Executive Summary
The United Kingdom faces a critical fraud epidemic as 2025 nears its end, with over £1.1 billion stolen from citizens and businesses. Despite government intervention, new mandatory reimbursement rules, and enhanced Online Safety Act provisions, British consumers and businesses continue to battle increasingly sophisticated scammers who leverage AI, deepfakes, and coordinated international criminal networks. The appointment of the UK’s first-ever Fraud Minister signals the severity of the crisis facing the nation.
The State of Fraud in Britain: By the Numbers
The scale of the fraud problem in the UK is staggering:
- £1.1 billion stolen in 2024 across all fraud categories- 3.3 million reported fraud incidents in 2024 (a 12% increase)- 93% of UK businesses were targeted by fraud in the past year- Over 250,000 identity fraud cases filed in 2024 (5% increase)- £450.7 million lost to Authorised Push Payment (APP) fraud- 73% of UK businesses expect fraud risks to grow in 2025
While some categories show improvement—APP fraud losses fell 2% due to aggressive prevention measures—other types of fraud have surged dramatically, particularly remote purchase fraud, which saw a 22% increase in cases.
The Fraud Landscape: Key Scam Types
1. Identity Fraud: The Foundation of Modern Scams
Identity fraud remains the most prevalent fraud type in the UK, accounting for 59% of all cases reported to Cifas’s National Fraud Database:
Impersonation Tactics: Criminals continue using well-established methods to impersonate government officials, bank representatives, company executives, and trusted service providers.
AI-Enhanced Identity Theft: The threat from identity fraud is amplified by generative AI technologies, enabling criminals to create sophisticated false identities and fictitious profiles at unprecedented scale and speed.
Facility Takeover: As criminals invest more time building false identities, there’s been a consequential increase in account takeovers, where fraudsters use stolen credentials to access legitimate accounts.
The most alarming development is the quality of fraudulent documentation. According to Cifas, some AI-generated documents are now capable of passing verification checks, with organizations across multiple sectors reporting the same templates in circulation with simple edits to personal details.
2. Authorised Push Payment (APP) Fraud
While APP fraud saw a modest decline to £450.7 million in 2024 (down 2%), it remains one of the most financially damaging fraud types:
How It Works: Victims are manipulated by criminals into authorizing payments from their own accounts to accounts controlled by fraudsters. Unlike traditional bank fraud, the victim initiates the transfer themselves, often believing they’re protecting their money or making a legitimate payment.
Common Scenarios:
- Impersonation of bank fraud departments claiming to help secure accounts- Fake investment opportunities requiring immediate transfer- Romance scams where trusted “partners” request financial assistance- Purchase scams for high-value items that don’t exist
The Silver Lining: The 2% reduction in APP fraud and 20% drop in case volumes represents progress from heavy investment in fraud prevention technology and new reimbursement rules introduced in 2024. However, this success has merely pushed criminals to exploit other vulnerabilities.
3. Remote Purchase Fraud: The Fastest Growing Threat
Remote purchase fraud has emerged as the fastest-growing fraud category in the UK, with a 22% increase in cases:
Online Shopping Scams: Fraudsters create convincing fake websites or listings on legitimate platforms (eBay, Amazon, Facebook Marketplace) offering products at attractive prices. Victims make payment but never receive goods.
High-Volume, Low-Value Attacks: Criminals have shifted from high-value APP fraud to exploiting weaknesses in remote purchase systems with numerous smaller transactions that fly under detection thresholds.
Mobile Phone Network Vulnerabilities: Criminals exploit weaknesses in mobile phone account security to make fraudulent purchases charged to victims’ phone bills.
4. Business Email Compromise (BEC) and Cyber Fraud
Nearly 88% of UK businesses identified cyber fraud as a significant driver of payment fraud:
AI-Powered BEC Scams: Generative AI enables fraudsters to craft convincing emails that mimic executives’ communication styles, complete with appropriate jargon, tone, and formatting. These requests for urgent payments or information changes appear entirely legitimate.
Financial Toll: For the 21% of businesses that suffered successful fraud attacks in 2024, the average loss per incident was £500,000—a devastating sum that can threaten business survival.
The Confidence Gap: While 97% of executives believe their teams can identify advanced fraud tactics, the rising number of successful attacks suggests dangerous overconfidence in outdated defenses.
5. Winter Fuel Payment and Government Benefit Scams
A disturbing trend emerged in early 2025 targeting vulnerable populations:
Winter Fuel Payment Scams: Since January 2025, Action Fraud received 571 reports with total victim losses exceeding £14,000. Victims receive texts from spoofed numbers claiming eligibility for heating assistance, leading to copycat government websites designed to harvest personal and financial information.
Characteristic Pattern: Scammers exploit cost-of-living pressures and target those born before September 23, 1958, who may be eligible for legitimate Winter Fuel Payments.
6. Financial Conduct Authority (FCA) Impersonation
Almost 5,000 reports of FCA impersonation scams were made in the first six months of 2025 alone:
The Scam: Fraudsters claim to represent the FCA and request sensitive banking information or demand payments, supposedly to help recover funds from crypto wallets opened illegally or to assist loan scam victims.
Vulnerability: Nearly two-thirds of reports came from people aged 56 or above, highlighting targeted exploitation of older citizens who may trust regulatory authority claims.
FCA Warning: The regulator emphasizes it will never ask for money or sensitive banking information like PINs and passwords.
7. “Quishing” - QR Code Fraud
An emerging threat for 2024-2025, “quishing” involves QR codes embedded in emails, posters, text messages, or fake parking notices:
Method: Victims scan seemingly legitimate QR codes that redirect to malicious sites designed to harvest login credentials or initiate fraudulent payments.
Why It Works: QR codes have become ubiquitous for menus, event check-ins, parking payments, and government services, creating widespread trust that criminals exploit.
8. Voice Cloning and Deepfake Scams
The integration of AI-generated voices and video presents perhaps the most dangerous evolution:
Voice Cloning: Criminals deploy AI-generated voices to impersonate officials, executives, or family members. The technology requires minimal source material—often just a few seconds of audio from social media, corporate websites, or voicemails.
Targeting Older Citizens: Law enforcement reports indicate older citizens are disproportionately targeted, with devastating financial and emotional consequences. Many victims lose their life savings and experience shame and isolation, reluctant to tell family members.
9. Booking.com and Travel Scams
Cybersecurity firms have warned that scammers are paying on the dark web to steal Booking.com account details:
Phishing Emails: Customers receive messages about fake security alerts, urgent payment requirements, or booking issues, with links to credential-harvesting sites.
International Scope: Holidaymakers from the UK, US, Italy, Portugal, and other countries have reported victimization since March 2025.
10. Energy Scams Exploiting Cost-of-Living Crisis
“Energy Saving Device” Scams: Companies market useless or dangerous devices claiming to reduce energy bills dramatically. Many fail to meet safety standards (no CE/UKCA mark).
Pre-Payment Meter Scams: Scammers offer reduced-cost energy at doorsteps, using cloned keys to illegally top up meters. Victims pay the scammer but receive no legitimate credit, ultimately paying twice when suppliers discover the fraud.
Legislative and Regulatory Response
Online Safety Act 2023
In December 2024, Ofcom published the first Illegal Harms Codes of Practice, setting expectations for social media and online search services:
Key Requirements: From mid-March 2025 onwards, tech platforms covered by the Act must take reasonable measures to tackle fraud or face enforcement action.
Political Pressure: The Chancellor’s Mansion House speech in November 2024 set clear expectations that online platforms must reduce their role in the UK’s fraud epidemic.
Mandatory Reimbursement Rules
The introduction of mandatory reimbursement for APP fraud victims has created stronger incentives for financial institutions to prevent fraud:
Split Liability: When fraud occurs, liability is shared between sending and receiving banks, encouraging both to maintain robust safeguards.
Continuous Innovation: Firms must demonstrate ongoing investment in fraud prevention, real-time data sharing, cross-sector collaboration, and rapid response to emerging threats.
The Scams Prevention Framework Act 2025
Enacted in 2025, this legislation establishes consistent, mandatory, and enforceable obligations on designated sectors, moving beyond voluntary cooperation to legal requirements.
National Fraud Strategy
The Labour Government committed to developing an expanded Fraud Strategy, with a near-final draft expected by year-end 2025. The new strategy is likely to:
- Span fraud against consumers, public sector, and businesses- Include increased focus on prevention and data-sharing- Establish formal cross-border enforcement cooperation partnerships
Vulnerable Populations
Older Adults (61+)
UK Finance reports that people over 61 were significantly more likely to suffer losses in 2024:
Why They’re Targeted:
- Higher likelihood of holding savings and investments- Comparative lack of digital literacy- Greater trust in authority figures
Common Scams: Impersonation and investment scams dominate, with criminals convincing victims to transfer large sums under the guise of “protecting” money or securing exclusive investment opportunities.
Emotional Impact: The consequences extend beyond financial loss. Many victims experience shame and isolation, creating a reluctance to report or seek help.
Small and Medium Businesses
While large corporations deploy sophisticated defenses, SMEs often lack resources for advanced protection:
Manual Methods: 70% of companies still rely on callbacks and email-based validations rather than automated verification systems.
Investment vs. Protection Gap: Despite 94% of businesses increasing technology budgets, only 33% have automated fraud prevention systems in place.
The International Dimension
Approximately 90% of scams in the UK originate overseas, requiring international cooperation:
Current Limitations: Despite the global nature of fraud, the UK has participated in only a limited number of cross-border enforcement raids.
Future Direction: The government should establish formalized cross-border enforcement cooperation partnerships and technical assistance programs with priority fraud “source” countries.
Red Flags and Protection Strategies
Universal Warning Signs
- Unsolicited Contact: Legitimate organizations rarely initiate contact requesting sensitive information2. Urgency and Pressure: Demands for immediate action to avoid problems or secure opportunities3. Unusual Payment Methods: Requests for gift cards, cryptocurrency, or transfers to “safe accounts”4. Too Perfect Communication: AI-generated messages may lack the minor imperfections of genuine human communication5. Spelling in URLs: Fake websites often use misspelled domain names (e.g., “gov.co.uk” instead of “gov.uk”)
Protective Measures
For Individuals:
- Never follow links in unexpected texts or emails- Always navigate to websites independently using known URLs- Set up two-factor authentication (2FA) on all accounts- Use strong, unique passwords managed through reputable password managers- Verify urgent requests through separate, trusted contact methods- Report suspicious texts by forwarding to 7726- Report scam emails to report@phishing.gov.uk
For Businesses:
- Implement automated fraud prevention systems, not just manual checks- Establish multi-step verification for payment changes or large transfers- Conduct regular anti-scam training with real-world scenarios- Deploy behavioral anomaly detection systems- Participate in real-time intelligence-sharing networks like BioCatch Trust
Progress and Challenges
What’s Working
Financial Sector Investment: The 2% reduction in APP fraud demonstrates that heavy investment in prevention technology, combined with reimbursement obligations, can reduce certain fraud types.
Enhanced Reimbursement: The mandatory reimbursement rules have created powerful incentives for continuous fraud prevention innovation.
Collaborative Efforts: Initiatives like the Security Summit, bringing together financial institutions, law enforcement, tech companies, and regulators, show promise.
Persistent Challenges
Criminal Adaptation: As one fraud vector becomes more difficult, criminals simply shift to others—hence the 22% surge in remote purchase fraud as APP fraud declined.
AI Acceleration: The “looming threat of AI as an accelerant to the fraud threat” means prevention measures must evolve constantly.
Platform Accountability: While the Online Safety Act creates obligations for tech platforms, enforcement and compliance monitoring remain ongoing challenges.
Underreporting: Stigma and lack of faith in outcomes continue to suppress reporting rates, particularly among older victims.
Looking Forward: 2026 and Beyond
Lord Hanson, the UK’s first Fraud Minister, faces significant challenges as he reviews statistics and initiatives:
Cause for Measured Optimism: The journey has moved considerably beyond the “lost decade” of the 2010s, with substantial legislative, regulatory, and technological progress.
The Reality: Warm words won’t solve this “sticky problem”—the political intent of 2024 must transform into concrete action in 2025 and beyond.
Critical Needs:
- Faster implementation of the new Fraud Strategy- More aggressive enforcement of Online Safety Act obligations- Enhanced international cooperation on cross-border fraud- Continued investment in AI-powered detection systems- Comprehensive public education campaigns addressing new threat vectors
Resources and Reporting
Action Fraud: report fraud at actionfraud.police.uk or call 0300 123 2040
Cifas: Learn about fraud prevention at cifas.org.uk
Which? Scam Alerts: Subscribe for weekly updates at which.co.uk
Report Scam Texts: Forward to 7726
Report Scam Emails: Forward to report@phishing.gov.uk
Report Suspicious Websites: National Cyber Security Centre at ncsc.gov.uk
This article is part of ScamWatchHQ’s Global Scam Series 2025. Fraud may be evolving, but so are our defenses. Stay informed, stay protected.