Resilience First has organised a number of events and briefings to highlight the dangers of economic crime and what needs to be done in response. In a webinar in November 2020, for instance, speakers emphasised the importance of tackling fraud through much better prevention and detection strategy. One presenter believed that it required a national fraud strategy which prevented rather than detected economic crime, a single governance and leadership model, and a more intelligence-led approach. Another conclusion was that it was necessary to move away from the idea that prosecution is the answer to the problem. It was commonly agreed that businesses would have to protect themselves and their customers.  

The problem of economic crime continues to grow, as this update reveals. There are some positive messages within but not yet on the scale necessary to rise to the challenge.

APP Fraud

According to the latest report from UK Finance, fraud in the UK has risen to a level where it poses a ‘national security threat’. According to the banking body, £754m was stolen from bank customers during the first half of 2021, a 30% rise on the same period in 2020. UK Finance said fraudsters had capitalised on the coronavirus pandemic, with criminals targeting children as young as 14 via social media to become money mules.

In previous years the largest fraud losses have been unauthorised frauds mainly committed using payment cards. This year, however, criminals focused their activity on what is termed authorised push payment (APP) fraud. In APP fraud a customer is tricked into authorising a payment to an account controlled by a criminal. There was a 71% increase (to £355m) in APP fraud during the first half of 2021 and, for the first time, the amount of money stolen through APP fraud overtook card-fraud losses.

A new fraud hotline has been launched to check on whether a call from a bank is genuine or not. Stop Scams UK and the Global Cyber Alliance have launched the ‘159’ pilot scheme with backing from major banks and technology firms. The hotline is specifically designed to thwart APP scams.

The scheme will run as a pilot scheme for at least a year. The banks participating in the pilot are: Barclays. Lloyds (including Halifax and Bank of Scotland), NatWest (including Royal Bank of Scotland and Ulster Bank), Santander, and Starling Bank. TSB, which helped to develop the scheme, plans to implement the number from January. More banks and telecoms firms are expected to join as the pilot progresses.


Another growing form of economic crime is through ransomware attacks. According to a report from international security specialist Positive Technologies, ransomware attacks have reached ‘stratospheric’ levels, now accounting for 69% of all attacks involving malware. There has been yet another 30% jump over the same quarter in 2020. A 45% rise in ransomware attacks in April alone should be a ‘cause for grave concern’ the survey reports. Ransomware attacks on retailers accounted for 95% of all attacks using malware. This is probably because previous attacks in this industry mostly targeted data payment details, personal information, credentials, etc. Now, they pursue financial gains more directly through ransoms.

Actions to counter ransomware attacks include regular, comprehensive, verified backups. These are key not only to rapid and reliable recovery but also to identifying that an attack has occurred and knowing the impact. Real-time security software is no longer adequate says Index Engines. Modern ransomware is sophisticated and can circumvent basic scans and integrity checks.

To provide the proper level of defence, data backup and protection products need to perform the following added functions:

  • Scan: search backups for signs of attack/compromised data in content (both unstructured files and databases as well as core infrastructure).
  • Alert: immediately notify administrators when signs indicate an attack may have occurred.
  • Diagnose the attack: understand the who, what, where and when of the attack to support recovery.
  • Identify the last good backup: find the last known uncorrupted version so operations return to normal with minimal downtime.