Cifas Fraudscape 2026: New Insights into the UK's Evolving Fraud Threat

The publication of the Cifas Fraudscape 2026 report provides a timely and comprehensive snapshot of the fraud landscape across the United Kingdom, drawing on data reported to Cifas during the twelve months to December 2025. The report paints a stark picture of the continuing growth and sophistication of fraud, highlighting how criminals are exploiting digital technologies, social media platforms and global networks to target both individuals and organisations at unprecedented scale.

Fraud is now firmly established as the most prevalent crime type in the UK, and its impact continues to deepen across society. According to the UK Government’s Fraud Strategy 2026–2029, fraud accounts for around 45% of all crime in England and Wales, with over 4 million offences recorded in the year to September 2025 and an estimated economic cost of at least £14.4 billion annually.

Key Trends Identified in Fraudscape 2026

The Fraudscape report highlights several dominant fraud threats that are shaping the current landscape:

Identity fraud and impersonation attacks remain among the most common forms of fraud. Criminals are increasingly using stolen personal data obtained from previous breaches, phishing campaigns and social media profiling to impersonate individuals when opening bank accounts, applying for credit or accessing financial services.

Authorised push payment (APP) fraud continues to be one of the most financially damaging scams. Victims are manipulated into transferring money directly to criminals, often through sophisticated social engineering techniques. These scams frequently involve impersonation of banks, police officers, solicitors or trusted businesses.

Investment and cryptocurrency fraud is another fast-growing threat. Fraudsters are using convincing online advertising and cloned websites to lure victims into fake investment schemes, often promising unusually high returns. Cryptocurrency-related scams in particular have increased significantly as criminals exploit limited public understanding of digital assets.

Purchase fraud remains widespread, particularly through online marketplaces and social media platforms. Fraudsters advertise goods that do not exist or that will never be delivered, exploiting the growth of online shopping.

Account takeover fraud is also rising, with criminals using phishing, malware and credential-harvesting tools to gain access to victims’ online accounts, enabling them to steal funds or commit further fraud.

Increasingly, these fraud types are technology-enabled and globally coordinated, making detection and prevention more challenging for law enforcement and financial institutions.

Technology and Organised Crime

Both Fraudscape and the Government’s new Fraud Strategy highlight the growing role of organised crime groups operating across international borders. These groups are adopting new technologies such as artificial intelligence, deepfakes and voice cloning to enhance their scams.

Phishing and social engineering remain the most common entry points for fraud. Criminals are also increasingly exploiting digital infrastructure including social media platforms, online advertising networks and messaging services to reach victims quickly and at scale.

The Government’s strategy notes that many fraud operations are now industrialised, with organised scam centres operating overseas and targeting UK victims via spoofed phone calls, fraudulent websites and social media messaging campaigns.

The UK’s Response: A New Fraud Strategy

Alongside the release of Fraudscape 2026, the UK Government has published a new Fraud Strategy for 2026–2029, setting out a national response structured around three pillars:

Disrupt criminal operations by targeting the infrastructure used by fraudsters
Safeguard individuals and businesses through prevention and resilience measures
Respond more effectively by improving victim support and strengthening law enforcement capabilities

The strategy includes the launch of a new Online Crime Centre, expanded public awareness campaigns such as Stop! Think Fraud, and improved coordination between law enforcement, industry and regulators.

Why This Matters for Northern Ireland

While fraud statistics are typically reported at UK-wide level, the trends identified in Fraudscape 2026 are highly relevant to Northern Ireland. Local police and financial institutions continue to report increasing levels of online fraud, including investment scams, romance fraud and payment diversion fraud.

Northern Ireland’s strong digital economy and high levels of online banking and e-commerce mean that individuals and businesses face the same evolving threats seen across the UK. Raising awareness, sharing intelligence and promoting best practice across sectors remain essential to reducing harm.

A Call for Continued Collaboration

The publication of Fraudscape 2026 — courtesy of Cifas — reinforces a clear message: fraud is not just a financial crime but a societal challenge that affects individuals, businesses and public confidence in the digital economy.

For organisations across Northern Ireland, staying informed about emerging fraud trends and strengthening preventative measures will be key to protecting communities and supporting the wider fight against economic crime.

Tackling Fraud in a Digital Age: What the UK's New Fraud Strategy Means for Northern Ireland

Fraud has become the most common crime affecting individuals and businesses across the UK. It is estimated to account for almost half of all reported crime and costs the economy more than £14 billion each year. The UK Government’s new Fraud Strategy 2026–2029 recognises the scale of this challenge and sets out an ambitious plan to disrupt fraud, protect victims and strengthen the country’s economic resilience.

Modern fraud is increasingly complex. Criminals are exploiting advances in technology, operating across borders and using sophisticated tactics to target individuals, businesses and public services. Fraudsters can reach victims online, through social media, telecommunications networks or financial systems, often without ever meeting them in person. This evolving threat means tackling fraud is rarely straightforward. Each new safeguard introduced by industry or law enforcement often prompts criminals to adapt their methods and find new vulnerabilities to exploit.

Against this backdrop, the Government’s strategy takes a system-wide approach built around three key pillars: Disrupt, Safeguard and Respond.

The first pillar focuses on disrupting the infrastructure criminals rely on to commit fraud. This includes the creation of a new public-private Online Crime Centre designed to improve intelligence sharing and coordinated action across government, law enforcement and industry. It also places greater responsibility on sectors such as telecommunications, online platforms and financial services to help prevent fraud occurring in the first place.

The second pillar seeks to safeguard individuals and businesses by improving awareness and resilience. Initiatives such as the expanded “Stop! Think Fraud” campaign aim to help the public recognise common scams and adopt protective behaviours. At the same time, specialist cyber resilience support will help businesses strengthen their defences.

Finally, the strategy focuses on improving the response when fraud does occur. A new national reporting system, “Report Fraud”, will provide a clearer route for victims to report incidents and receive support. Alongside this, improvements to law enforcement capability and the justice system aim to ensure fraudsters face stronger consequences.

From a Northern Ireland perspective, the strategy reinforces the importance of collaboration across law enforcement, government, regulators and the private sector. Fraud rarely respects geographic boundaries, and many online-enabled crimes affecting victims here in Northern Ireland originate outside the UK altogether. Initiatives that strengthen intelligence sharing, cross-border cooperation and public awareness therefore have particular relevance for Northern Ireland, where partnership working has long been central to effective fraud prevention.

While there is no single solution to fraud, the strategy represents a significant step forward. By strengthening collaboration between government, industry and law enforcement, and by focusing on prevention as well as response, the UK is taking important steps towards staying ahead of an increasingly adaptive criminal threat.

Recent Fraud Threats in the UK & Ireland — What Every Business Needs to Know

Fraud remains one of the most pressing and fast-evolving threats to UK and Irish organisations. Over the past six months, new cases have underscored how even the most robust companies can be caught off-guard by increasingly sophisticated criminal tactics.

Below we highlight three major fraud threats that have dominated recent headlines — and what practical steps businesses in Northern Ireland can take to defend themselves.

1. APP and Invoice-Redirection Fraud Still the #1 Threat

Authorised Push Payment (APP) fraud continues to top the league table of corporate losses. In March 2025, Santander UK successfully defended a High Court claim from a private education provider that had lost £415,000 through an APP scam — the court ruled that banks cannot be held automatically responsible for customer mistakes.
Reuters coverage

Meanwhile, UK Finance reports that while total APP fraud losses fell to £450.7 million in 2024, criminals have simply shifted tactics toward impersonation, business email compromise (BEC), and look-alike domain fraud.
The Guardian | Financial Times

2. Procurement and Construction Corruption — A Growing Menace

Procurement fraud and bribery cases continue to surface across the UK public sector. A recent Scottish case involving construction contracts across NHS health Boards exposed years of kickbacks, false invoicing, and insider collusion — a reminder that fraud can embed itself within legitimate supply chains.

For Northern Ireland’s construction, housing, and public procurement sectors, the message is clear: layered subcontracting and informal “favours” can quickly slide into corruption risk. Transparency, due diligence, and cultural vigilance are critical safeguards.

3. The New “Failure to Prevent Fraud” Offence (Effective Sept 2025)

From 1 September 2025, large UK organisations (and NI subsidiaries operating in the UK) face criminal liability if an employee, agent, or contractor commits fraud to benefit the organisation — unless “reasonable prevention procedures” are demonstrably in place.
WilmerHale Analysis | Dechert Commentary

This will be a game-changer for Boards, requiring documented anti-fraud frameworks, training, and internal reporting — not just policy statements.

Practical Steps for Northern Ireland Businesses

Verify supplier bank changes via independent call-backs.
Apply dual authorisation for new payees and bank detail changes.
Strengthen email security — MFA, DMARC, and restricted shared mailbox access.
Conduct supplier due diligence: Ultimate Beneficial Owner (UBO) checks, tax/VAT verification, and adverse media screening.
Maintain whistleblowing channels that allow safe reporting.
Train staff regularly to recognise coercion, manipulation, and “social engineering.”
Document your anti-fraud framework — vital for the new Failure to Prevent Fraud defence.

Download our Free Checklist

We’ve prepared a one-page Procurement & Accounts Payable Anti-Fraud Checklist designed for use by finance and procurement teams.

Take a look at our Free Checklist here:

PSNI Detectives from the Police Service's Cyber Crime Centre are warning Northern Ireland businesses to be on their guard against phishing emails.

The warning, issued on 5 September 2025, follows reports of a number of local businesses, in particular those within the legal sector, being targeted by scammers.

Regional Cyber Protect Officer, Detective Constable Sam Kinkaid, explains the term ‘phishing’ is mostly commonly associated with the use of deceptive emails to obtain sensitive information.

He said: “We’re asking everyone, in particular local businesses, to be on their guard.

“We’ve recently seen phishing emails reach a number of organisations, including law firms. And, in the last few days alone, thanks to reports to Action Fraud and local engagement, we have been made aware of five targeted businesses.”

Detective Constable Kinkaid describes a common pattern to the recent attacks: “An employee receives a phishing email that has been sent by criminals using a compromised known contact detailing a file share that can be accessed via a ‘Secure Portal’.

“The recipient is directed to a Microsoft Sway webpage displaying the senders company logo and a link to access the ‘Secure Portal’ in order to view the shared document.

“On attempting to access the ‘Portal’, the victim is taken to a Sign In page that will present a ‘captcha’ request.

“On completing the ‘captcha’ employees will be presented with a hoax Microsoft ‘Sign in’ page, designed to capture username and password credentials.”

Further details can be found at: https://www.psni.police.uk/latest-news/detectives-police-services-cyber-crime-centre-are-asking-northern-ireland-businesses-be

The Global Anti-Scam Alliance (GASA), in partnership with Cifas, has released the 2024 State of Scams in the United Kingdom report.

Key Findings from the 2024 State of Scams the in the United Kingdom Report

£11.4 Billion Lost to Scams: Scams accounted for 0.4% of the UK’s GDP, with the average loss per victim standing at £1,443 (US$1,818).
High Scam Prevalence: 61% of Britons encounter scams monthly, with 52% reporting an increase in scam activity over the past year.
Rising Sophistication: Scammers increasingly use AI tools to generate realistic texts, images, and even voices to deceive victims.
Decline in Reporting: 71% of Britons do not report scams, up 5% from 2023, highlighting a growing distrust in law enforcement’s ability to address these crimes.
Most Common Scams: Shopping scams remain prevalent, while investment scams continue to rise, exploiting victims through credit cards, bank transfers, and online payment platforms.
Emotional and Psychological Toll: 53% of victims report a strong emotional impact, a 7% increase from last year, underscoring the human cost of fraud.

Courtesy of GASA and Cifas

Would you be able to recognise the difference between a fake voice and the voice of a family member or friend?

The growing threat of AI-powered voice cloning has emerged as a serious concern in fraud, particularly in the UK and Ireland. This technology allows scammers to replicate a person’s voice using only a few seconds of audio, often sourced from social media or public recordings. Once fraudsters have a cloned voice, they can impersonate trusted individuals—such as family members or friends—in phone calls or voice messages, convincing victims to send money under false pretenses.

A notable awareness campaign, Stop! Think Fraud!, highlights these dangers, with actor James Nesbitt lending his voice to raise awareness. In a video released as part of the campaign, Nesbitt explains how AI voice cloning scams work, emphasizing that people can easily fall for these sophisticated tricks, particularly in emotionally charged situations, like when receiving a fake call from a loved one urgently asking for financial help.

The rise of voice cloning fraud is alarming. According to recent studies, a significant portion of the UK population has already encountered or been targeted by these scams. For instance, a survey by Starling Bank revealed that nearly 28% of Brits believe they have been targeted by voice cloning fraud, and 8% admit they would send money even if something seemed suspicious. The difficulty in distinguishing between real and cloned voices—especially over the phone—has made this form of fraud particularly insidious. Technology has advanced to the point where listeners are often unable to tell whether they are hearing a real person or an AI-generated voice.

To combat these scams, experts recommend using Safe Phrases. These are pre-agreed, personal phrases that can be used between trusted contacts to verify a caller’s authenticity. For example, if you receive an unexpected call from a loved one asking for money, you can request the safe phrase before proceeding. If they fail to provide it, it’s a clear red flag that the call might be a scam. Additionally, you should immediately end the call and try to contact the person through a different method, such as a text or another phone number, to verify their identity.

Banks like Starling have championed the safe phrase approach, advising families to set up these phrases in person and never share them digitally, reducing the risk of interception by scammers. Moreover, limiting the public sharing of voice recordings—whether through social media or in public forums—can also help reduce the chances of scammers obtaining your voice for cloning purposes.

For anyone who suspects they have been targeted or fallen victim to a voice cloning scam, the advice is to contact their bank immediately by calling a dedicated fraud helpline such as 159, which connects you directly to your bank for help and further protection.

In conclusion, while AI voice cloning offers new and complex challenges for fraud prevention, simple steps like safe phrases and being mindful of voice privacy can greatly reduce the risk of being scammed. As awareness grows through campaigns like Stop! Think Fraud!, individuals can become more vigilant and prepared to recognize and avoid these sophisticated scams.

Friday 3rd May 2024 - NERCU Report New Scam Targeting Online Shoppers

The North East Regional Organised Crime Unit #NEROCU have posted this warning on LinkedIn on Friday 3rd May 2024:

We’re warning of a new scam surfacing on apps and sites like Vinted after nine North East victims have come forward – with a total loss of £2,600 so far.

The scam involves victims trying to retrieve funds after a failed transaction. They are then contacted by a fake ‘Vinted’ chatbot and advised to open a new Revolut account to resolve the issue.

They are told to add money to activate the account so the previous amount can then be retrieved. Once the victim does so, the scammers then remove all the funds from the Revolut account.

🚫 NEROCU’s advice is to stop and take time to assess any situation that involves transferring money or giving personal information to anyone. No genuine site or agency will pressure you to make a decision or transfer money.

If you have concerns or doubts, close the site or app and open it again from a trusted source to ensure you’re speaking to a legitimate person.

While we also work with banks and community groups to educate staff and the public around spotting the signs and how to report it, we also need victims to report as soon as they can so police and partners can work together to dismantle frauds.

💻 For further help and advice, and to report fraud, please visit the Action Fraud website

Friday 3rd May 2024 - New £150m service will stop, block and catch more fraudsters, says City of London Police Authority chair

The new £150 million service to replace Action Fraud will “streamline victim reporting” and “empower swift police intervention” to stop, block and catch more fraudsters, the City of London Police Authority has said.

The new service is designed to make it easier and quicker for everyone to report fraud and cybercrime and significantly improve the speed and quality of information provided to law enforcement partners, boosting their chances of successful prosecutions.

https://policeprofessional.com/news/new-150m-service-will-stop-block-and-catch-more-fraudsters-says-city-of-london-police-authority-chair/

Thursday 26th October 2023 - UK's Online Safety Act Receives Royal Assent

Today, the online Safety Act received Royal assent, meaning Ofcom’s powers as online safety regulator have now officially started.

So what does that actually mean?

The Online Safety Act makes companies that operate a wide range of popular online services legally responsible for keeping people, especially children, safe online. Services must do this by assessing and managing safety risks arising from content and conduct on their sites and apps.

Services in scope of the new rules include user-to-user services such as social media photo and video-sharing services, chat and instant messaging platforms, online and mobile gaming, as well as search services and pornography sites.

Dame Melanie Dawes, Ofcom’s Chief Executive said:

“These new laws give Ofcom the power to start making a real difference in creating a safer life online for children and adults in the UK. We’ve already trained and hired expert teams with experience across the online sector, and today we’re setting out a clear timeline for holding tech firms to account.”

“Ofcom is not a censor, and our new powers are not about taking content down. Our job is to tackle the root causes of harm. We will set new standards online, making sure sites and apps are safer by design. Importantly, we’ll also take full account of people’s rights to privacy and freedom of expression. We know a safer life online cannot be achieved overnight; but Ofcom is ready to meet the scale and urgency of the challenge.”