Detailed Cifas research reveals 96% spike in retail account takeover fraud

The latest research project conducted by Cifas shows that there was an overall increase in online fraudulent conduct of 9% in the first nine months of 2019 when compared to the same period the previous year. The majority of online fraudulent conduct was made up of identity fraud, whereby individuals pose as unwitting victims or create a fictitious persona to apply for goods and services online. Identity fraud accounted for 53% of online fraud, representing a 71% increase on 2018.

Telecommunications companies were hit hard by fraudulent conduct, with an overall increase of 21% compared to the previous year. The main increase was due to account takeover (for instance, where individuals claim another person’s mobile phone upgrade to obtain expensive handsets to sell on) which saw a 35% increase compared to 2018, making up nearly half of the cases recorded by the telecoms industry.

However, it was instances of retail account takeovers that soared the highest last year – 96% compared to the previous year. This occurs when someone takes over a person’s online account – for example, an online shopping account – and changes details such as the delivery address, usually with the intention of sending goods to themselves. Most individuals gain access to their victims’ accounts using personal data extracted in phishing or smishing schemes.

Unsurprisingly, it was younger people who were the most common victims of identity fraud on online retail accounts, with the under 21s having the highest proportion compared to other age groups. 10% of victims under 21 had their details used for online retail and 17% for telecoms. Although younger people tend to be more savvy about fraud schemes, they’re also more likely to be targeted online simply because they’re more active in online spaces.

Mike Haley, CEO of Cifas, said: “With online fraudulent conduct seeing a sharp increase in 2019, shoppers need to be extra vigilant. Fake social posts, online advertising or e-mails are extremely common ways for criminals to ‘phish’ for the personal data that they can use to steal someone’s identity or take over their account. Consumers need to be wary of sharing suspicious posts on social media, or clicking links. Some easy ways to spot fraudulent activity is to verify the e-mail address, or hover over the link to check its authenticity. People should also keep a close eye on their bank accounts for any transactions with which they’re not familiar.”