Roy Waligora, KPMG UK head of investigations said: “We are noting a worrying move from criminals simply hacking as a means to an end to being industrialised personal data brokers on the dark web.
The value of fraud cases reaching UK courts decreased during the first half of 2019 to £319 million, but there were other concerning trends.
Despite the the number of cases of alleged fraud heard in the UK courts dropping by 13%, and total value falling from the £345m recorded in the same period last year, KPMG’s Fraud Barometer noted that there was a worrying trend in the commercialisation of cyber-crime, with several repeat offenders making their way back to court.
Roy Waligora, KPMG UK head of investigations said: “We are noting a worrying move from criminals simply hacking as a means to an end, to being industrialised personal data brokers on the dark web.
“As our digital footprints get larger, cybercriminals will continue to develop new and innovative ways to steal personal data. If we are not alive to the threats, there is a great risk that we increase our vulnerability to criminals through our inaction.”
The fraud barometer records cases coming to the UK courts with a value of £100,000 or above, and many of these cases involved the commercialisation of cyber-crime, with criminals advertising on the dark web.
One example that was given involved a cyber-criminal who created a virus and launched an attack on a Liberian communications company, which took it offline. The criminal, who was jailed for 32 months, had been paid $30,000 by a rival of the communications company, who spent $600,000 repairing the damage.
“It’s worrying to see the rise in high value fraud crimes being put to the commercialisation of cybercrime. The GCHQ chief urged earlier this year that there must be a ‘national effort’ to boost UK cyber security with the proliferation of tools and technologies being used by hackers to exploit businesses, consumers and governments.
“In the case of fraud, with more and more information being stored digitally, this data becomes ripe for the picking for financial threat actors. And these are affecting predominantly the most vulnerable to digital fraud: those with little-to-no knowledge of a potential scam.”
Speaking on the figures, Rob Norris, VP of enterprise and cyber security at Fujitsu said: “It’s worrying to see the rise in high value fraud crimes being put to the commercialisation of cybercrime. The GCHQ chief urged earlier this year that there must be a ‘national effort’ to boost UK cyber security with the proliferation of tools and technologies being used by hackers to exploit businesses, consumers and governments.
“In the case of fraud, with more and more information being stored digitally, this data becomes ripe for the picking for financial threat actors. And these are affecting predominantly the most vulnerable to digital fraud: those with little-to-no knowledge of a potential scam,” Norris said.
The data also showed a 57% increase in the number of account takeovers reaching the courts. In these cases, criminals used a range of techniques including email, SMS and apps to hijack private data that enabled them to gain access to bank and credit card accounts.
These cases typically see online scammers targeting vulnerable computer users by pretending to fix bogus viruses or by hacking their computers, and then scamming them out of hundreds of thousands of pounds.
While potential attacks are not always easy to spot, a broader education on how to detect fraudulent emails is key not just to consumers’ own finances, but their employers as well.
The victims, many of them elderly, panic when they believe their computer has been infected and are tricked into contacting the Indian-based scammers who offer to fix their problem for a fee. However, these scammers then gain access to the victim’s bank details and take money from their accounts, and sometimes even install further software to allow them to steal more.
In June, The Cyber-Attacks (Asset-Freezing) Regulations 2019 was brought in to force in order to help combat the financial damage people can face from cyber-attacks. This legislation means that the HM Treasury are allowed to freeze assets of and persons or entities suspected of carrying out a cyber-attack, in or out of the UK. It can also restrict business interactions of UK nationals or UK-incorporated entities with anyone suspected of cyber-related fraud.
Waligora said that banks are required to pay customers who are victims of such crimes, saying: “The Cyber-Attacks (Asset-Freezing) Regulations 2019 entered into force in June, and require banks to repay funds to customers stolen as a result of account takeover. Whilst this is a very positive step for the customer, we all need to remain vigilant as consumers will continue to bear such costs indirectly.”
Mr Norris believes that better education on how to detect cyber-crime is needed. He said: “Although awareness or cyber criminality has increased, with a fifth of the public believing that cybercrime is the biggest challenge facing the UK today, this hasn’t been enough to stem the tide in account takeovers.
“While potential attacks are not always easy to spot, a broader education on how to detect fraudulent emails is key not just to consumers’ own finances, but their employers as well; what a consumer intentionally or not exposes themselves to at home, they are also likely to do at work. The finances of consumers and success of businesses depend on this rigorous education.”
The fraud barometer also showed four cases of people with previous convictions going back to court under new charges totalling £2.6m. In some of the cases, the alleged repeat offenders secured employment in new roles where they were subsequently able to circumvent internal control and commit further fraud.
Businesses need to ensure they are doing thorough due diligence on the people they are hiring into their organisations.
In one case heard at Leicester Crown Court, a fraudster was caught attempting to pay his fraud debt with money that he had stolen through another scam. The 57-year old first appeared in court in 2016 where he told the judge he could repay the sum of £107,000 if he was given more time, but was caught by HMRC raising the money through another scam which involved stealing £580,000 from other business. He admitted this second fraud in 2019 and has since been jailed for four years.
On the issue of repeat offenders, Waligora said: ““Whilst for most fraudsters, being caught and convicted once is enough to ensure they don’t continue to commit crime, for some the lure of the prize on offer is too much to resist – regardless of the consequences.
“Businesses need to ensure they are doing thorough due diligence on the people they are hiring into their organisations – particularly if they are filling roles with financial responsibilities.”
Cyber-criminals have set their sights on accountancy firms. To learn how to minimise risk to your firm, read this article by Joe Collinwood, CEO of CySure.