National Assessment Centre Fraud assessment 2025

Question 1

1. Scale, nature and evolution of the fraud threat

Accepted Answer

Fraud is a widespread threat, with all of UK society affected by its economic and social consequences. The nature of the threat is typically overseas, online and tech-enabled. The NCA is focused on the threat from 2 main categories of fraud where serious and organised criminals operate: fraud against the individual and fraud against businesses (NCA, 2024 and NCA, 2025a).

It is likely that the fraud threat to individuals and businesses in the UK has increased from 2023 to 2025 (NCA, 2025a). Organised Crime Groups (OCGs) and individual criminals almost certainly continue to be attracted to fraud, viewing it as a low-risk, high-reward activity (NCA, 2024). Financial reward is the key driver for fraud OCGs, with a constant focus on scaling up their criminal business models and targeting a large number of victims as efficiently as possible. Criminals likely need to target greater numbers of victims to maintain criminal profits, as a response to fraud prevention measures and growing public awareness of fraud. It is highly likely a growth in sophistication and variety of fraud enabling products has made fraud more accessible to a greater number of criminals, including those with less experience or technical skill. Criminal knowledge and use of effective fraud methods and enabling products likely spread quickly among networks of criminals.

It is likely OCG intent and capability are as high as ever but the opportunity to target victims has also increased. The UK population’s routine dependence on online services and platforms continues to provide opportunities for criminals to target victims, extending the UK’s vulnerability to fraud (NCA, 2025b). It is highly likely that major data breaches against UK organisations in 2025 will provide future opportunities for fraud (Which, 2025). OCGs will continue to exploit social media platforms to engage with victims, advertise fraudulent investment schemes and goods, and facilitate their fraud methodologies (NCA, 2025a).

It is almost certain that courier fraud, investment fraud, payment diversion fraud, and romance fraud remain the fraud types causing the highest harm in the UK in 2025 (NCA, 2025a and NCA, 2025b). Although accounting for a small proportion of all fraud targeting UK victims, the financial, emotional, and psychological impacts on victims, having been deceived and manipulated into send money to criminals, are high in these frauds. OCGs are almost certainly the predominant offenders in these fraud types (NCA, 2025a, NCA, 2025b and HMT, 2025).

The greatest volume of frauds targeting UK victims involve transactions carried out by criminal third-parties, without the knowledge of or interaction with a victim. These unauthorised frauds mainly target bank cards and remote banking services. Other high-volume frauds see criminals target online shoppers and retailers, or impersonate trusted organisations, family members, or brands to deceive victims (UK Finance, 2025).

In the Economic Crime Survey 2024 over a quarter (389,000) of UK businesses that have employees reported experiencing fraud attempts in the year before the survey (Home Office, 2025). It is likely OCGs mainly target businesses for invoice fraud (where criminals send businesses a fake invoice with the aim of receiving a payment), payment diversion fraud, investment fraud, card fraud, online banking fraud, and insurance fraud.

Question 2

2. Criminal innovation, enabling technologies and international enablers

Accepted Answer

OCGs will almost certainly search for innovative ways to reduce the effectiveness of future fraud countermeasures across financial services, government, technology, and telecommunications sectors. Criminals are seen to react quickly to controls, changing their tactics to exploit different vulnerabilities across the fraud landscape. They can pivot to a more lucrative fraud type, adapt social engineering tactics, develop and deploy new fraud enabling tools, or focus attempts to extract maximum reward from vulnerable targets (NCA, 2025a and UK Finance, 2025).

For example, criminals reacted to two-factor authentication by developing tools to social engineer victims into divulging one-time passcodes, and employing SIM-swapping to gain control of people’s mobile phones and by extension their online accounts. In response to the introduction of spam filters, criminals adjusted how they deploy and structure SMS messages to avoid being blocked by SMS firewalls, and exploited non-SMS text formats, such as iMessage and Rich Communication Services, to circumvent SMS firewall technology (NCA, 2025c). Criminals have almost certainly adopted messaging applications (apps), like WhatsApp and Telegram, to initiate and maintain contact with victims. Criminal use of these apps takes advantage of a global reach, familiarity among users, and better security against law enforcement detection.

It is likely OCGs have increasingly exploited the deregulation and growth of Voice-over-Internet Protocol (VOIP) services. VoIP services allow them to make international calls over the internet, exploiting the technology to save costs, deceive victims by appearing to call from specific countries, and receive a ready supply of new phone numbers when used numbers are blocked (Organised Crime and Corruption Reporting Project, 2025).

Telegram channels and dark web marketplaces have facilitated criminals renting or selling tools, products, expertise, or services online to others to enable them to commit fraud. Fraud enabling products are bought and sold by criminals for use to circumvent the effectiveness of security measures implemented by banks and online platforms, increasing the accessibility of fraud. Products and tools available include compromised data, ID generation kits, phishing kits, spoofing software, and tutorials and guides (NCA, 2025a). Those OCGs with the required skills and knowledge can market their enabling products to other criminals, lowering the barrier to fraud for lower skilled or inexperienced criminals (Europol, SOCTA, 2025).

It is almost certain that criminals will increasingly adopt generative artificial intelligence (GenAI) technology such as deepfakes, Large Language Models (LLMs), and voice cloning to enable fraud. Criminals continue to adopt GenAI to enhance the sophistication of fraud attacks against individuals and businesses, although they are currently used to enhance existing threats rather than create entirely new ones. GenAI is highly likely affecting fraud offending more than any other form of AI technology. OCGs are using AI-generated text, audio, images, and video to facilitate a range of frauds against both individuals and businesses. This includes investment, online shopping, romance, and payment diversion frauds and the creation of fake identities to assist bank and mobile phone account, or other business services applications (NCA, 2025a and NCA, 2025d).

Criminals are highly likely adapting their use of GenAI dependent on the victim and fraud type, facilitating social engineering attacks at both a targeted and mass-market level. For investment frauds against individuals, GenAI is used to produce videos and websites to engage as many victims as possible. OCGs have used deepfake videos and voice cloning to enable specific and tailored payment diversion frauds against large businesses (NCA, 2025d). In February 2024, GenAI was used in a payment diversion fraud (CEO fraud) to create deepfake recreations of company employees at a virtual meeting to deceive a finance worker to transfer £20 million into a criminally-controlled account (NCA, 2025a).

Phishing is likely the most prevalent initial attack method used by OCGs against UK individuals and businesses. Criminals still use phishing and compromised data to take control of accounts directly or to be used for other frauds. Their prevalence is helped by fraud enabling platforms that offer phishing ‘as a service’, which lower the level of organisation and technical expertise required to design phishing attacks (NCA, 2025a). It is highly likely LLMs, used alongside phishing kits, are facilitating a significant growth in the volume and sophistication of phishing (NCA, 2025d). In 2025, OCGs have also increasingly exploited the use of fraudulent QR codes in public spaces and in phishing emails to deceive victims into sharing their personal and financial information (The Independent, 2025).

Since 2023, criminals have developed new and more sophisticated methods to enable fraud abusing digital wallets. These include phishing kits to social engineer victims into divulging bank account details and one-time passcodes used to add bank cards to digital wallets. Using these methods, the criminal is able to register compromised card details to a digital wallet on a mobile phone controlled by them, which can then be used for transactions (NCA, 2025e).

Cryptocurrency will highly likely remain a significant threat as both a high-profile investment commodity narrative in investment frauds and as an effective method of laundering the proceeds of fraud.

It is likely that a majority of frauds impacting UK victims have an overseas element. This can involve criminals in the UK and overseas working together or criminals based entirely overseas. The cyber-enabled nature of many frauds and the methods used to launder the criminal proceeds, including cryptocurrency, mean a single fraud can often involve multiple jurisdictions (NCA, 2025a and Home Office, 2024).

Whilst fraud has a global dimension the threat from inside UK borders is unlikely to have diminished since 2023. Capable and highly sophisticated OCGs based in the UK have caused harm to victims in the UK and around the world (Welwyn Hatfield Times, 2025, The Standard, 2025 and BBC, 2025).

It is almost certain OCGs are operating from Eastern Europe, East Asia, the Middle East, South Asia, South East Asia and West Africa, to target UK individuals and businesses for fraud. The international threat continues to evolve, with transnational OCGs moving and expanding operations into new jurisdictions. This is observed in the emergence of organised fraud compounds first seen in South East Asia, which exploit trafficked and forced labour, spreading into other parts of the world (Interpol, 2025 and NCA, 2025f).