Cifas reports 9% rise in facility rise takeover

1st November 2023

Criminals are turning more to targeting existing consumer services in 2023, with telecom, online retail and plastic card products particularly under attack. Fraud prevention service, Cifas has detailed that its members recorded nearly 278,000 cases to the Cifas National Fraud Database in the first nine months of 2023. Of this, more than 30,000 cases related to facility takeover – a 9% increase compared to the same time-period in 2022. Facility takeover – also known as account takeover – happens when criminals compromise personal data to hijack an existing product.

The latest data from Cifas shows that 42% of facility takeover cases concerned telecoms products (up 71%), and 24% concerned online retail. Facility takeover is also up 11% against plastic cards, whilst 59% of hijacks occurred via online channels, 18% through telephony channels.

People aged 61+ were more likely to be targeted over any other age group, with just over a quarter (26%) falling victim – a rise of 8% compared to the same timeframe in 2022.

Impersonating banking staff remains a key tactic, with criminals calling victims under the guise of a suspicious transaction being identified within their account. They then persuade the individual to provide personal and financial information or share their screen to access accounts. As a result, they are able to hijack existing consumers services, often upgrading the innocent party’s phone contract to obtain the latest phone handset, purchase goods through their online retail account, extend credit or take out new loans.

Further figures from the National Fraud Database in the first nine months of 2023 show just over 178,500 cases of identity fraud have been recorded – accounting for 64% of total cases. Misuse of facility is also up 3% (nearly 54,000 cases) compared to the same timeframe in 2022.

Amber Burridge, Head of Intelligence for Cifas, said “Criminals are specifically targeting victims’ existing financial products and services, a development which could be in response to lenders reacting to a challenging economic climate by tightening their affordability checks on new customer applications.”

“They are also pinpointing contact centres where they can socially engineer staff and gain access to accounts. A favoured tactic is taking advantage of remote working employees who may find it more difficult to identify a fraudulent call.”

“Criminals continue to explore new ways in which they can profit from the most vulnerable point in the chain and often that means exploiting a trusting person on the other end of the phone. With key dates coming up – such as Black Friday and Christmas – there will likely be a spike in these types of calls that people receive, so we urge consumers to remain vigilant and never give away personal or financial information.”