parents and education bodies working to ensure future generations populated by ‘security savvy’ individuals.”

Adding to that message, Anderson said: “Understanding what preventative measures we can take ranges from a rudimentary awareness through to in-depth technical knowledge. However, far too many people have become too complacent with modern technology to even practice the basics. The modern person should by now know that computers ought to be protected by updated, Best-of-Breed anti-spyware and anti-virus software. They should practice safe surfing habits and harbour a full comprehension of online activities that would place their information at more risk than others. Also, they ought to be able to identify and understand website privacy policies and know when or when not to impart information regarding personal data.”

*If you think you may have been the victim of cyber-enabled economic fraud (ie where you have lost money), you should report the occurrence to Action Fraud and include as much detail as possible. Telephone: 0300 123 2040. Alternatively, visit: http://www.actionfraud.police.uk

**If you have been the victim of online abuse or harassment, you should report it to your local police force

***For general advice on how to stay safe online visit: http://www.GetSafeOnline.org

FALCON will be “an important addition to the national economic crime prevention capability”

City of London Police Commissioner Adrian Leppard has welcomed the Metropolitan Police Service’s announcement concerning the creation of a new fraud and cyber crime team dedicated to protecting Londoners vulnerable to the threat of economic criminality.

Metropolitan Police Service Commissioner Sir Bernard Hogan-Howe QPM officially launched FALCON – Fraud and Linked Crime Online – at the QEII Conference Centre in London’s Westminster. The new team will consist of up to 500 officers dedicated to tackling cyber crime, acquisitive crime with an online aspect and fraud that does not have an online element attached to it.

The overall aim is to create a new operating model for the investigation and prevention of fraud and cyber crime in London that will deliver seven key services. These are as follows:

(1) Volume and cyber-enabled investigations
A centralised capability that will remove the onus of investigation of fraud and cyber-enabled acquisitive crime from local policing Boroughs and provide a consistent approach towards investigations

(2) Complex and proactive fraud investigations
A centralised investigations service that proactively targets individual criminals and organised crime groups causing the most harm to individuals and businesses

(3) Pure cyber investigations
An increased capacity to undertake proactive and reactive investigations in response to intelligence or referral (from the national body)

(4) Problem solving, prevention and industry liaison
A capacity to work in partnership alongside businesses with a common purpose of preventing fraud and cyber-enabled fraud. This will enable the Metropolitan Police Service to link more regularly and effectively with business forums and, in turn, encourage the reporting of crime

(5) Victim care
Provision of a service to ensure that all London-based crime victims are recorded and contacted. This will enable the gathering of intelligence to improve future investigative outcomes and also identify enablers designed to support ongoing prevention and enforcement activity

(6) Performance, training and marketing
To provide accurate performance and information to internal and external stakeholders with data relating to both threats and trends

(7) Intelligence
The creation of a fraud and cyber crime intelligence capability

Sir Bernard Hogan-Howe: Commissioner of the Metropolitan Police Service

In summary, Project FALCON is being developed in response to the significant growth in cyber-enabled acquisitive crime. Borough-based police officers will continue to be responsible for investigating cyber crimes involving malicious communications, harassment or cyber stalking.

Speaking at the launch event, Metropolitan Police Service Commissioner Sir Bernard Hogan-Howe QPM explained: “FALCON sees a more focused and joined-up approach by the Met, the business sector and other law enforcement agencies to ensure that we’re protecting the public, designing out crime and arresting the culprits. We will be more powerful if the three of us can work together – the police, the public and businesses.”

Cyber crime challenges faced by Londoners

As the national policing lead for economic crime with responsibility for the National Fraud Intelligence Bureau (NFIB) and Action Fraud, the City of London Police has been an active supporter of the Met in addressing the fraud and cyber crime challenges faced by Londoners.

Those challenges are evidenced by the high proportion of reported economic crime assessed by the NFIB that results in disseminations to the Met for consideration of London-based investigations.

City of London Police Commissioner Adrian Leppard said: “I welcome the creation of FALCON and the priority this type of crime is being given by the Metropolitan Police Commissioner and the London Mayor’s Office. These London-based teams will be an important addition to the national capability being developed by the City of London Police, the National Crime Agency and police forces across the rest of the country.”

City of London Police Commissioner Adrian Leppard

Karen Bradley, Minister for Modern Slavery and Organised Crime, added: “The threat from cyber crime is ranked as ‘Major’ in our National Security Strategy and the Government is investing £860 million over five years to tackle this issue. We’re also increasing knowledge throughout local police forces with specialist training. I’m very pleased to see the Metropolitan Police Service’s commitment to dealing with fraud and cyber crime, and I look forward to hearing about the vital contribution FALCON will make to this work.”

*Further detail is available in a Metropolitan Police Service Briefing Note on Cyber Crime. Access: http://www.met.police.uk/docs/cyber-crime.pdf

Banks team up with Government to combat cyber criminals and fraudsters

A pioneering financial crime alert system will see 12 Government and law enforcement agencies warn banks of the latest threats in a bid to safeguard the accounts of millions of customers.

Working with preferred technology partner BAE Systems Applied Intelligence, the British Bankers Association (BBA) will launch the Financial Crime Alerts Service as part of a new approach towards combating a wide range of financial crime threats.

The new alerts service will allow the sector to react more swiftly than ever to major incidents and permit industry financial crime professionals to spot emerging problems and threatening criminal trends.

Anthony Browne, CEO of the BBA, said: “This alerts system is a powerful new weapon against fraudsters, cyber criminals and other crooks intent on stealing our customers’ money. Receiving real-time alerts from both domestic and international bodies, including the National Crime Agency (NCA) and 11 other Government and law enforcement agencies, will provide vital intelligence for the army of staff banks have already hired to combat these threats. This service is a shining example of how banks and Government can work together to benefit all customers.”

Anthony Browne: CEO of the BBA

Real-time intelligence pooled from partner agencies and Government bodies will be shared with expert banking officials in place to tackle fraud, financial crime and other violations.

This work builds on the successful arrangement already in place between banks and the National Fraud Intelligence Bureau that has prevented over £100 million of fraud losses through successful and targeted information sharing.

When the initiative goes live (which is planned for early 2015), the BBA Financial Crime Alerts Service will include warnings on terrorist financing, money laundering, bribery and corruption, cyber and e-crime, fraud and emergent, thematic and strategic reports.

Donald Toon, director of the Economic Crime Command at the NCA, commented: “Collaboration between law enforcement and the private sector is key to reducing the impact of economic crime. Alerts to industry are a key part of this, and I very much welcome the BBA’s work in this area.”

London Mayor’s Office for Policing and Crime launches new Business Crime Strategy

The London Mayor’s Office for Policing and Crime (MOPAC) has launched a new 48-page Business Crime Strategy designed specifically to help protect London-based companies from acts of criminality.

The crime threat in the UK is changing. Criminals are becoming more sophisticated and more crime has moved off the streets and into the online world. MOPAC’s Business Crime Strategy – endorsed by the Metropolitan Police Service, the National Crime Agency and the City of London Police – outlines how each provider will build their capability to tackle fraud and economic crimes.

This is the first strategy of its kind. It represents a ‘Call to Arms’ for the police, businesses, local authorities and others to work together to build confidence and prevent and cut business crime. More than this, it sets out clear, deliverable plans to achieve end goals, with commitments from MOPAC and law enforcement alongside a challenge to businesses themselves.

Read the document in full

London’s Mayor Boris Johnson: tackling crime in the capital

On the Business Crime Strategy, Stephen Head (Commander and National Police Co-ordinator for Economic Crime at the City of London Police) said: “The threat from fraud, particularly cyber-enabled fraud, continues to grow and every section of society is now at risk. It’s therefore increasingly important that the police and businesses work even more closely together to counter this threat. The collaborative approach advocated by MOPAC and highlighted in this strategy is absolutely right if we’re to be successful in continuing to meet this challenge.”

He continued: “As the National Policing Lead for Fraud, the City of London Police will continue to work with MOPAC and others to ensure that London remains one of the safest and most business-friendly cities in the world, with a policing approach that’s fit and appropriate for tackling 21st Century crimes.”

Affording context to the Business Crime Strategy

Further to this, the following information is designed to give context to information included in the Business Crime Strategy…

Since taking responsibility for Action Fraud in April this year, the City of London Police has instigated a programme of work designed to offer an enhanced service for the victims of fraud and cyber crime. Since the end of May 2014, all victims who report to Action Fraud now receive a written update on the status of their report after 28 days, if not before. Action Fraud also provides expert advice and guidance to concerned individuals or businesses.

Action Fraud and the National Fraud Intelligence Bureau (NFIB), hosted and run by the City of London Police, is funded by Government to receive reports of fraud and cyber crimes from individuals, SMEs and large corporations. Outside Action Fraud, it also accepts reports of business fraud through a number of organisations including the UK Payments Council and CIFAS.

The combined Action Fraud and NFIB services do not investigate reported crimes of itself. The NFIB uses cutting-edge technology to automatically identify links between crimes and, in quick time, develops and disseminates crime packages for investigation by UK law enforcement agencies. It also proactively disrupts criminality and enriches the UK fraud and cyber threat picture.

During the 2013-2014 financial year, of the totality of fraud and cyber crimes reported into the NFIB no less than 53,556 packages were identified as having viable lines of enquiry and disseminated to UK law enforcement for investigation or intelligence purposes. In the same time period, some 118,000 additional crimes were targeted for disruption while over 805 alerts were disseminated for prevention purposes.

As the MOPAC Business Crime Strategy demonstrates, CIFAS reports on fraud against businesses. These reports often add value to the thousands of Action Fraud packages disseminated for investigation by UK law enforcement.

It’s important to note that police forces accept crimes for investigation based on the availability of viable lines of enquiry. In the past, forces have prioritised Action Fraud reports over CIFAS because of the quality of the data. However, the NFIB is working with forces and CIFAS to improve the quality of all data to create more opportunities for UK law enforcement to accept and investigate reports.

Informing Government and UK law enforcement

Action Fraud and the NFIB use the large number of reported fraud and cyber crimes to help inform Government and UK law enforcement about the scale of the threat that exists at a local, regional and national level in order to help drive their response to the benefit of victims. This has resulted in some police forces committing considerable additional resources to address these emerging threats.

For example, the Metropolitan Police Service is adding further capability to accept fraud and cyber crime packages for investigation which will then provide an enhanced service to victims.

The City of London Police proactively aims to improve the policing response to fraud and cyber crime and ensure that all business victims receive an efficient and effective service, particularly as reporting continues to increase. For instance, the force is creating a system whereby businesses can easily report multiple instances of fraud and cyber crime to Action Fraud.

Additionally, the force plays host to a number of fraud teams and specialist units that service business victims of fraud and cyber crime including the insurance industry, the credit and payment industry and intellectual property rights holders. ​​​​​

Over £21 million lost to social engineering scams since the beginning of 2014

Get Safe Online, the UK Government and private sector-backed information service on Internet safety and security, is raising awareness of ‘social engineering’ scams through a new series of informative videos offering advice and tips.

A type of confidence trick, ‘social engineering’ is the use of deceit to manipulate or trick victims into certain actions including divulging personal or financial information. Examples include phishing e-mails and fraudulent phone calls asking for personal or financial information – known as ‘vishing’ – or phone calls from fraudsters impersonating computer technical support agents.

According to FFA UK, approximately 23% of people in the UK have received a cold call requesting personal or financial information, potentially putting them at risk of becoming a victim.

In the first five months of this year alone, some of the UK’s main High Street banks have reported losses of over £21 million from vishing attacks on their customers, with over 2,000 vishing attacks resulting in an average loss of over £10,000 per victim.

Social engineering exploits human nature and plays on victims’ emotions such as protecting themselves, their family and finances, gaining something of advantage or willingness to please others. It’s a factor in many types of fraud.

Schemes may be elaborate and highly convincing

Tony Neate, CEO of Get Safe Online, commented: “It’s important that the public are aware of what social engineering actually is, as there are so many types which can lead to the theft of your money or identity. It can be easy to fall prey to social engineering because schemes can be elaborate and highly convincing, with approaches usually made by somebody you think you should trust or appears to be in authority. It’s not just individuals who are likely victims, it’s also businesses.”

Get Safe Online – the UK Government and private sector-backed information service on Internet safety and security – is raising awareness of ‘social engineering’ scams through a new series of informative videos offering advice and tips

Neate added: “We hope that by raising awareness of how to avoid becoming a victim of social engineering through our online videos and activity with our partners, we can help prevent it from happening to others.”

Alasdair MacFarlane, head of customer security at NatWest, said: “NatWest is committed to providing safe and secure banking alongside an excellent level of customer service. Fraudsters are always looking for new ways to gain access to money which is why we offer our customers a Secure Banking Promise, as well as lots of advice on our website to help them avoid falling victim to a scam. We’re delighted to be working with Get Safe Online in raising awareness on this important issue.”

Dawn Cornwall, fraud and security manager at Lloyds Banking Group, explained: “At Lloyds Banking Group we are committed to making sure our customers’ Internet banking experience is as safe as possible. We use cutting-edge technology to protect their personal information and privacy. We also have our online guarantee in place if a customer experiences fraud in Internet banking and a wealth of advice and guidance on our websites. We’re really pleased to be working with Get Safe Online on the Social Engineering campaign.”

Alex Grant, Barclays’ managing director of fraud prevention, stated: “We’ve seen from our own interaction with customers who have fallen victim to social engineering frauds that the loss of hard-earned savings causes great emotional distress, as well as having a significant financial impact. This is why raising awareness about social engineering scams and protecting customers from fraud is one of our highest priorities. Barclays fully endorses this awareness campaign and we’re pleased that our sponsorship of Get Safe Online is helping provide consumer education and promote awareness of scams such as these.”

Detective Superintendent Peter O’Doherty is the head of the NFIB and Action Fraud. Speaking about the Get Safe Online initiative, he said: “The face of crime has significantly changed in recent years, with much of today’s offending being conducted not on a face-to-face basis but over the phone and through a computer. People need to be aware there are ruthless, calculating criminals using social engineering scams to obtain personal and financial information that makes them a profit and individuals and businesses the victims of crime. This multi-media Get Safe Online campaign will shine a light on these practices and help the public know when they are being targeted and the best ways in which to protect themselves.”

How to avoid becoming the victim of social engineering

Getsafeonline.org offers a number of tips on how to avoid becoming a victim of social engineering:

• Always be wary of people requesting confidential or personal information by whatever means, however convincing they may seem
• Never reveal personal or financial data including usernames, passwords, PINs or other forms of ID
• Be very careful that people or organisations to whom you are supplying payment card information are genuine, and then never reveal passwords. Remember that a bank or other reputable organisation will never ask you for your password via e-mail or a phone call
• If you receive a phone call requesting confidential information, verify that it’s authentic by asking for a full and correct spelling of the person’s name and a call back number
• Check the number matches the contact number on the relevant website. Even then, the criminal may have used special software to display the authentic number
• If you are asked by a caller to end the call and phone your bank or card provider, call the number on your bank statement or other document from your bank – or on the back of your card. However, be sure to use another phone from the one you received the call on to ensure that a fraudster is not on the line by having kept the call open. If you cannot access another phone, be sure to hang up for at least five minutes before you dial out, or call a friend (whose voice you recognise) before making another call
• Do not open e-mail attachments from unknown sources
• Do not readily click on links in e-mails from unknown sources. Instead, roll your mouse pointer over the link to reveal its true destination, displayed in the bottom left corner of your screen. Beware if this is different from what is displayed in the text of the link from the email
• Do not attach external storage devices or insert CD-ROMs/DVD-ROMs into your computer if you are not certain of the source, or just because you are curious about their contents

*For more advice on how to avoid this type of fraud visit: http://www.getsafeonline.org/socialengineering to watch the online advice videos

About Get Safe Online

Now entering its eighth year of operation, Get Safe Online (www.getsafeonline.org) is the UK’s national Internet security awareness initiative.

A joint partnership between the UK Government, the National Crime Agency (NCA), Ofcom, law enforcement bodies and private sector sponsors from the worlds of technology, communication, retail and finance, the initiative continues to educate, inform and raise awareness of online security issues to encourage confident and safe use of the Internet.

GetSafeOnline.org is supported by Barclays, Bob’s Business, Creative Virtual, the Department for Business, Innovation and Skills, HM Government, HSBC, Kaspersky Lab, Lloyds Banking Group, the National Crime Agency, Symantec, the National Fraud Authority and Action Fraud, Ofcom, HSBC, Microsoft, PayPal, Symantec, Standard Life, Gumtree, Camelot, Detica, StubHub, Nominet, PurchaseSeal, ValidSoft, Business Link, the Charity Commission, Citizens Advice, the Association of Chief Police Officers, the Information Systems Security Association, e-Crime Wales, Information Risk Management plc, the Institute of Information Security Professionals, RG (Interactive Media in Retail Group), the International Association of Accountants Innovation and Technology Consultants, the Internet Services Providers’ Association, Neighbourhood and Home Watch, PTA-UK, SafeBuy, Safer Jobs, the Scottish Crime and Drug Enforcement Agency, Scottish Police College, the Scottish Business Crime Centre and UK Online Centres.

SIA and NFIB work to raise awareness of online security recruitment scam

The Security Industry Authority is working in conjunction with the City of London Police’s National Fraud Intelligence Bureau to raise awareness of an online recruitment scam.

The scam involves a series of phony online adverts offering training or jobs within the private security industry, using the names of real employees within genuine recruitment agencies.

After submitting a CV, the individual is offered a job and requested to pay an upfront fee of around £50 through an online money transfer to carry out a criminal records check or uniform fitting.

After paying the fee, the ‘recruitment agent’ may then claim that the e-money payment has failed and that the victim must submit a further e-money voucher code to continue with the application. This additional step is purely to maximise the fraudsters gain after establishing the victim’s interest.

The victim is then asked to attend an interview or induction/training session taking place at a multi-purpose business venue such as a conference centre.

The company offering employment is later found not to exist or the genuine recruiter has no knowledge of the contact details used by the suspects.

Don’t be a victim!

There are steps individuals can take to ensure that offers for training or jobs are real. These include the following:

• Research the company offering the service, check their website for contact details and make contact with them
• Be aware of advertisements with free e-mail addresses such as gmail or Hotmail
• Be aware of any advertisement requesting payment upfront, especially through online methods using e-money payments
• Research the training company using the SIA’s training provider search tool on the SIA website.

Also, please note the following:

• The cost of a criminal records check is included in the SIA licence application fee.

For further advice on these issues please visit the NFIB’s website: http://www.cityoflondon.police.uk/advice-and-support/fraud-and-economic-crime/nfib/Pages/default.aspx

Christmas shoppers warned to be vigilant when buying online

Action Fraud, the City of London Police and Get Safe Online are warning consumers to take extra care when shopping online for tablets, games consoles, electrical items and other Christmas gifts.

Last Christmas, fraudsters conned consumers out of more than £12 million through online shopping and auction scams. Action Fraud received more than 10,000 reports, with the average loss to victims more than £1,700.

Record numbers are expected to log-on for Christmas shopping this year, in turn creating opportunities for retailers and bargain hunters but also presenting opportunities for fraudsters.

Last year, fraudsters conned consumers out of more than £12 million over Christmas through online shopping and auction scams

Security minister James Brokenshire said: “We are taking the fight to cyber criminals with the newly-created National Cyber Crime Unit, which is part of the National Crime Agency, but the public should also stay vigilant to ensure they don’t lose their hard-earned money on fakes and frauds. Following straightforward steps while shopping online will help the public to avoid cyber fraudsters.”

Brokenshire added: “Shoppers can find great bargains online ahead of Christmas, and this time of year provides a welcome boost to retailers, but shoppers should remember if something looks too good to be true that’s often the case.”

Looking out for the warning signs

Action Fraud experts say that even the most confident online shopper can be caught out by professional fraudsters. Fraudsters often target vulnerable shoppers who are unsure in using modern technology.

Consumers should look out for the warning signs that a website may not be secure. Action Fraud, Get Safe Online and the City of London Police (who run the National Fraud Intelligence Bureau) encourage online shoppers to be particularly careful when using new websites and sites that offer deals that look too good to be true.

By following these simple tips you can keep fraudsters at bay this Christmas:

1. Trust your instincts: if an offer looks too good to be true it usually is. Legitimate popular technology and designer items are rarely discounted
2. Check the URL in the web browser. Don’t be fooled by spoof websites where the address is slightly different
3. Ensure the website address begins ‘https’ at the payment stage (this indicates a secure payment)
4. Don’t access links in unsolicited e-mails. Always type in the website address or use a search engine to find a site
5. Only deal with reputable sellers. Only use sites you know or ones that have been recommended to you
6. Avoid paying by money transfers direct to people you don’t know. Use an online payment option such as PayPal which helps to protect you
7. Watch out for pop-ups appearing asking you to confirm your card details before you’re on the payment stage. Never enter your PIN number online
8. If your bid for an online auction item is unsuccessful, don’t be tempted to trade off-site if another seller approaches you with a similar item. This is likely to be a scam and you will not be covered
9. Keep security software and firewalls up-to-date. Regularly update your Internet browser when a new patch (security update) is released
10. Keep receipts and check these against your statement. If you spot a transaction you did not authorise speak to your card company immediately.

Scams change and adapt

Tony Neate, CEO of Get Safe Online, said: “£12.4 million is a huge amount of money to be lost to online fraud but, unfortunately, it’s the type of figure I see every year. The problem is, scams change and adapt as trends come and go. Scammers have also become more sophisticated as we get wiser to what is and isn’t legitimate so it’s understandable that people sometimes get caught out.”

Neate added: “We know how busy and stressful Christmas can be so we don’t want to overwhelm people with complicated advice, but we urge consumers to keep the basics in mind as a good preventative measure. It’s easy to get carried away when you spot a bargain online for that gift you’ve been all over the High Street trying to find, but take a step back and think before you buy it. Is it too good to be true?”

Detective Chief Superintendent Dave Clark, director of the National Fraud Intelligence Bureau, commented: “Online shopping has revolutionised the way in which we buy our Christmas presents, with each year more and more people choosing to search for gifts over the Internet rather than heading to the shops. However, the result is that online fraud is top of the festive scam list.”

He continued: “To reverse this trend, we all need to be extra careful about what we’re buying online and from whom, especially if it is popular technology at a reduced price. By carrying out all the necessary checks you should guarantee that your presents will be enjoyed by friends and family and not lost to fraudsters.”

Items most at risk from fraud

Based on an analysis from last year, the items most sought after – and therefore most at risk from fraud – are smart phones. However, electronic goods in general, including computers, tablets, laptops, games consoles and e-readers were also very popular.

In January, the Government and partners will be launching a new campaign to increase public and small and medium enterprises’ confidence online by helping them to adopt simple changes to their online behaviour.

Private sector partners who have joined the campaign include Financial Fraud Action UK, Sophos, the RBS Group, Trend Micro and Facebook who are providing investment and support.

If you or someone you know has been a victim of this type of fraud, report it to Action Fraud so that the incident can be passed to the police.

Christmas shopping tips from Get Safe Online

http://www.getsafeonline.org/themes/ChristmasCampaign/index.php

National Fraud Intelligence Bureau issues warning over Cryptolocker attacks

The National Fraud Intelligence Bureau is warning about the damage being caused by Cryptolocker, a destructive malware that installs itself on computers and effectively holds peoples’ files to ransom.

So far, the National Fraud Intelligence Bureau (NFIB) has received reports from almost 100 victims, with an average loss of £460.

Affected businesses and individuals will also incur losses, such as wasted time, lost revenue and additional IT costs, in addition to further implications for files that are not separately backed up.

The malware is predominantly deployed via zip files in e-mail attachments and web links exploiting legitimate public sector organisations’ branding.

How does the threat get in?

Process
1. An e-mail attachment or Internet link that contains the malware is opened on your computer, which installs the malware, or your computer is already infected with malware (ie a Botnet) and the criminal uses this to further infect your computer with CryptoLocker.
2. The malware runs and installs CrytpoLocker.
3. The malware encrypts all the files it can find including images, documents and spreadsheets.
4. The malware then pops up a page giving you limited time, usually 72 hours, to buy back the private key, typically $300, to regain access to your data.
5. It’s unclear as to whether access is regained after paying the ransom.

How can you reduce the risk of becoming a victim?
1. Do not click on attachments unless you can verify the source, particularly if you are not expecting correspondence from the source.
2. Install and run security software and set to update automatically.
3. Set your computer’s security settings to update automatically.
4. Make regular back-ups, storing them safely and preferably offline.
5. Increase security settings on your browser.