Cyber-Fraud in the UK

– in Westminster Hall at 5:01 pm on 25 May 2021.

Alert me about debates like this

Photo of Peter Dowd Peter Dowd Labour, Bootle 5:01, 25 May 2021

I remind hon. Members that there have been some changes to normal practice to support the new hybrid arrangements. Timings of debates have been amended to allow technical arrangements to be made for the next debate. There will also be suspensions between each debate.

I also remind Members participating physically and virtually that they must arrive for the start of debates in Westminster Hall, and that Members are expected to remain for the entire debate.

I must also remind Members participating virtually that they are visible at all times, both to each other and to those of us in the Boothroyd Room. If Members attending virtually have any technical problems, they should email the Westminster Hall Clerks’ email address, which is westminsterhallclerks@parliament.uk. Members attending physically should clean their spaces before they use them and as they leave the room. I also remind Members that Mr Speaker has stated that masks should be worn in Westminster Hall.

Photo of Chris Elmore Chris Elmore Opposition Whip (Commons), Shadow Minister (Scotland) 5:02, 25 May 2021

I beg to move,

That this House
has considered cyber-fraud in the UK.

It is a pleasure to serve under your chairmanship, Mr Dowd; I did not know that you had joined the Panel of Chairs, so I am particularly glad to see you in the Chair.

I am grateful that this important issue was successful in the ballot, affording us a golden opportunity to keep up the pressure on the Government to take this issue and its real-life consequences seriously. We have heard in recent weeks and months from a growing number of colleagues from across the House who have voiced concerns about the scale and scope of this problem, clearly illustrating that this is by no means a constituency-specific issue.

Cyber-fraud impacts us all, and failure to address it at the root risks undermining both our national security and our personal safety. Simply put, it is as real a threat to the weekly online shop as it is to national security. It respects no boundaries and views every home and institution as fair game. It poses a clear and present danger to each and every one of us.

However, tackling cyber-fraud will require grit and determination, and a steadfast refusal to roll over to powerful online platforms that believe they are untouchable. We must remember that their bark is worse than their bite. They know that if one Governments succeeds in implementing real change, more will follow. And we need that one Government to be the UK Government.

The British public are now more likely to experience fraud than any other type of crime and the scale of cyber-fraud in particular is growing exponentially. It is no longer enough to promote public awareness campaigns about not giving out bank details or ignoring unsolicited text messages. We need a substantial and co-ordinated response from financial institutions, Government and law enforcement. The country needs a standardised response and reporting mechanism, so that we can shape a set of established norms and expectations, making reporting easier, alongside tracking reports and timeframes for action.

The Government have said that if something is illegal offline, then it is illegal online. This is a principle that I am sure all colleagues can agree with, but, as is so often the case, we have seen little evidence that the rhetoric is being matched by regulation.

The covid pandemic has shaken our economic foundations to the core. It has also significantly undermined the capacity of many people, businesses and organisations to cope with unforeseen financial costs. All of us in this room will have examples of the rise of online financial scams in our communities. I receive information about new scams faster than I can publicise them to constituents. This is followed by stories of people forced into financial hardship as a result of losing money to these scammers, all of which is truly heart-breaking. People are not falling for these scams because they are naïve; they are being tricked by schemes that are astonishingly sophisticated, aping the look, feel and processes of the legitimate enterprises that they are impersonating.

Economic criminals and scammers employ myriad methods to extract funds from consumers. However, since covid-19 one particular method known as brand cloning scams has become more widespread. Criminals target retail investors looking for investment opportunities online through paid-for advertising on sites such as Google and Facebook. These adverts direct victims to fake price comparison websites, or to the cloned website of a well-known and respected investment manager.

This also creates the untenable situation whereby multi-billion dollar corporations, which own and run the platforms where adverts are posted, profit not only from promoting scams but from the Financial Conduct Authority, which pays for adverts warning consumers against the very same scammers. This has created a perverse incentive; platforms have a financial incentivise not to take proactive steps to block fraudulent adverts.

As many Members in this room will know, I have spoken out against the idea of self-regulation for some time. Why would companies proactively prevent the adverts they are being paid to host? It is a case of the fox not only being paid to guard the hen coop but being given free on-site accommodation too.

The scale of this issue grew exponentially during 2020. The Investment Association recently published statistics showing that the total number of reported incidents of this scam alone may have quadrupled from approximately 300 incidents in July to 1,175 by October. This resulted in estimated total reported losses to savers from these scams more than doubling from approximately 4 million in July to 9.4 million by October, with over 200 victims losing money. There is no depth to which these criminals will not stoop.

Over the course of the pandemic, we have seen an explosion in NHS scams. From antibiotics to testing, vaccines to health insurance, scammers have continued to find ways to harness people’s fears and concerns to devastating effect. The NHS in England has teamed up with police and other agencies in a campaign to warn the public about these scams. Text messages are linked to booking sites that mimic the NHS sites and ask for personal details, including bank details. These bank details are then passed on and used to buy goods online.

While people have been warned that the NHS will never ask for bank account details, PINs or passwords and will never arrive at your home unannounced or ask for identity documents to be sent away, we still have all heard the stories, particularly of elderly people, being conned out of significant amounts of money. Preying on the scared and vulnerable in our society is utterly reprehensible, but it is part of a wider theme of the unpreparedness of Government to deal with the challenges that arrive.

The reality of online fraud is likely to be much greater as not every loss is reported and there is a known disconnect between the amount of fraud and reporting to agencies. Action Fraud recently commented that in 2020 overall it saw 19,000 reports of investment frauds across all categories. These are, of course, only the cases reported. We have to get rid of the stigma of falling victim to a scam so that more people are persuaded to come forward and report fraud.

Another increase we have seen during the pandemic is home working, which has become a necessity for many people. Many businesses and employees are considering a hybrid working pattern once restrictions are fully eased. Many have understood that, although home working brings with it some downsides, particularly for those who can easily be tempted to log in after hours, there are many upsides, including greater flexibility for those with other responsibilities, money saved on the commute and greater comfort. But there are vulnerabilities for business and Government that need to be addressed. Domestic wi-fi and email systems do not usually have the same security as business-operated networks. Business networks should not be the only ones protected by cyber-security. It is people who are often the target of cyber-criminals, and it is people as a whole we should be protecting.

Hybrid working is a natural extension of the increased importance of the internet in our professional and personal lives, and the hybrid nature of our lives needs to be recognised in legislation. If the Government refuse to act and upgrade our analogue legislation, businesses and workers will continue to be at risk of fraud.

In February, the Royal United Services Institute for Defence and Security Studies published its occasional paper on the topic of cyber-fraud, “The UK’s Response to Cyber Fraud: A Strategic Vision”, which notes that the UK economy loses an average of £190 billion every year to fraud, and that the majority of UK fraud now involves internet-based scams. Despite the commitment in the 2019 Conservative party manifesto to the creation of a new national cyber-crime force, the Government’s approach to tackling cyber-fraud can be described as an “alphabet soup”, according to the writers of the RUSI report. They gave a number of key recommendations for Government priority action, but I have highlighted the three that I think are most important as we work to make tackling cyber-crime a priority.

First:

“The National Crime Agency…should publish comprehensive guidance for private sector organisations on how they can lawfully assist law enforcement in preventing and investigating cyber fraud through information sharing.”

We have to change the cultural view that companies must protect their information at all costs, even to the detriment of colleagues, customers and wider society. A regulatory framework is needed not only to protect prospective victims of crime but to ensure that companies are clear about their responsibilities to support the prevention of crime and investigations. We need to face cyber-criminals united, and we must use all the resources we can muster.

Secondly, there needs to be a large-scale development of skills and capabilities within our public sector. There needs to be large-scale training across police forces to help them deal with the huge increase in cyber-crime in our public institutions; to ensure that they have the knowledge to deal with the cyber-threat. The Government need to harness the knowledge in our universities and research agencies, and if necessary work in partnership with those who have the requisite cyber-intelligence—for example, RUSI. We have the expertise and ideas, and we now need to bring that together to develop resilience within our institutions.

Thirdly:

“The Home Office should provide increased resourcing for the National Economic Crime Victim Care Unit to ensure that the service can reach a wider range of residents in more force areas.”

We also need to think about how we reach people. It is obviously important that we reach young people and educate them on the dangers of the internet, the way people can target their victims, and how they are easily reached in schools and educational settings. We should not forget everyone else, particularly older people, for whom the internet is a completely alien landscape, where they have not learned to mistrust the communications from “the bank”, “the Post Office” or, recently, “the NHS”. Although resources to look after victims of crime are important, we also need resources to prevent people from falling victim in the first place.

We stand at yet another turning point in politics and our society. Covid has exposed elements of our society that we cannot be proud of. The inequalities exposed by the pandemic should shame the Government, but they provide us with motivation and a point at which we can recognise the problems and act on them. Online shopping, already expanding before the pandemic, has been turbo-charged. However, with this boost must come responsibilities and a duty to society from the online retailers. We have seen that scams impact not only the wellbeing of their victims but also that of those they impersonate. Online retailers and companies must contribute to their own security through taxation. We in real life, as it were, contribute to our physical wellbeing through taxes, paying for police officers and doctors. The online world must contribute to its wellbeing and that of its customers.

The main problem identified by the RUSI report was the number and diversity of stakeholders involved across sectors, from Government authorities to law enforcement, from financial institutions to private sector industry, and from cyber-security companies to IT companies. Everyone in this interconnected and technological world has an interest at stake. We need clarification on which Department leads on cyber-security and internet safety.

Then there are the quangos. Of course, internet infrastructure relating to national security will have a whole level of security. Although we do not expect our business or private systems to be protected to the level of GCHQ, the ambiguity of life on the internet these days and the host of immersive tasks that we now complete online must come with the requisite protection and guidance. That requires a clear delineation of responsibilities for all involved.

For too long, the Government have been complacent about the dangers of increased internet usage, with analogue laws in a digital age. Far too much leeway is given to social media platforms. Yes, we need to protect freedoms of expression, but we also need to protect people against criminal elements who operate in this online wild west to cause harm. False advertising is illegal. Impersonation to extract financial gain is illegal. Theft, whether in real life or online, is illegal. We needed an Online Safety Bill that would have protected people, not one that merely hints at what is considered immoral. Sadly, this is not the Bill we will be seeing in the coming months.

The Minister will no doubt set out how the Bill will be the best thing since sliced bread, how it is world leading. I understand all of those things, but two years on the Bill has made very little progress and we are now going to pre-legislative scrutiny. Two years ago, it was very positive and progressive, but now other countries are taking the lead around the world. We need to know what the reluctance to act continues to be and why the Government are still delaying. It is important that, as we tackle fraud, we put our communities, children and businesses, which are at risk of cyber-fraud, first.

Photo of Nickie Aiken Nickie Aiken Conservative, Cities of London and Westminster 5:15, 25 May 2021

It is a pleasure to serve under your chairmanship, Mr Dowd. I thank Chris Elmore for securing this timely debate.

The scale of fraud and cyber-crime is remarkable, affecting more people more often than any other crime. It represents more than a third of all estimated crime, with 6.1 million incidents in England and Wales in the year ending September 2020. Eighty per cent of reported fraud is facilitated by the use of digital technology and the coronavirus pandemic means so many more of us are using online services to shop and invest and for leisure. As our habits change, so do those of criminals.

I believe that life on the internet should be as safe as our lives offline. If being exploited on the high street is unacceptable, the same must apply to vendors who operate online. I am proud that the City of London Police, based in my constituency, is the National Police Chiefs’ Council lead for economic and cyber-crime and the national lead force for fraud. It works to investigate serious, complex and cross-border fraud, which is beyond the capability of a local police force, and provides training for such police forces and private sector workforces through its Economic Crime Academy. With the support of the City of London Corporation and stakeholders, including UK Finance, the City of London Police has consistently shown how it can harness and work with the private sector to tackle cyber-fraud, providing a bridge for law enforcement into financial institutions and, importantly now, into the FinTech sector.

I welcome the draft Online Safety Bill announced in the recent Queen’s Speech, which I hope will do much to tackle cyber-fraud. Indeed, the inclusion of fraud within the legislation will provide much needed encouragement for online service providers to take responsibility for protecting users of their services and implementing counter-fraud strategies to prevent malicious content. That is essential in a time when we have become even more dependent on making our digital defences robust and capable of dealing with the volume of fraud that we are now seeing. By the same token, if we are seeing cyber-fraud more often replacing traditional crime, we must allocate the relevant resources to reflect this new significance.

Equally, the City of London Police, which holds the unique role in this landscape, must be properly funded so it can continue upholding its national responsibilities. That said, online fraud need not be as sophisticated; online threats can and do spring from almost anywhere. Last year, the City of London Police alone requested suspension of 54,000 telephone, email, website and social media accounts. Facebook, Amazon, WhatsApp, Instagram, Snapchat, Twitter and LinkedIn are the platforms that feature most frequently in fraud and cyber-crime reports, and I am sure all of us in this room use at least one of those platforms every day. The challenge is immense, and online service providers must take more responsibility to protect users of their services and implement counter-fraud strategies.

The suspicious email reporting service, developed in partnership with the National Cyber Security Centre, has received nearly 6 million reports in the past year, resulting in the removal of more than 43,000 scams and 86,000 URLs, including those linked to covid-19, investment and online shopping fraud. I have used the excellent service myself, forwarding suspicious emails to report@phishing. gov.uk, and texting 7726. We all have a part to play in ensuring that those fraudsters are closed down as soon as possible.

Clearly, updating the framework by which we enforce against cyber-fraud is a priority for this Government, and I welcome their conviction on that, but the solution is not one-dimensional. We all have a role to play in fraud prevention. We know not to leave our doors unlocked, our possessions visible in our cars or our telephones on a table when we are out eating. We know that to keep ourselves safe, we have to take a degree of personal responsibility. The same needs to be replicated online. People, no matter what their age, should be taught how to keep themselves safe online.

Although there is more that can be done and, critically, is being done centrally, greater priority must be placed on fraud at a local policing level. Too few of the cases disseminated to local forces for investigation by Action Fraud have actually reached a judicial outcome. Simply increasing capability, capacity and focus centrally will not address the substantial shortfall in local police forces to take cases forward. Now more than ever, there needs to be a drive to boost local police capacity and ensure consistency of approach. I am glad to see the Government respond with strength on this issue. It is my hope that strength does not wane, but is fortified to protect our citizens against aggressive and malicious abuses of technology.

Photo of Carla Lockhart Carla Lockhart DUP, Upper Bann 5:22, 25 May 2021

I congratulate Chris Elmore on securing the debate. This issue is becoming more and more prevalent. Sadly, in my own office I have heard several cases of people being scammed out of significant sums of money. One gentleman was swindled out of around £200,000 through an online banking scam. A seemingly innocuous mistake, a momentary lapse in vigilance, trusting those who appear to be who they are not, and a lifetime’s work can disappear, with a life forever damaged. Listening to victims recount their trauma is one of the hardest things we do. We must ensure that we do all we can to stop more of our constituents becoming victims.

It is a missed opportunity that the Online Safety Bill does not go far enough to tackle cyber-fraud and scams comprehensively. As a natural consequence of that inaction, this spiralling problem will only get worse. Action Fraud reports that £1.7 billion was lost through cyber-fraud in the past year. I struggle to comprehend how the Government cannot make it an absolute priority, as a significant step to make our online world a safer space. Tinkering at the edges of the problem will not cut it. The Government must tackle this problem, with wide-ranging provisions in the Online Safety Bill. That is very much the view of campaign groups, regulators and industry.

An area that needs specific action is online advertising, as it is the catch that hooks so many, whether the older retiree seeking to find a way to invest a pension, or cloned websites that attract the younger online user. The sophistication of such scams is becoming more apparent and must be met with a regulatory and legislative framework that is fit for purpose, ensuring that big tech is held responsible while also equipping our own police forces to be able to go after the perpetrators. We must have action. All online economic crime must be addressed by the Bill. This is the opportunity and we must take it.

Photo of Jamie Stone Jamie Stone Liberal Democrat Spokesperson (Armed Forces), Liberal Democrat Spokesperson (Defence), Liberal Democrat Spokesperson (Digital, Culture, Media and Sport) 5:25, 25 May 2021

What a pleasure it is to serve under your chairmanship, Mr Dowd. May I add my thanks to Chris Elmore for securing this excellent debate? The subject is rather close to my heart. I would like to share an anecdote, which may explain why I feel as I do.

Before I was elected to this place almost four years ago, my mother passed away. She was 91. She had led a good life, and I loved her dearly and miss her today. When she died, her telephone number was going to be taken back by BT, but I thought, “No; for sentimental reasons I will keep her number,” and that was all organised. What happened over the next few weeks and months was a revelation to me, and a nasty one at that: I was getting scam calls—fraudulent calls. Gradually it sank in that my mother must have been getting these calls in particularly high numbers—in a way that my old telephone number had not—and that she must have been on some database shared about among scammers as someone who was elderly and vulnerable.

It seems to me that there must be evil databases out there that scammers use to email stuff to vulnerable people. Curiously enough, my wife gets the odd one—we have got quite sharp at recognising them—and, exactly as Nickie Aiken said, we report them in the correct fashion. I point out in passing that a quick google on such messages can be highly informative.

I, too, have had constituents who have lost large amounts of money. The trouble is, it was just in a moment of inadvertent not thinking that they released information they should not have done. It is a desperate business to talk to these people; it really is awful. However, right now in my constituency there is a climate of fear, with people getting really worried about perfectly innocuous emails coming in. I put it to colleagues that that fear is not healthy for society.

To conclude, I have personal experience and have seen what happens. It has affected my family. I often wonder, “Did my mother fall for any of these scams?” I do not know—she is not here to tell me—but I worry that she might have done; God only knows. I welcome the announcement in the Queen’s Speech that legislation will be forthcoming, as I am sure we all do, and it is up to us all to ensure that it works and is absolutely watertight. All sorts of things could be done. Perhaps the Home Office could put out information in easily readable forms to all sorts of people around the UK saying, “These are the things to watch out for.” We need such warnings, but we also need forms of reassurance that say, “If you are worried about something, call this number. We can advise you and help.” I look forward to the rest of the debate.

Photo of Patricia Gibson Patricia Gibson Shadow SNP Spokesperson (Housing, Communities and Local Government) 5:28, 25 May 2021

I echo the comments thanking Chris Elmore for bringing forward this important debate. As we have heard, cyber-fraud is a huge challenge right across the UK. From email scams, banking fraud, fake websites, computer viruses and online relationship scams to investment scams, cyber-fraud is thriving as cyber-criminals develop increasingly sophisticated ways to prey on victims in the cyber-world.

UK businesses lost more than £6.2 million to cyber-scams in the previous year, with a 31% increase in cases at the height of the pandemic, last May and June. The most common type of attack has been hacking through email or social media, which accounted for 53% of attacks over the past year, leading to a loss of £2.9 million. Scams caused by hacking of computer services have been revealed as the second most common type of attack on businesses over the 12-month period, but as we have heard, the consequences for individuals who have fallen victim to cyber-crime and cyber-fraud can be extremely far-reaching. While technology has helped older people to be better connected during the covid outbreak, unfortunately our increased participation in the digital world has also provided additional opportunities for criminals.

As we have heard, cyber-fraud can leave its victims in desperate financial situations, and it takes many forms. Since lockdown began, more than £5 million has been lost to covid-related scams and £16 million has been lost as a result of online shopping fraud. Criminals send phishing emails and texts claiming, as we have heard, to be from the Government, Government agencies, Her Majesty’s Revenue and Customs and health bodies, convincing people to open links and encouraging them to reveal sensitive personal or financial information.

The most immediate impact, of course, is financial. Most people over the age of 70 who fall victim to a serious scam can be dead within two years, such is the impact on health and wellbeing. It is important, as we have heard, that we have the tools to protect ourselves online to minimise the risk of falling victim to those types of cyber-crimes. Organisations such as Age UK are doing a great amount of work to try to educate particularly older people about what steps they can take to better protect themselves from cyber-fraud. However, as we have heard, we need greater public education on the issue so that we can all be better informed about the kinds of cyber-scams to which we may be vulnerable.

There are genuine fears, repeated in today’s debate, that the draft Online Safety Bill falls far short of what is needed to protect consumers in this digital age. The Bill will not seek to address fraud via advertising, emails or cloned websites. The biggest online harm is scamming and it will simply not be sufficiently covered in the Bill, which will leave consumers pretty much as exposed as they have ever been to cyber-fraud.

Nearly 2 million people fell victim to online scams in the six months after lockdown measures began in March 2020. It is shocking that those living with mental health challenges are three times more likely to have lost money to scammers, causing trauma and crippling money problems at a time when many people are already under huge financial, emotional and psychological strain. We need extra resources to deal with cyber-fraud. The fact is that law enforcement agencies are struggling to keep up with the creativity, innovation and sophistication of criminals who engage in such behaviour. Those who can protect us from online fraud need the resources to do so.

Alongside that, older people have been moving increasingly online, sometimes by choice but sometimes out of necessity because of the disruption to normal life that the pandemic has caused. Our older people are living longer, and with 1.3 million older people expected to be living with dementia by 2030, the most vulnerable people in our society need as much protection as we can give them. We need protection for all consumers, vulnerable or otherwise, and the Bill provides a real opportunity for us to provide that.

Cyber-fraud is an evolving threat and will continue to prey on us in all sorts of insidious ways. We need more education for the public, given that such crime is becoming more widespread. We also need more information about how we can all protect ourselves, more resources for experts who can prevent and trace perpetrators, and a Bill that fully recognises the threat in ways that will give confidence to consumers. I look forward to hearing the Minister’s response to the very important issues that have been raised today.

Photo of Conor McGinn Conor McGinn Shadow Minister (Home Office) 5:34, 25 May 2021

It is a pleasure to serve under your chairmanship, Mr Dowd. I can say with confidence, particularly beyond the earshot of other Merseyside MPs, that you are the most distinguished Member in our region, so it is good to see that recognised in the position of authority that you now hold. I thank my hon. Friend Chris Elmore for securing today’s debate; he has been a tenacious campaigner on the issue and a strong advocate for victims.

Fraud is an utterly devastating crime for individuals, households, businesses and institutions across all of society. It often targets the vulnerable, leaving victims traumatised, hurt and despairing. It shatters personal finances, damages our economy and threatens our national security. With 4 million offences recorded last year—nearly 12,000 incidents per day—fraud is now endemic. It comprises a third of all crime, and nearly one adult in 10 in England and Wales is affected.

With more of us switching to online patterns of communication, banking and working, fraud has risen sharply in those spheres. The City of London police, to whom I pay tribute—Nickie Aiken, in whose constituency they are situated, mentioned them as well—have claimed that reports of online shopping fraud are at an all-time high. That is a worrying trend, which I fear has been turbocharged by the current covid pandemic, as others have said. Online scams have rocketed by some 1,500%, including shameful NHS-related scams and scams by fraudsters purporting to be from delivery companies. In the past 12 months, we have witnessed an increase in remote banking fraud of 61% and in online shopping and auctions fraud of almost a third, while incidents of remote purchase fraud such as internet order fraud are up by nearly 132,000.

We know that the methods of fraud and the technology used are constantly shifting, so the question is whether the Government have kept up in the way that they should. Sadly, I must say to the Minister that despite increased warnings about the rise in fraud for many years, it is clear to me that the Government still do not seem to have a coherent plan or strategy. I would argue that they have all but given up on tackling it.

Do not take my word for it. We have seen the Minister’s colleagues openly admitting that the police lack the tools needed to properly deal with the crisis. In response to a letter that I sent him in April, the Conservative outgoing police and crime commissioner for Thames Valley—who was the then national lead on fraud, as the Minister knows—said:

“Little is done to combat major fraud…Police forces have neither the time, capacity, nor capability to take on fraud.”

Does the Minister agree with his colleague? If not, could he explain why he was moved to make such critical comments?

We also know that the independent policing inspectorate, in a scathing report, warned that the

“lack of government or national policing strategies for tackling fraud…has profound implications”.

That report was dated April 2019—more than two years ago. In February 2021, as my hon. Friend the Member for Ogmore mentioned, the hugely respected think-tank RUSI highlighted its concerns, which have been outlined.

Let us give the Minister the benefit of the doubt. With a new national cyber-security strategy this year, we can hope that finally the Government will deal with the flaws that have been raised and ensure that resources are allocated to meet the challenge; he may want to touch on that. However, as has been mentioned, other opportunities to act exist. For example, lots of individuals fall victim to fraud online through fake advertisements, often through social media platforms and search engines, yet there was no mention of addressing that specific criminality in the Government’s draft Online Safety Bill. In fact, I do not believe that the words “fraud” or “scam” are mentioned once.

We cannot afford to keep letting the fraudsters get ahead. So I urge the Minister to work, if he can, with his colleagues in the Department for Digital, Culture, Media and Sport, because I know that the Bill is a joint Bill being developed between the two Departments, and to think again about the opportunity that might exist in the Bill to address this issue.

In conclusion, we live in an increasingly digitally connected age and we need clear cross-Government and cross-system strategies to tackle the rise in cyber-fraud and to protect the public, the UK’s reputation as a safe place to do business and, of course, our wider national security. If the Minister helps to do that, he will have my support and the full support of the Opposition.

Photo of Kit Malthouse Kit Malthouse Minister of State (Ministry of Justice and Home Office) 5:39, 25 May 2021

It is a great pleasure to appear before a fellow Scouser, Mr Dowd, who was elected on the same day as I was, back in 2015, although we originate from different ends of the city of Liverpool—yours was the posh end and mine was slightly rougher. [Laughter.] It is great to see you join the Panel of Chairs and to preside with such wisdom over us today.

I am grateful to Chris Elmore for securing this extremely important debate, in which Members have spoken with some passion and concern about this issue, underlining the fact that it must be a significant Government priority. I can assure them that it is.

We recognise the devastating impact that fraud can have and how crucial it is that we do everything in our power to protect victims and bring the perpetrators to justice. As a number of Members have outlined this afternoon, these crimes are occurring on a vast scale. According to the latest figures for the year ending December 2020, fraud accounted for over a third of all crime. Is there anybody in the nation who has not been touched by it? I myself was plagued with calls from a recorded message purporting to be the National Crime Agency, telling me that my national insurance number had been suspended and that I was likely to be arrested unless I pressed “1”. They obviously picked the wrong guy, in that I can call the NCA myself. But after I highlighted that problem in a newspaper, strangely enough the calls dried up the very next day. These people must be readers of The Times.

In all seriousness, however, I was very sorry to hear the experience of the mother of Jamie Stone. These crimes can be extremely distressing, particularly when they are targeted at the vulnerable or the elderly, and we really need to focus, because behind the numbers are real people, which we must always keep in mind.

As Members have outlined, the impact of being targeted by fraudsters can be truly devastating, both financially and emotionally. Victims’ lives are turned upside down, their savings are gone and their confidence is shattered. There is also a knock-on effect for society as a whole. We know, for instance, that the money that fraudsters can make goes to fund other serious and organised criminality, such as drugs and terrorism, and fundamentally the function of our economy is based on trust. Those economies that do best in the world are those where there is low corruption, low fraud and a high degree of trust between individuals, and that is something that we must preserve for our economic well-being as well as for our mental wellbeing.

As people have pointed out, with the pandemic and the rise of people staying at home, the importance of staying safe in the virtual world has increasingly become a pressure on us all. Our approach to tackling fraud and online scams puts the interests of victims first—trying to prevent fraud, providing the support that fraud victims need and catching the criminals responsible. It is my view, and that of the Government, that victims must be at the heart of all that we do. We are deeply concerned about the growth and scale of this type of crime, which is increasingly sophisticated and rooted in complex social engineering.

We are working across Government and with the financial sector to ensure that as many victims as possible are able to claim their money back or are reimbursed. We are keen to improve the quality, speed and consistency of victim support and reimbursement, and we have been working closely with colleagues in the Treasury to explore what more might be done to promote greater consistency across the sector.

However, we know that for victims, more is lost than just money. Our estimates suggest that around one in 13 people experience fraud each year. Many of those targeted will suffer serious emotional harm; feelings of shame, trauma and invasion of privacy are all common, as well as a loss of confidence in themselves and in the systems that are in place to protect them. We need to prevent that kind of suffering.

We are working with national and local policing, including police and crime commissioners, to support the victims of such crimes. The National Economic Crime Victim Care Unit, based within Action Fraud, also plays an important role by helping victims to recover and to protect themselves against future fraud.

Our law enforcement and intelligence colleagues also play a crucial role in keeping the public safe and bringing these opportunistic criminals to justice. We are considering all routes, including legislation, to give them the tools they need to go after the fraudsters and, crucially, to protect those who are vulnerable to these harmful crimes.

At the forefront of our response is the law enforcement cyber-crime network, which operates at national, regional and local levels to combat the threat from this type of crime and to provide support to those affected. We are boosting the capabilities of the National Crime Agency’s National Cyber Crime Unit and increasing its ability to investigate the most serious cyber-crime. We are also continuing to invest in the cyber-teams in each of the regional organised crime units across England and Wales, to bolster the regional response.

As the hon. Member for Ogmore outlined, fraudsters will use any hook to commit these crimes and covid-19 has been no exception. We have seen criminals exploiting unease and fear, by opportunistically selling bogus personal protective equipment, running phishing campaigns and impersonating Government Departments and the NHS, as hon. Members have pointed out. We are also aware that fraudsters are using the roll-out of the covid-19 vaccine to target and scam elderly and vulnerable people. The NHS will never asked for payment or bank details; if someone is asked to provide financial details or pay for the vaccine, that is a fraud.

The Government are working intensively with local enforcement teams to identify, disrupt and stop these appalling scams and amplify public safety messaging about fake messages that claim to be from the NHS, instructing people to sign up for the vaccine. We have launched a gov.uk page containing advice on the matter, as the hon. Member for Caithness, Sutherland and Easter Ross asked, and we encourage the public to remain vigilant and forward suspicious emails to report@phishing. gov.uk, as my hon. Friend Nickie Aiken has done, and text messages to 7726, which is free. These systems allow the National Cyber Security Centre and telecoms companies to remove the infrastructure that the fraudsters exploit. The suspicious email reporting service has already led to more than 5.8 million reports, with more than 43,000 scams and 84,000 websites taken down.

We do want to make the UK the safest place in the world to be online. To achieve that, it is vital that we leave no space for fraudsters to operate. First and foremost, we must ensure that everyone who can, including the public and private sector, prioritises preventing these types of fraud. That is critical to prevent the significant emotional and financial harm to victims. As my hon. Friend the Member for Cities of London and Westminster pointed out, in other types of crime we promote exactly that approach. Did you know, Mr Dowd, that about 50% of thefts from motor vehicles happen because people leave the car open and forget to lock it, and 43% of burglaries happen because somebody leaves a window or door open? Cyber-crime is no different. Preventing these types of fraud is critical to prevent the significant amount of emotional and financial harm to victims, who experience the economic damage to our businesses, and also to disrupting the organised criminals who perpetrate these crimes. To do that, we are taking steps to ensure that fewer people fall foul of such scams in the first place.

On the draft Online Safety Bill, we have taken the decision to bring user-generated fraud into the scope of the Bill. The Government have engaged extensively with a broad range of stakeholders, including the finance industry, consumer groups, civil society organisations representing victims of fraud, law enforcement and other public bodies. The inclusion of user-generated fraud in the Bill will require platforms to tackle some types of fraud, such as romance and investment scams, that result in massive financial losses and inflict significant psychological harm.

The Bill would require tech companies to protect their users from those types of fraud, which is part of a collaborative effort by the Government to tackle online fraud, working with law enforcement, regulators, industry and consumer groups. We are determined to relentlessly pursue those fraudsters and close down the vulnerabilities that they exploit. The Department for Digital, Culture, Media and Sport will shortly be considering whether tougher regulation on online advertising is also needed.

The response to fraud demands a collaborative, innovative response to keep pace with the changing threat and new technologies, and we continue to work closely with the industry to drive progress. A great example of that kind of partnership is the specialist dedicated card and payment crime unit, a police unit that targets and disrupts credit card fraud and demonstrates the positive collaboration between UK Finance, the City of London police and the Met police, together with the Home Office, who are working to develop its relationships online.

I am extremely grateful to all hon. Members who have contributed this afternoon. I hope that I have reassured people that this is a particular area of importance for us as it grows. This is a novel area for crime fighting. The iPhone has only been around for 10 or so years—our lives have been transported online in a frighteningly quick time. It is incumbent on us all—in Government, in policing, in law enforcement more generally and in those large organisations that steward, shepherd and track us, follow us and sell us things online—to make sure that we are as safe as possible. I believe that across Government, law enforcement, those businesses and beyond, we have a collective responsibility. We will be working together and, in the years to come, we will all be safer.

Photo of Chris Elmore Chris Elmore Opposition Whip (Commons), Shadow Minister (Scotland) 5:48, 25 May 2021

I thank the Minister for his response. As we move into pre-legislative scrutiny for the online harms Bill, I hope that there will be broader scope for tackling fraud. I am grateful to the Minister for Digital; I was one of those who lobbied for that change, and I am grateful to her for engaging, but the Bill is still too narrow in its scope around individuals and fraud, and how platforms will respond.

I am grateful to all hon. Members who have taken part today, including the shadow Minister, my hon. Friend Conor McGinn, and the SNP spokesperson, Patricia Gibson, for their support for ensuring that the Government do more on tackling the increased threat of fraud in the UK.

It is important that, if additional legislation is needed, the Minister tackles that in the coming months. If he does not, the pandemic of fraud will only get worse. It is truly important that the Government respond in a positive way. Too many people are losing out. Too many people are losing their livelihoods. In some cases, people are taking their own lives. As decision makers and legislators, we have to acknowledge that in the months rather than years ahead.

Question put and agreed to.

Resolved,

That this House
has considered cyber fraud in the UK.

Sitting adjourned.,