The cybercrime epidemic that’s hidden from view

Fraud and computer misuse make up 14 per cent of crimes, but you won’t see them included in government figures, says Chris Blackhurst, despite the devastating cost to people’s lives

Friday 18 February 2022 21:26 GMT
Comments
Not keyed in: online scams appear to have been discounted by the prime minister and home secretary
Not keyed in: online scams appear to have been discounted by the prime minister and home secretary (PA)

When Boris Johnson and Priti Patel crowed about falling crime earlier this month, they failed to include fraud and computer misuse.

A drop of 14 per cent in England and Wales between September 2019 and September 2021 becomes a rise of 14 per cent if fraud and computer misuse are taken into account. Perhaps the prime minister and home secretary do not regard fraud and cyberscamming as real “crime” and therefore genuinely believe they can discount them.

Clearly then, they view the Office for National Statistics as mistaken, since the ONS Bulletin includes fraud and computer misuse in the crime total. Or are they so cynical as to manipulate the figures for their own ends?

With leaders like these, it should be no surprise, then, that only one in 1,000 cases of fraud are solved by the police. Or that the Serious Fraud Office is permanently locked in a struggle to justify its very existence. After all, why do we need a Serious Fraud Office when fraud, any type of fraud, is not taken seriously?

Bear in mind that when Johnson, Patel and their colleagues are not massaging the truth they are also responsible for allocating resources from the constrained government purse. Small wonder, then, that the fight against fraud and cybercrime remains woefully understaffed and underfunded. Compared with fighting other offences they’re just not seen as sexy – they don’t result in dramatic footage of police swoops, and they can be hard for readers and viewers to understand. Difficult too, to crack. This is an administration that likes to focus on boosterish headlines, and striking fraudsters and cyberattackers, who hide behind layers of anonymity and may be based overseas, doesn’t cut it.

There is a sense, as well, of the practitioners being several steps ahead of the authorities – authorities, don’t forget, whose bosses are not exactly committed to pursuing them. If ministers cannot be bothered, that lackadaisical nature flows down from the top, into police forces and enforcement agencies. It’s an approach that also translates to the corporate world, where cracking fraud and cyberattacks remain poor relations when boards are making decisions about future direction and investing.

A friend of mine is the victim of online fraud. Two Saturdays ago, she received a text purporting to be from the NHS regarding taking a positive Covid test. She clicked through to what claimed to be an NHS test site and, without thinking, entered her debit card details to pay for postage of a test kit. Quickly realising her mistake, she contacted Lloyds to put them on notice, cancel the debit card and put a stop to any fraudulent attempts to access her account.

She phoned the fraud number and believed she was speaking with someone in the fraud section. Later, she learned that the person was, in fact, a standard telephone banking adviser.

My friend was assured the matter would be dealt with, and a new debit card would be sent. She ended the call, confident she had acted appropriately after her initial error and that Lloyds would be on alert for suspicious activity.

The adviser did not warn her that this “phishing” action by the scammer, to get the card or account details, might be a prelude to a different type of fraud, or advise her to be especially wary of follow-up calls or actions purporting to be from Lloyds.

On the Monday evening, just before 8pm, she received a call from a confident, smooth-talking “Lucas” from Lloyds Fraud Department. Given her report of fraud to Lloyds two days earlier, she was not surprised by the call.

“Lucas panicked me by telling me that my account was under cyberattack from fraudsters who were trying to take £1,000 for a purchase at Carphone Warehouse and that Lloyds needed to move my funds into a ‘safe’ new account. I am a full-time working mother with two teenage daughters, and I was terrified of losing a thousand pounds.”

Over the next 10 minutes, the ever-so helpful Lucas walked her through transferring money to a “new” account at Lloyds, except the account was not at Lloyds but at one of the new online banking services providers, thinkmoney, and was not in her name. Initially, she transferred four amounts, totalling £17,800, directly from her savings account.

Cleverly, Lucas suggested she transfer another £9,000, again with no preventative check or stop, to an account at revolut which was in her name, which she uses for day-to-day expenses.

Lucas then moved up a gear. He said while she was at it, while she was moving money to safety, why not take advantage of a loan? “His knowledge of the Lloyds app and system was so masterful that he simply said, ‘push the third button’, ‘click yes’ and such-like, moving at lightning speed though the process. His patter and familiarity with every aspect of the system was totally convincing. I was terrified of losing my life’s savings and believed it was a race against time to prevent fraud.”

The Lloyds app allowed her to open a loan account and then delivered £25,000 into her current account within literally minutes. There were no texts or emails from Lloyds saying, “you’re taking out a major loan, are you sure?” There was no pause for a sense check – just an immediate £25,000 delivered to a customer who has never had a loan in 30 years.

Lucas suggested she immediately transfer £10,000 of this new money to her “new” Lloyds account, which of course was really at thinkmoney and not in her name.

You might suppose a loan coming into an account then going straight out again should have provoked the reddest of red flags and yet it passed unimpeded.

She stresses: “All the time I thought I was simply moving funds safely into my ‘new’ account at Lloyds, an action that has to be seen in the context of the fact that I had reported an attempted fraud to Lloyds two days earlier and was simply scared.”

Sadly, hers is an all-too typical tale. The lack of safeguards, the way fraudsters can open bank accounts with the new online banks with seemingly little requirement for normal security or identity verification – these all point to complacency.

She’s lost the best part of £30,000, money she can ill afford to lose – “life changing” is her verdict. But according to Johnson and Patel, no crime was even committed.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in