UK financial account takeovers up, report warns

Although the value of alleged fraud in the UK was down 7.5% in first half of 2019 compared with the same period a year ago, financial account takeovers have increased, a report shows.

Data from 217 alleged cases of fraud in UK courts indicates a 57% increase in account takeover cases, according KPMG’s latest Fraud barometer report.

The report, which records fraud cases coming to UK courts with a value of £100,000 and above, noted a “worrying” commercialisation of cyber crime and a number of repeat offenders making their way back to court among the cases recorded.  

Digital scammers used a range of techniques, including email, text messages and smartphone apps, to obtain personal data that enabled them to take over bank and credit card accounts, the report said.

In one case, a Tyneside man who was the UK front of a scam conducted in India was jailed for 28 months at Newcastle Crown Court. The fraud involved online scammers who defrauded computer users out of hundreds of thousands of pounds by pretending to help them fix bogus virus infections.

Victims were panicked into contacting the fraudsters after messages informing them their computers had been infected. When they followed instructions to contact a free number, they were put through to India-based criminals who said they could fix the problem for a fee.

But once the scammers had access to victims’ banking details, they plundered their accounts and sometimes installed software to allow them to steal more.

“We are noting a worrying move from criminals simply hacking as a means to an end to being industrialised personal data brokers on the dark web,” said Roy Waligora, KPMG UK head of investigations.

“As our digital footprints get larger, cyber criminals will continue to develop new and innovative ways to steal personal data. If we are not alive to the threats, there is a great risk that we increase our vulnerability to criminals through our inaction.”

Waligora noted that the Cyber Attacks (Asset-Freezing) Regulations 2019 went into force in June, requiring banks to repay to customers funds that are stolen through account takeover. 

“While this is a very positive step for the customer, we all need to remain vigilant as consumers will continue to bear such costs indirectly,” he said.

Another trend highlighted by the report is the number of repeat offenders returning to court. The Fraud barometer recorded four cases of people with previous convictions for fraud coming back to court on new charges totalling £2.6m.

In some cases, the alleged repeat offenders were able to secure employment in new roles where they were able to circumvent internal controls to continue to commit fraud. 

In one case, a fraudster was caught trying to pay a £100,000 tax fraud debt with money he had stolen by staging another scam. The 57-year-old first appeared in court in 2016, when he told the judge at Leicester Crown Court that he could repay the sum of £107,000 if given more time to come up with the money.

Investigators from HM Revenue and Customs later discovered that the fraudster was raising the money to pay the debt through a second scam that involved stealing more than £580,000 from other businesses. He admitted the second fraud at court in 2019, when he was jailed for four years.

 “While for most fraudsters, being caught and convicted once is enough to ensure they don’t continue to commit crime, for some the lure of the prize on offer is too much to resist – regardless of the consequences,” said Waligora.

“Businesses need to ensure they are doing thorough Due diligence on the people they are hiring into their organisations – particularly if they are filling roles with financial responsibilities.”

According to another recent research report, cyber fraud accounts for more than half of all fraud and is also a main motivator for cyber attacks on all organisations.

If unchecked, cyber fraud’s cross-jurisdictional nature will continue to bring increased harm to individuals and businesses around the world, said the report, adding that cyber fraud should be high on the agenda of security teams and business decision-makers.