Days rarely pass without news of another unfortunate person falling victim to online fraudsters. Marc Deruelle was almost one of them. He told the BBC that he was excited to visit Liverpool this May for the 2023 Eurovision Song Contest and wasn’t immediately suspicious when someone contacted him on WhatsApp claiming to be the receptionist at the accommodation he’d booked online.
Luckily, Deruelle’s bank noticed something was afoot and blocked about £800 from being transferred to Uganda. Other victims haven’t been so lucky. In late 2022, a woman from North Wales sent almost £2,000 to a scammer on Whatsapp who’d pretended to be her daughter. Jennifer, from North Lanarkshire in Scotland, told STV News she’d had to sell her home so that she could repay loans she’d initially invested in a bogus cryptocurrency investment scheme advertised on Facebook. Scammers coerced her into taking out further loans to invest in the bogus scheme — ultimately leaving her with £150,000 in debt.
Fraud is now the nation’s most common offence, accounting for more than 40% of all crimes committed in England and Wales in 2022. According to UK Finance, more than £1.2 bn was stolen last year – about £2,300 every minute – with 78% of incidents originating online.
Despite the immense scale of the problem, however, critics say the authorities have been too slow to take meaningful action to counter this kind of crime. ‘Fraud appears to have been everyone’s problem but no-one’s priority,’ declared the House of Commons’ Public Accounts Committee in its latest report, published in March.
The police, meanwhile, have been left struggling, argues David Hamilton, the now-retired chair of the Scottish Police Federation. He left a force in March this year that remains under-resourced and under-educated about the potency and scale of online fraud. When it comes to tackling cybercrime, says Hamilton, police officers across the country are still “way out of their comfort zones.”
The Public Accounts Committee agrees. According to its March report, the ‘volume and complexity of fraud currently overwhelms the capacity of both Action Fraud and local police forces,’ with only 1% of police personnel actually assigned to online fraud investigations. Those officers, the authors continue, lack training and resources to pursue the hundreds of thousands of fraud incidents flagged every year, leaving case officers overstretched, despondent and burned out.
One of the reasons why is a simple lack of government funding, argues Hamilton. “What I found, certainly in Police Scotland, is that there’s just nowhere near the amount of money that’s required to do what we want to do,” he says. Neither is there enough expertise. With some exceptions, argues Hamilton, most officers find themselves floundering in their efforts to tackle online fraud. “It’s just a totally different sphere” to the kind of physical incidents they’re usually trained to handle — a problem that’s especially acute for older officers, explains Hamilton.
He also believes that there hasn’t been enough clarity about police officers’ roles and responsibilities. “I’ve yet to see a good cyber-strategy,“ says Hamilton. “A lot of it doesn’t actually really make sense for me, and it doesn’t make any sense for those on the ground.”
Jake Moore tells a similar story. He’s currently working as an advisor at cybersecurity firm ESET, but previously served in the Dorset Police Cybercrime Team & Digital Forensics Unit between 2009 and 2018. Moore worked directly with Action Fraud during this period and says it wasn’t capable of processing the amount of crimes that people wanted to report, let alone investigate more than a fraction of those incidents. “I used to get all the reports monthly and we had to cherry-pick one or two to investigate out of maybe 300,” he explains. “We just didn’t have the capacity to investigate them, which frustrates us as the police — and it frustrates the public even more.”
So what went wrong? The government had the right intentions when it launched Action Fraud back in 2009, says Moore, but “didn’t realise the extreme growth of fraud that we were about to see.” That might have contributed to a lack of funding and expertise among law enforcement, say Moore and Hamilton, an issue that’s left police officers struggling to keep pace with the rapidly-changing pace of cybercrime. It has long been tricky to recruit and retain cybersecurity professionals in the public sector, especially in rural police forces. “The police and local government don’t pay very well,” says Moore. “If you’re in cybersecurity, why on earth would you stay in the police force when you can go to the private [sector]?”
Online fraud education offensives
The UK isn’t unique as a nation in its struggles with fighting cybercrime, says Dr Vasileios Karagiannopoulos, a reader in cybersecurity and cybercrime at the University of Portsmouth. Nevertheless, it does seem to have fared poorly, thanks in part to its abundance of financial services and businesses. “That obviously makes us a very popular target with fraudsters — both internally and externally,” explains Karagiannopoulos. Language is also a key element. An estimated 1.4 billion people speak the King’s English, which means there’s an unusually large number of people willing and able to write phishing emails and malware in the language.
Prevention will be central to any successful strategy to tackle online fraud, argues Moore. Educating the public more effectively on the need for good password hygiene and management would contribute enormously toward reducing the current burden on UK police services simply by reducing the number of incidents. For that to work, says Moore, — “you need to get police to spend more time with the public and more time with companies.” He also believes the UK government needs a robust, wide-reaching publicity campaign that would educate the public on the value of cybersecurity in the same way they were convinced to use seatbelts. “They’ve done a few [campaigns] but you just can’t stop until you’ve actually got people to understand,” says Moore. “We need people to up their level so much more.”
This kind of education has been particularly lacking for one of society’s most vulnerable groups — the elderly. “The only cyber-education I ever hear of anyone getting is at work,” says Hamilton. He points out that nobody has ever spoken to his elderly father about cyber-fraud, even though the UK’s older communities can be among the most lucrative victims for scammers. “There’s a vulnerability there that nobody’s addressing.”
Police services and governments also need to get better at managing the public’s expectations about cybercrime and online fraud, Hamilton argues. “If you go to your spam mailbox, you’ll probably find about 20 to 30 attempted frauds in there,” he says. It would be impossible to police and prosecute all of them, explains Hamilton, especially when you consider the international scope of these scammers, who are often based in hard-to-reach countries like China, Russia, and Brazil. “Let’s not give people the confidence that we can do something about [that],” says Hamilton. “The reality is, we can’t.”
Will the UK’s new anti-fraud strategy, announced earlier in May, make any real difference? Announced with much bombast by the home secretary, Suella Braverman, who claimed that the new plan marked a “fundamental shift” in the government’s approach to cybercrime, Karagiannopoulos believes that its goals are more modest than that. That’s not necessarily a bad thing, says the professor. Any statement to the effect that UK police new mission would now be to eliminate online fraud once and for all would probably be greeted as unrealistic, explains Karagiannopoulos – the actual announcement that the goal was just going to be a cut of 10% in incident rates compared to 2019, meanwhile, is eminently plausible.
One of the promised measures involves setting up a new state-of-the-art system, including a new reporting website, to replace Action Fraud. This is getting a £30m investment and will include both an increased use of automation as well as more staff in the centre’s call centre.
Moore, too, is optimistic about the potential for improvement, but says he wishes action had come earlier. The UK government seems — finally — to recognise the very real risks of online fraud, but “they just need to be quicker and not scared of spending the money now,” says Moore. “Ironically, it always costs you more if you wait.”