Lockdown Cybercrime Data In The UK
UK government data shows how computer crime and fraud in general has affected us during COVID and the related lockdown.
The Office For National Statistics published a survey on perceptions of crime during COVID on 3rd February 2021. Of 5,177 respondents, 82% felt that they were neither less nor more worried about being a victim of fraud. There was no investigation of possible types of fraud.
The UK also publishes crime statistics for England and Wales every 6 months. The most recent was released on 3rd February 2021 and covers crime up to September 2020. Results are summarised by year and by comparing October 2019-September 2020 with the 2018/2019 figures we can investigate what effect the COVID lockdown may have had on computer fraud.
Details of actual fraud activity are calculated from data submitted to the government agency Action Fraud. The data is most useful when considering proportions of offences rather than the actual numbers. The information is an appendix; table A5 to the national crime statistics. Here are the computer misuse numbers. Only where figures are in excess of 1,000 can we begin to make a serious statistical comparison.
October – September figures |
18/19 |
19/20 |
% change in 19/20 |
Computer viruses/malware |
4,829 |
6,775 |
40 |
Denial of service attack |
118 |
120 |
2 |
Denial of service attack (extortion) |
34 |
59 |
57 |
Hacking – server |
289 |
337 |
17 |
Hacking – personal |
2,631 |
4,476 |
70 |
Hacking – social media and email |
9,298 |
14,241 |
53 |
Hacking – PBX/dial through |
137 |
116 |
-15 |
Hacking (extortion) |
4,131 |
2,970 |
-28 |
Total |
33,2083 |
35,2132 |
36 |
These figures relate to the means of deployment of the fraud. Apart from being classified as extortion or otherwise details of the type of fraud are lacking. The magnitude or effects of incidents are also absent. It can be seen that the likelihood of a personal machine being hacked is more than 10 times that of a server. A server crime might affect more individuals or be a significantly greater financial impact but every number is a case affecting the lives of 1 or more people. We can note the relatively low number of PBX or dial through attacks is continuing to decrease. This may be due to the increased use of VOIP solutions moving the same fraud attacks into the server category.
Details of types of fraud other than dedicated computer fraud are also published by Action Fraud. These are not necessarily computer based but in some categories the delivery is almost certainly by computer. Note that a single crime incident might appear in more than 1 category.
October – September figures |
18/19 |
19/20 |
% change in 19/20 |
“419” Advance fee fraud |
1,999 |
1,256 |
-37 |
Lottery scams |
1,192 |
823 |
-31 |
Dating scam |
5,356 |
6,105 |
14 |
Online shopping and auctions |
61,125 |
77,670 |
27 |
Computer software service fraud |
21,687 |
14,406 |
-34 |
Cheque, plastic card and online bank accounts |
30,621 |
26,695 |
-13 |
It is no surprise to see the ‘419’ fraud still up on the list. This refers to scams such as the Nigerian Princess asking to transfer her fortune out of Nigeria. It is to hoped that this data largely refers to reporting of incidents and not to actual loss of funds.
For all the data we are looking at reported figures not total incidents but as the source is the same throughout we can draw comparative conclusions. It is good news to see a reduction in bank account fraud despite many bank branches closing or operating at reduced hours during lockdown. An increase in use of online banking would be expected but increased security from the banks has led to a reduction is fraud. The online shopping and auction category is double the total for all the computer misuse incidents in the same time period. Dating scams are almost as likely to be reported as computer virus and malware incidents. There has been a significant increase in both categories since lockdown; possibly due to people spending more time on-line.
These numbers clearly indicate that the most likely risk of computer fraud is through social engineering as opposed to technical expertise on the part of the attacker. The best way to reduce the opportunities for fraudsters is user education to recognise and act on potential attacks.
Kindus recommends:
• Think before clicking through; if something is suspicious investigate before acting.
• Keep work and business computing separate; ideally on a different machine, better still a different network. Never re-use the same passwords for home and business.
Nevertheless it is still essential to maintain software barriers to computer fraud.
Kindus recommends:
• Always keep software and operating systems patched and up to date.
• Use 2-factor security to protect account access.
• Use a VPN when connecting with work colleagues or shared data.
Even a minor incident could be the first stage of a more serious attack. Document as much of the incident as possible and call in expert help. Kindus are experienced security professionals, ready and willing to offer advice and support on dealing with and preventing cyber security incidents.