Fraudsters are increasingly exploiting the Covid-19 crisis to target people online by harvesting their personal and financial information via social media, text message scams and cloned websites before using it to steal their money.
Data covering the first six months of 2020 from UK Finance, which represents banks and financial services, showed that £208m was stolen in reported “authorised push payment fraud”, where victims unwittingly send their money to a criminal-controlled account.
The total was broadly in line with the same period last year, but masked a rise in online types of fraud and a decline in older, offline scams.
In the first half of 2020, losses from internet banking fraud, when a fraudster gains access to a customer’s bank account through online banking and makes an unauthorised transfer of money, jumped by 32 per cent to £64.3m, compared with the same period in 2019. The number of cases more than doubled to 21,300.
The value of losses from mobile banking fraud came to £7.5m, up 41 per cent compared with the first six months of 2019. The number of cases was up 36 per cent to 4,000.
UK Finance said the trend — and an associated drop in offline scams such as those involving cheques or telephone fraud — was partly due to the increased use of technology among the public, a shift that accelerated under lockdown. But homeworking, remote banking and the public health crisis were also being exploited by criminals to boost their illicit takings.
Katy Worobec, managing director of economic crime at UK Finance, said: “Criminals have ruthlessly adapted to this pandemic with scams exploiting the rise in people working from home and spending time online. These range from investment scams promoted on social media and search engines to the use of phishing emails and fake websites to harvest people’s data.”
The number of impersonation scams, where criminals con people into handing over money by pretending to be a trusted organisation, was up 84 per cent in the six month period compared with last year, with about 15,000 cases reported. A scammer might typically contact a victim pretending to be from HMRC, but this year cases have emerged of criminals pretending to be policing quarantine. They accuse victims of breaking the rules and demand payment of a fine. Other callers pretend to be from NHS Test and Trace, and ask questions designed to extract sensitive personal or financial information.
Ms Worobec said: “We need the public to remain vigilant against scams and remember that criminals are experts at exploiting events like Covid-19 to impersonate trusted organisations. Always take a moment to stop and think before parting with your money or information, and don’t let a criminal rush or panic you into making a decision that you’ll later come to regret.”
Banks and finance services groups reimbursed victims for £73.1m of losses from authorised push payment (APP) fraud, an 86 per cent increase on the figure for 2019. But the value of reimbursements as a share of losses dropped from 41 per cent to 38 per cent.
The largest proportion of losses among the various types of fraud was in investment scams, where losses rose by 27 per cent to reach £55.2m in the first half of 2020. UK Finance said fraudsters were becoming increasingly sophisticated in luring their victims, using online advertisements to entice investors to visit cloned website pages that appear to be the legitimate home of a firm regulated by the Financial Conduct Authority. These typically offer high returns on assets such as gold, property, carbon credits or land banks.
Victims are then invited to fill in a form to register their interest before being telephoned by someone purporting to be from the investment firm or brokerage.
Ms Worobec warned that the figures on frauds that exploit the pandemic were likely to get worse before they get better, because the current set of data would not include cases where criminals had not yet exploited the sensitive information they had culled.
“We know from experience that there is often a delay between criminals obtaining people’s details and using them to commit fraud, meaning the full losses from Covid-19 related scams designed to harvest people’s data are likely to not yet have been fully realised,” she said.
She expected fraudsters to adapt their techniques further as the pandemic continues, playing on people’s financial insecurities to recruit them as “money mules” and use their accounts to launder illicit payments, or offering bogus products at a steep discount on auction websites.
The rules on reimbursement for APP scams are guided by a voluntary industry code introduced in May last year. Customers receive compensation for such frauds, unless they flout the code by, for instance, ignoring specific warnings issued by their payment provider.
UK Finance wants the voluntary code to be given statutory weight in legislation to ensure it applies to all firms and produces better results for customers. “It is now clear that the voluntary code is not delivering consistent outcomes and that new legislation is needed to deliver certainty for both firms and their customers,” Ms Worobec said.