Andrew Ripper, a 53-year-old City analyst from Hertfordshire, lost £9,000 when a scammer hacked the email of a builder he was using. Jim Hunt, 50, from Newbury, Berkshire, lost hundreds when someone made transactions on his credit card. Reda Awad, 66, a surgeon from Hertfordshire, had £1,000 stolen by a crook pretending to be from BT. Peter Henderson, 63, from Harrow, northwest London, lost £2,900 after falling for a parcel delivery scam.
If you think bank fraud only happens to the vulnerable and the foolish, you are wrong — and it just makes you more likely to be the next victim.
The government launched its strategy to get tough on criminals last week, focusing on burglaries and stop-and-search and making offenders pick up litter while wearing hi-viz vests. But of the 20,000 words in its Beating Crime Plan, just 264 were dedicated to tackling fraud.
There were 267,931 victims of domestic burglary in England and Wales last year — a horrible, invasive crime. Yet there were 2.9 million victims of bank fraud and an estimated 1.7 million victims of computer misuse, such as hacking or malware. The long-lasting harm suffered is regularly underplayed.
Fraud now makes up around 40 per cent of all crime, and it is growing, fuelled by — and funding — organised crime. Burglars may wander down your street occasionally, looking for an appropriate target, but online fraudsters are trying to break into your bank account hour after hour, day after day, empowered by modern technology and emboldened by a system that allows them to get away with it.
Advertisement
The government announced last week it was to disband the reporting service Action Fraud, whose ineptitude was exposed in an investigation by The Times, and give greater powers to the National Crime Agency. It’s a positive move but ignores the fact that a major chance to crack down on online fraud has already been missed: fraud barely got a mention in the Online Safety Bill before parliament. This focuses on stopping terrorists and sexual predators from using the internet, but campaigners including the banks — who are often left to pick up the bill — want telecoms and internet companies held properly to account.
Investigations by Sunday Times Money over the past two years have found that it was possible to buy dozens of mobile phone sim cards without any identity checks, and that devices for sending out hundreds of “phishing” text messages were available cheaply on the internet. We showed how fake internet addresses of companies such as Royal Mail, HSBC and Revenue & Customs could be bought for a few dollars in seconds, and how fake investment companies using the official registration numbers of real firms were consistently appearing near the top of Google search engines.
Police forces have felt hamstrung as they were expected to pool information with Action Fraud, where it often disappeared into a black hole. So limited are police resources that the banks partly fund a specialist police division, the Dedicated Card and Payment Crime Unit, which in 2020 stopped an estimated £20 million of fraud and arrested 122 suspected fraudsters.
The pace of change has been frustrating. The authorities have been caught on the back foot while criminals develop ever more sophisticated methods of getting to our money. It was already ten years after fraud became a major problem that the government set up an Economic Crime Strategic Board in January 2019. It meets twice a year and is attended by the home secretary, the chancellor, the governor of the Bank of England, police chiefs and bank executives. Yet it was only at the board’s meeting in February this year that it put forward the framework for a fraud action plan, and details of this are not scheduled to be announced until later this year.
“It is a farce,” says the campaigner Mark Taber. “We don’t need to tweak the existing system, we need to overhaul everything. Scams are missed because there is no way for individual police forces to identify a crime that is being carried out across the country. By the time the police investigate — if they do — the fraudsters have moved on.”
Advertisement
Meanwhile, those who lose money to fraudsters feel stranded. Because of inadequacies in a voluntary code of conduct for reimbursement set up by the banks, many are left out of pocket and frequently complain that they are treated as the culprits rather than victims of crime.
Lloyds customer Kate Mannion, 50, a school nurse, lost £19,950 when she was duped by a fraudster into transferring money to an account run by Metro Bank. She says the criminals knew all her personal information already when they rang claiming to be from Lloyds customer service. The mother of six, from East Sussex, reported the fraud to Lloyds, who refused to reimburse her, saying she had ignored warnings that she might be being scammed. The reimbursement code says banks can only refuse a refund if they believe a customer has been negligent.
“Lloyds says I was careless with my information, but I didn’t give them anything,” she says. “I have no idea how they had my details. I did not hand them my information, and I deeply resent the inference that I did.”
Other victims say they have suffered depression and anxiety attacks, and many are angry at the lack of sympathy from the banks. Helen Undy, chief executive of the Money and Mental Health Policy Institute, says: “Falling victim to a scam can have a devastating psychological and financial impact. Reporting this kind of crime can be very difficult, as it involves recollecting traumatic experiences, and the process for seeking redress is unclear. We want to see law enforcement agencies making the process of reporting fraud easier and clearer, ensuring that victims are treated with respect and sensitivity when they come forward, and improving signposting to other places that can help, like Victim Support.”
It can be exasperating for victims that the cases are not taken to satisfying conclusions. When Sunday Times reporter Ali Hussain confronted a scammer last month, he tried to report the phone number and web address to the police for further investigation. He was told to report the case to Action Fraud. The case was closed shortly afterwards.
Advertisement
Donald Kelly, an 87-year-old retired vet from Exeter, managed to track down the name of the fraudster who stole £47,000 from him. The culprit was a foreign national who had lived in the UK but moved back abroad. When the man returned to the UK he was arrested and admitted receiving the £47,000 but said he had no idea that the funds were fraudulently obtained. The police eventually dropped the case.
The banks are frustrated too. Katy Worobec, managing director of economic crime at bank trade body UK Finance, says: “What we would like to see is a complete reset of the way we tackle fraud — everything from prevention to disruption and policing. That means examining how banks are allowed to share information with each other and chase money through the system. This needs to be a joined-up strategy with everyone involved, including companies like tech firms who are part of the system.”
But police officers say they lack the resources and, increasingly, specialist training to tackle modern fraud. Tracing online scams requires technology and know-how to track internet addresses and phone numbers back to the perpetrator, resources regional forces do not have. Money-laundering investigations can take months because cash moves quickly through the system and requires account holders to be identified. This is why many in the police believe tech companies themselves could do more to stop crime.
And while the slow pace of change rumbles along, the victims keep mounting. For example, Maya Dhingra, 79, from Essex, paid £9,750 to someone she thought was a fraud investigator from her bank — he wasn’t. The family of 81-year-old Kenneth Goldman discovered he had been scammed out of £150,000 by a fake investment firm as he lay dying of cancer.
James Coney is Money Editor