27 June 2017

It’s time to take cyber crime seriously

By Ian Dyson

This January, the Crime Survey of England and Wales included fraud and cyber crime for the first time. In the 12 months to September 2016, there had been two million incidents of cyber crime and over 3.5 million reports of fraud. Of nearly 12 million incidents of crime recorded in the survey, almost half (47 per cent) were fraud or cyber crime.

The City of London Police, in its role as National lead police force for fraud, is the host for Action Fraud, the national reporting centre for fraud and cyber crime. We take reports of crime from across the country, putting us on the front line in the fight against fraud. With approximately 70 per cent of fraud now either cyber-enabled or cyber-dependent, we have a role to play in preventing cyber crime too. And with the 2016 Annual Fraud Indicator estimating the cost of fraud to the UK economy at £193 billion, (that’s £11 billion more than the UK Government received in income tax in 2016-17), we don’t underestimate the scale of what we’re dealing with.

So what is cyber crime? Once portrayed as a shadowy activity perpetrated by techie geeks, it is actually frighteningly mundane. While the WannaCry ransomware attack in May illustrated the grand scale on which cyber crime can occur, attacks like this are rare. What we see reported into Action Fraud everyday illustrates that criminals utilise the norms of life lived online.

Last week we issued an alert relating to Dridex malware embedded in emails that claimed to a bill from BT. Once it infects a system, the Dridex malware is designed to steal personal information such as usernames and passwords, with the ultimate goal of stealing cash via online banking. This is just one of the 30 or so cyber crimes we have reported to us routinely. So far this year we have issued 18 alerts warning people of cyber crimes that are wide-ranging in terms of complexity but ultimately seek to defraud.

That said, in a country where the most commonly used password is ‘Password’, and the second is ‘123456’, criminals need not make too much effort to defraud via technology. There is a worrying complacency around online behaviour that is a gift to those who seek to do harm.

In April, in partner with GetSafeOnline and the Society of Ticket Agent and Retailers, we launched a national ticket fraud campaign designed to show the public how easy it is to fall victim to fraud. Over a few hours we ran a series of Facebook flash sales, and over 1,500 people clicked on our ads to try and purchase from a ticket sales website we had created called Surfed Arts (an anagram of fraudsters).

Among those targeted were fans of Adele, Bruno Mars and Iron Maiden, who were offered tickets to sold-out concerts. Once consumers were in the Surfed Arts site, we explained there were no tickets, and gave advice on how to avoid ticket fraud. The purpose of the campaign was two-fold: to seek to change consumers’ online behaviour and to see for ourselves how easily consumers are convinced to trust organisations with a mere patina of respectability.

What drives this complacency is an area we need to work on, but in the meantime, there is much people can do to make their online world more secure. Advice such as ensure updates and patches are installed is simple to follow and will go a long way to protect computers and other technologies from random attack. Signing up to receive alerts from Action Fraud will provide up-to-date information on current threats and how to avoid them.

And if you should fall victim to a fraud or cyber crime, please report it to Action Fraud. It offers a 24/7 cyber crime reporting and triage service. If you believe you are under an immediate cyber attack, you can call Action Fraud and receive support and advice on how to manage the attack. If you’ve been a victim of fraud, we will take information contained within your fraud report and use it to prevent further frauds by contacting internet and phone providers and asking them to take down websites and phone lines linked to the fraudulent activity.

We also use fraud reports to issue UK-wide alerts; if you’ve been a victim there’s a good chance someone else may be too. And sometimes a fraud report leads to enforcement activity and fraudsters go to prison.

On 22 June, a 24-year-old student was sentenced to two years in prison after she conned seven men out of £135,000 via online dating scams. Her victims, believing they had found love, sent her money for travel and expenses. Once they became aware they had been defrauded, victims reported to Action Fraud, who then passed the case to the Met for investigation and enforcement.

Cyber crime is not a neglected corner world. We take it very seriously indeed.

Ian Dyson is the Commissioner of the City of London Police