Research and analysis

Understanding the cyber crime and fraud victim journey

Published 14 January 2025

Applies to England and Wales

© Crown copyright 2025

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/understanding-the-cyber-crime-and-fraud-victim-journey/understanding-the-cyber-crime-and-fraud-victim-journey

Executive summary

The Home Office commissioned Ipsos UK to conduct qualitative research to further understand victim experiences of cyber crime and fraud (online and offline) and decisions to report these incidents. This report summarises findings from a small literature review, interviews with stakeholders and 56 interviews with victims of cyber crime and/or fraud. This report covers experiences of cyber crime and fraud (online and offline) between December 2020 and January 2023.

As part of the research, Ipsos developed visual summaries of ‘typical’ journeys of victims of cyber crime and fraud from the point of victimisation to reporting and subsequent outcomes, which are available on request (via cybercrimeresearch@homeoffice.gov.uk). While the report includes examples and quotes from participants to illustrate findings, 4 longer case studies detailing a victim’s wider experience have also been included in chapter 7.

Key findings

Victim understanding and experience of cyber crime and fraud

Many victims were unclear on the differences between cyber crime and fraud. Therefore, they were unable to identify exactly what offence had happened to them. The lines between cyber crime and online fraud were often blurred, with victims tending to classify any crimes involving online activity as cyber crime.

The blurred distinction between cyber crime and fraud influenced a victim’s decision on whether they could report the incident and to whom, and was heightened by victims not being aware of Action Fraud as a designated reporting organisation for both cyber crime and fraud. Victims of hacking or other Computer Misuse Act 1990 (CMA) offences were often also unsure whether the police would have the capacity and technical capability required to resolve a cyber crime. Greater awareness of what defines cyber crime and fraud, and ensuring individuals are aware of the illegality of the incidents they experienced, could support improved understanding of the reporting processes that exist and the role of Action Fraud.

Most victims were unsure of how or why they had been targeted by criminals; this was particularly the case for cyber crime and when cyber crime led to online fraud. As a result, many victims of cyber crime felt that they had been ‘unlucky’, rather than targeted, a sentiment often held irrespective of the security measures they had in place. Several victims reported changing their online behaviours, albeit often for a short period of time, as a result of the cyber crime or online fraud, and adapting protective behaviours such as verifying URLs before clicking on links or checking the validity of websites.

Although victims of fraud were also often unaware how or why they had been targeted, the engagement between themselves and the fraudster made the crime feel more personal to victims compared to CMA offences. For victims of fraud, there was often a strong sense of ‘guilt’ and shame in ‘having fallen’ for the scam or having been manipulated by the perpetrator into ‘taking part’ in the scam. This was exacerbated for victims of cryptocurrency scams, who felt they had knowingly engaged in risky behaviour to make ‘quick money’.

The extent to which victims perceived themselves as a ‘victim of a crime’ varied. Victims who had experienced an offline fraud were more likely to classify their experience as a crime and see themselves as victims, as the interaction with the criminal felt more personal. Those who lost an amount of money significant to them were also more likely to perceive themselves as a victim of crime. Those who perceived themselves as a victim of crime were more likely to report the cyber crime or fraud they had experienced. Awareness campaigns about the criminal nature of both cyber crime and fraud could therefore be explored as tools to drive up reporting.

Impact of cyber crime and fraud

The impact of cyber crime and fraud on victims varied. Many victims reported lower-level anxiety and distress. However, a few victims reported much more serious effects that included post-traumatic stress disorder (PTSD) and suicidal thoughts. The extent to which the cyber crime or fraud emotionally impacted victims was often linked to whether they saw themselves as a victim of crime or not, and tended to be higher for those who experienced an offline fraud or lost an amount of money significant to them as a result of the crime. However a few victims reported much more serious effects that included post-traumatic stress disorder and suicidal thoughts. This is in line with previous research undertaken in this area (Home Office, 2025).

The main concern from most victims besides their financial loss was the possibility of revictimisation and becoming a target for other criminals. This was especially the case for victims of cyber crime and online fraud.

Victims of cyber crime and online fraud frequently reported changing the way they behaved online in the aftermath of the crime. This included adopting new protective behaviours (see above for example) but also led to some victims avoiding online activities (for example, not using online banking or refraining from buying goods online). In most instances, victims went back to their pre-incident behaviours once the initial shock had subsided, suggesting that most changes in behaviour were short term. Consideration should be given on how these protective behaviour changes can be sustained in the longer term. Focus should be on developing these protective behaviours and critical thinking skills to ensure that individuals can feel confident to continue being online rather than avoiding online activities.

Reporting landscape and enablers and barriers to reporting

For this sample of victims, the main driver to report a cyber crime or fraud was compensation for the financial loss experienced. If a victim suffered financial loss as a result of the cyber crime, their focus tended to shift from the underlying cyber crime to the recoverability of money lost. Typically, victims chose to report to the organisation they thought would most likely provide compensation, whether that be their bank, a building society, or the platform where the incident occurred.

Awareness of, and reporting to, Action Fraud was low for victims of cyber crime and fraud alike. In addition, the focus on compensation deterred some victims from seeing the benefit of reporting to Action Fraud. Low awareness of Action Fraud and its role in addressing such crimes was seen as a barrier to reporting to this organisation.

Key drivers behind reporting the crime included a sense of civic duty, a desire to protect others and seeking justice. This was especially the case for those reporting to the police or Action Fraud. In addition to the lack of awareness of Action Fraud, perceptions that the crime was not serious enough to report, fears of not being taken seriously, and doubts about the police’s capacity to effectively respond were seen as key barriers to reporting to law enforcement. Victims suggested raising awareness of Action Fraud as the key reporting body, ensuring all relevant information about reporting can be found in one easily accessible place, and cyber crime and fraud being taken seriously, as ways to encourage higher levels of reporting in the future[footnote 1].

In line with previous research (Home Office, 2025), the research identified 3 key factors that influenced victims’ satisfaction with the reporting process:

  1. Being treated with empathy and understanding while reporting.
  2. A timely response to the report.
  3. The outcome of the reporting (predominantly in form of financial compensation).

Consideration should therefore be given to ensuring the reporting process has clearly established timelines for responding to reports made, including the process of providing updates on the outcome of the reports, which are included in information that is available for victims.

Support for victims of cyber crime or fraud

All victims of cyber crime and fraud are eligible for support provided through various organisations and charities. However, despite these options existing, most victims were not aware of support available to them and had not been offered support when they reported the cyber crime or fraud. Raising awareness of existing support organisations and providing victims with a clear understanding of the role of each organisation, and how they can support them, could increase the number of victims engaging with these services.

Only a small proportion of victims reported receiving more comprehensive support from Action Fraud/NECVCU. However, those who did were highly appreciative of it and felt that it had improved their wider victim journey, even for those who were unsatisfied with the outcome of their case. This shows that support can be a powerful tool in improving overall satisfaction. Therefore, improving access to support and ensuring the availability and consistency of this more comprehensive support should be considered.

1. Introduction

1.1 Background

In England and Wales, incidents of cyber crime and fraud (online and offline) make up almost half of crime against individuals, as estimated in the Crime Survey for England and Wales (CSEW). For the year ending March 2024, there were an estimated 3.18 million fraud offences and 1.02 million computer misuse offences. The financial impact of cyber crime and fraud continues to present a serious harm to individuals. As set out in the 2023 Fraud Strategy, the total financial loss due to fraud incidents against individuals is estimated to be £6.8 billion in the year ending March 2020. This represents a material loss at a national scale and highlights the continued need for research within this area. Despite these levels of fraud and computer misuse, only a very small proportion are reported to Action Fraud.

Bearing in mind the significant prevalence and impact of cyber crime and fraud within England and Wales as reflected by the CSEW and National Fraud Investigation Bureau (NFIB) statistics, the lack of reports made to Action Fraud clearly represents a gap in our understanding of victims’ experiences.

To bridge this, the Home Office commissioned Ipsos UK to conduct qualitative research with victims of cyber crime and online and offline fraud. The research sought to explore the victim journey from the point of victimisation and focused on understanding victims’ experiences of cyber crime and fraud, the impact this has had on them, what motivates victims to report a cyber crime or fraud, and their need for support.

Ipsos conducted the research in 2 phases:

  • a scoping phase[footnote 2] which comprised:
    • reviewing 15 sources of existing literature about the experiences of victims of cyber crime and fraud
    • a small number (n=7) of interviews with key national stakeholders across government bodies and third-sector organisations
    • this helped inform the sample design, recruitment approach and research tools for the mainstage interviews with victims
  • mainstage: 56 in-depth interviews with victims of cyber crime and/or fraud to better understand their experiences and decision-making

1.2 Research objectives

This research aimed to develop a fuller understanding of what the ‘victim journey’ looks like for cyber crime and fraud.

More specifically, the research sought to address the following questions:

  1. How do victims experience cyber crime and fraud?
  2. How do these crimes interact with and facilitate further crimes?
  3. What happens to those who report these crimes, and those who don’t?
  4. What are the facilitators and barriers to reporting fraud/ cyber crime?
  5. What type of support do victims want/need, and what do victims consider a positive outcome?

1.3 Recruitment and sampling

Stakeholders, across government bodies and third-sector organisations, who took part in the initial scoping were identified and recruited with support from the Home Office.

For the recruitment of victims of cyber crime and fraud, a multi-strand recruitment approach was used, which included:

  • working with a supplier-approved recruitment agency
  • working with Action Fraud to identity victims of cyber crime and fraud who had been supported by Action Fraud
  • recontacting participants from Ipsos’s internal online panel (KnowledgePanel) who had indicated they had been a victim of cyber crime and/or fraud in response to questions asked as part of separate polling research

Crime category definitions

To ensure there was a shared understanding when talking to victims about cyber crime and fraud, the following shortened definitions - developed by the Home Office - were used both at screening and in the research:

Cyber crime: ‘Cyber crime involves gaining unauthorised access or causing damage to computer systems, internet-enabled devices or the information held on those devices.’

Fraud: ‘Fraud occurs when a person acts dishonestly, with the intent of making a gain (often financial), at the loss of another.’

Sample

The sample comprised 56 victims who had experienced the following (main) crime types. The crime types stated are how victims defined their experience:

  • experienced cyber crime (21 victims)
  • online fraud (25 victims)
  • offline fraud (10 victims)

Of the 56 victims:

  • the majority had reported the incident (for example, to police, banks, online platforms) (48 victims)
  • some had not reported the incident (8 victims)

All participants recruited via the recruitment agency or KnowledgePanel indicated at screening the cyber crime or fraud had affected them at least ‘a great deal’ (n=24) or ‘a fair amount’ (n=28)[footnote 3].

Interview data was used to identify if each victim had experienced further crime types, based on the definitions provided by the Home Office. Where the victim described experiencing additional categories and/or types of crime beyond those used for the purposes of screening, these were added (see table 1 below and table A1 in Appendix A to capture the full breadth of the crimes they experienced. This was done to reflect the fact that often the 3 crime types interlink. By doing this, the analysis provides a more nuanced categorisation of the crime types victims had experienced.

Table 1: Final sample and types of incidents included in the report (by crime category combination)

Crime category combinations No. of victims
Cyber crime 6
Cyber crime + offline fraud 1
Cyber crime + online fraud 18
Cyber crime + online fraud + offline fraud 2
Offline fraud 4
Online fraud 16
Online fraud + offline fraud 9
Total 56

1.4 Methodology

A qualitative approach was used to address the research questions listed above through interviews conducted with a range of relevant stakeholders and victims of cyber crime and fraud. Interviews took place between January and March 2023 and lasted between 60 and 90 minutes. Interviews were conducted interviews via phone or video call.

Discussion guides were used for both stakeholder interviews and interviews with victims, which were developed to be participant-led. This approach was taken due to the complexity and sensitivity of the research topic, as it allowed for a more discussive, open interview style, allowing victims to feel in control and explain their experience in their own words.

The research adopted a thematic and iterative approach to analysis. A code frame was developed in line with the overarching objectives and research questions, through which all data from the in-depth interviews was managed, reviewed (including to ensure all crime categories and types were identified as more information was provided, for example, at interview), and analysed. Through this approach, key themes were identified and are presented throughout the report.

The interviews with victims focused on fraud and/or cyber crime incidents they had experienced between December 2020 and January 2023. It should be noted that participant names and some details within the case studies presented in this report have been altered to ensure participant anonymity.

Further details on other aspects of the methodology can be found in Appendix A and Appendix B.

1.5 Research methodology points to note

Qualitative approaches are used to explore the nuances and diversity of views, and the factors which shape or underlie them. By its nature, qualitative research is not designed to be statistically representative. As such, the findings generated by this research are not statistically representative of the experiences of all victims of cyber crime and fraud. Although this report includes some indications of how typical views or experiences were across the sample or within subgroups, due to the small sample sizes, this should be considered within the context of those interviewed.

A few participants (n=4) were recruited directly through Action Fraud. As the report provides reflections of Action Fraud as a reporting service, this should be interpreted with additional caution, as individuals with particularly positive or particularly negative experiences may be more inclined to take part in interviews.

At time of writing, Action Fraud is being replaced with an improved national reporting service and work is underway with the City of London Police (CoLP) to carry out this transformation. The new service will use the latest technology to improve reporting tools and support services for victims, providing far greater intelligence to policing for investigations, and allowing for greater prevention and disruption at scale. A number of improvements to the existing system have already been put in place to improve quality and timeliness with which cases are sent to police forces for action. The new service will have a phased launch into 2025.

1.6 Attributes

Relevant verbatim quotes have been included from participants throughout this report to illustrate findings. Footnotes provide full context to these quotes. Case studies to illustrate specific points have been added into the main body of the report. More detailed case studies covering the whole victim experience can be found in chapter 7. Names, as well as geographic details in the case studies, have been changed to ensure anonymity.

In addition to individual case studies, visual overviews of the wider victim journey for victims of cyber crime, online fraud, offline fraud and cyber crime leading to fraud, as described by participants, have also been developed and are available on request (via cybercrimeresearch@homeoffice.gov.uk).

2. Experience and impact of cyber crime and fraud

This chapter explores the different experiences of victims of cyber crime and fraud, as well as the impact the experience has had on them.

2.1 Key findings

Many victims were unclear on the differences between cyber crime and fraud. Some victims were able to identify specific features of cyber crime (for example. gaining access to accounts or devices) and fraud (for example, being tricked into handing over personal information, goods or money). However, the lines between crime types were often blurred, with victims tending to classify any crimes involving online activity as cyber crime even if fraud had also occurred. This lack of clarity contributed to victims’ confusion as to whether they could report the incident and how.

Most victims were unaware of how or why they had been targeted by criminals; this was particularly the case for instances of cyber crime. Victims of cyber crime felt that they had been ‘unlucky’ for being targeted by cyber criminals, rather than the crime being a result of them not being digitally safe (whether they were in fact digitally safe or not). This nevertheless left many feeling worried about revictimisation, especially as some felt that the incidents happened as a result of low levels of security of the app or service provider where the incident took place.

The extent to which victims perceived themselves as a ‘victim of crime’ varied. Victims who had experienced an offline crime and those who had lost an amount of money significant to them and their financial situation, were more likely to classify their experience as a crime and see themselves as victims. Any blame that victims felt for having facilitated the crime also influenced whether the victim saw themselves as a victim of a crime or not. This was especially true for victims of fraud, where victims had been manipulated into actively handing over money or personal details, and often translated into a sense of ‘shame’ later in the victim journey. Most victims either felt that the manipulation was part of the crime itself (and therefore they were still a victim of a crime, even if they ‘fell’ for it) or that their ‘falling for it’ did not undermine the criminal nature of the attack or incident.

A number of offline frauds were preceded by online frauds. Interestingly, where victims reported this interplay between online and offline fraud, their focus was usually on the offline element of the crime. This could be because victims who engaged with the perpetrators over the phone or face-to-face were more likely to experience feeling of ‘guilt’ of not having ‘spotted’ the fraudulent behaviour and therefore felt more personally victimised by the experience compared with those where the crime happened exclusively online. However, victims of online investment or cryptocurrency fraud felt as victimised as those experiencing offline fraud, due to the lengthy ‘grooming’ process associated with these types of online frauds.

The impact of being a victim of cyber crime and fraud varied. This ranged from victims feeling a sense of annoyance through to more serious impacts, which included victims speaking about PTSD and suicidal thoughts. However, the main concern was the possibility of revictimisation and becoming a target for other criminals. Victims also frequently reported adapting new protective behaviours as a result of the cyber crime or online fraud. However, in most instances, victims went back to their pre-incident behaviours once the initial shock had subsided, suggesting that most changes in behaviour were often superficial.

Awareness and understanding of cyber crime and fraud

As part of the research, victims were asked how they would define cyber crime and fraud before being shown the definitions outlined in chapter 1. Victims could generally identify some specific features of cyber crime (for example, gaining access to accounts or devices) and fraud (for example, being tricked into handing over personal information, goods or money) but often struggled to differentiate between the different crime types, especially cyber crime and online fraud.

Victims tended to classify instances involving any online activity as cyber crime. Where incidents resulted in financial loss, victims identified these as fraud. Where victims had experienced both a cyber crime and fraud, the financial loss typically became the focus for the victim, even if a cyber crime had occurred or contributed to the fraud. Consequently, they typically explained the incident as a fraud and sought assistance as a victim of fraud, prioritising the financial loss. For example, incidents of cyber crime leading to online fraud (for example, where victims lost money or data as a result of someone gaining access to their online accounts or card details) were typically seen solely through the lens of being fraud.

Cyber crime

Victims mainly saw cyber crime as someone accessing their financial and personal details without their permission. Victims mainly focused on the financial impact, with limited references to computer system disruptions or malicious software, often blurring the lines between cyber crime and cyber crime leading to online fraud. Cyber crime was seen as an anonymous crime with little or no contact between themselves and the criminal(s), with victims describing not knowing why, how and when they got targeted.

“Cyber crime… is the act of criminal activity by an individual or individuals obtaining financial or personal details for whatever use that they want them to, and all by using devices and internet etc., without actually physically seeing or speaking to these individuals.”

Victim of cyber crime

Victims commonly thought that cyber crime affects businesses more than individuals, and associated cyber crime with organised crime groups or gangs of hackers, rather than individual tricksters.

While there was a focus on financial implications, victims also believed that cyber crime could lead to more than just financial losses, such as having personal information stolen and shared online. They were worried about criminals obtaining their passwords or personal information through banks or payment services. Victims often felt that cyber crime was more complex or sophisticated than fraud as it required more skill to gain access to payment information or personal details without tricking the victim into giving up those details.

Fraud

Victims found it easier to define fraud compared to cyber crime. They used terms such as tricking, deceiving and scamming to describe how fraudsters gained an advantage over or tricked them into the crime. Victims also described fraud as a scam in which the fraudster would pretend to be a legitimate business representative to gain an advantage over the victim.

Interestingly, when asked to define fraud, victims focused more on online incidents, with only a few mentioning offline fraud. For online fraud specifically, victims felt it involved psychological manipulation and professional technical skills. The incidents seemed well organised and aimed at fooling people by exploiting their psychological vulnerabilities.

“It’s a combination of psychological manipulation, but equally a technical manipulation, and they combine those 2 together in a very fast-paced tempo so that you do not have the time to step back and think…count to 5…take a breath…and hang up.”

Victim of online fraud

While most victims recognised that cyber crime could lead to and make fraud easier to commit, some victims saw no distinction between cyber crime and fraud, considering them the same type of crime. They primarily focused on the scale of the crime, with cyber crime targeting businesses and larger groups, while they saw fraud as more individual-focused.

Understanding of multi-crime incidents

Victims often did not consider they had experienced more than one type of crime incident. This was evident particularly in relation to incidents where victims had experienced both cyber crime and online fraud, with reference often only made to one of these crime types. The types of crime experienced were often referenced inconsistently among victims. Examples of this include where victims stated experiencing the financial loss was often the most significant part of their victimisation and therefore described having been a victim of ‘fraud’ even if other crimes had occurred. Victims also tended to classify most crimes involving any online activity as cyber crime, despite many of these incidences also including online fraud. How victims defined the incident they had experienced also influenced their reporting journey, which is further explained in chapter 3.

2.2 Victims’ experience of cyber crime and fraud incidents

Cyber crime

Victims reported experiencing different types of cyber crime. This ranged from devices being infected with malware, personal devices accessed without permission and online accounts accessed without permission. A few victims reported that their devices had been infected with a virus or other malware, and one person reported a ransomware attack. The sample mostly comprised individuals who had their personal devices or online accounts accessed without permission. While for most cyber crimes, the motivation behind the crime remained unknown to the victim; where victims identified the underlying motivation, most were financially motivated rather than interpersonal crimes.

Victims who noticed unauthorised access to their devices or online accounts generally did so either during the act or in the aftermath, for example, when they saw payments being made to unknown organisations or accounts they had not set up. In most cases, victims discovered the incident themselves, rather than being made aware of it by the account provider. These experiences often resulted in victims questioning how criminals could access their devices or accounts, which led some to question the security of the bank, payment service (for example, PayPal and Curve) or app that had been compromised.

Case study: Cyber crime

‘Steven’ regularly used an online betting app on his phone to place football bets. One day when he tried to log into the app to place bets, he realised he had been locked out. After unsuccessfully trying to access the app, he called the helpline number displayed on the app for support. The advisor asked him several security questions and also enquired whether he had set up a second account. ‘Steven’ told them he had not. The advisor went on to say that they would be looking into the account, escalate it to the fraud department if necessary, and get back in touch with updates. The account had £11 in it and ‘Steven’ was concerned about not being able to access his funds.

When the advisor rang back, ‘Steven’ was told that his personal details had been used to open a second online account but with different payment details to divert any winnings to. The advisor blocked the second account and released the original account back to him. They also helped him change his password. ‘Steven’ was unclear how the incident had happened but felt victimised as someone had used his personal details without his consent.

“I didn’t lose any money financially, but somebody used my personal details, that they must have only got online in whatever way they did it… I’m a victim of some criminal activity because they obtained my details without my consent.”

The advisor told ‘Steven’ he could pass the case on to the police but it was not necessary as it was being dealt with internally. ‘Steven’ chose not to report to the police at the time.

“The only barrier that I can think of is the one where they said, ‘You can ring the police if you want but’ and there was a ‘but’ in there so, ‘You can ring the police if you want but it is being dealt with internally here in the fraud department.’ Maybe they should have said, ‘Right listen, it’s being dealt with here, but you still need to contact the police and tell them so they can maybe do some investigations as well.’”

As a result of the cyber crime, ‘Steven’ became generally more conscious online. For example, he changed all of his passwords in the aftermath of the incident and stopped using the original betting app. He has since opened up another account with a different provider.

Victims whose devices had been infected with a virus or other malware tended to notice the attack once the device(s) had become inoperable, or they were locked out of their device(s). This realisation could happen at any point, ranging from several days to 6 months after the suspected initial attack on the device, depending on how frequently the victim accessed the account(s) in question.

Victims consistently conveyed feeling ‘unlucky’ rather than purposely targeted, a sentiment often held irrespective of the level of security measures they had in place. This included instances where, despite intentionally disabling antivirus and malware protections, individuals did not view their actions as a contributing factor to the cyber attack, albeit with some self-consciousness over it. Importantly, even victims who had put in place rigorous security measures such as biometrics and multi-factor authentication found themselves victims of cyber attacks:

“I had all the biometrics set up… I had multi-factor authentication [set up but they] managed to skip all… So, I don’t really understand how they did it, but they did it on 2 occasions.”

Victim of cyber crime and online fraud

Fraud

The experiences of victims of fraud varied depending on the type of fraud (including whether online or offline fraud), and the consequences of the fraud.

Victims who were tricked or deceived into sending money or goods to a fraudster online noticed they had become victims during the incident or shortly after. For victims who became aware at the time, this was generally when the fraudsters became increasingly hostile, tried to keep them on the call and obtain further personal information, or began demanding increasingly larger sums of money to be transferred or paid, making the victim suspect that something was wrong.

In contrast, victims of investment or cryptocurrency scams reported much longer timelines. For these types of online fraud, both the build up to the incident and the discovery took much longer. Victims mentioned being in contact with the scammers for weeks or months before they decided to invest in the scam.

Victims of offline fraud who had bought fake or counterfeit goods in person typically noticed something was wrong when they discovered the goods were fake or did not arrive, or when they did not receive money for the goods they sold.

Case study: Offline fraud

‘Monique’ wanted to buy tickets for a music festival. She was given the contact details of a ‘friend-of-a-friend’ who had 2 spare tickets for sale. After initial texts and 3 phone calls with the seller, they arranged a face-to-face meeting in a local garage forecourt and she bought the 2 tickets for £100.

When ‘Monique’ arrived at the festival a few days later, she found out that the paper tickets she had bought were fake as the scanning machine did not recognise the QR codes. She was denied access and had to buy another set of tickets at the venue at extra cost. While she could attend the festival with the new tickets, she could not buy any food that day and had no money left for the ticket fare home. After the event, she tried to contact the seller, but the phone had been disconnected. She did not report the fraud as she did not think it would result in an outcome and did not recover any of the money lost.

‘Monique’ strongly felt she had been a victim of a crime and compared her experience to that of theft.

“100%. Yes. It’s like theft isn’t it?”

She also reflected that the seller had looked “normal” and “not at all dodgy”. The fact that it had been a person she had met and engaged with contributed to her upset.

“I was more upset that someone could actually do that to somebody else, another human being. I just thought there’s [sic] some sick people in this world that are that horrible that they’d let you travel down and knowing you weren’t going to get in just to rip them off for £200.”

The research found that while this was true for most victims of online fraud, victims of online investment or cryptocurrency fraud felt as victimised as those experiencing offline fraud. This was linked to the lengthy ‘grooming’.

Some fraud victims attempted to trace those who had targeted them by using information they had about the criminal, such as payment locations and account IDs. In a small number of incidents, the victim was confident they could identify the fraudster and had compiled evidence demonstrating how they had committed the crime. In one instance of offline fraud, the victim was able to identify the fraudster’s address through a PO box they had sent a cheque to and could coordinate with local police which led to the fraudster’s arrest and subsequent prosecution. For an online fraud case, the victim could pass on the WhatsApp number of the fraudster to the local police, but this did not lead to any action being taken against the perpetrator as the police decided not to pursue the case further.

A number of offline frauds were preceded by online frauds. A typical example of this were cases where the victim initially came across a fake or misleading ad for services or goods online, for example, on eBay or Facebook Marketplace or Gumtree, and the subsequent fraud took place over the phone or face to face. Another common example of online fraud leading to offline fraud was phishing emails or texts, asking victims to share personal information. The fraudster would then call the victim and explain that they had just been scammed and needed to take action, for example, by moving money out of their bank account to protect themselves – see case study 1 for a detailed description.

Interestingly, where victims reported this interplay between online and offline fraud, their focus was usually on the offline element of the crime. This could be because victims who engaged with the perpetrators over the phone or face-to-face were more likely to experience feelings of ‘guilt’ of not having ‘spotted’ the fraudulent behaviour and therefore felt more personally victimised by the experience compared with those where the crime happened exclusively online.

The research found that whilst this was true for most victims of online fraud, victims of online investment or cryptocurrency fraud felt as victimised as those experiencing offline fraud. This was linked to the lengthy ‘grooming’ process associated with these types of online frauds. This ongoing contact with the fraudster led victims to feel similarly targeted as victims of offline fraud and also often resulted in them questioning their judgement.

The most frequently reported link between cyber crime and other offences was incidents of cyber crime leading to fraud - especially online fraud - or vice versa. The most common example of a cyber crime leading to online fraud was cases where the criminal accessed the victim’s online account, for example, by hacking into their online banking, PayPal or Amazon account, and using this to either transfer money elsewhere, make payments or order goods.

In most cases cyber crime led to fraud. Although some victims entertained the possibility that a cyber crime (unbeknown to them) may have taken place and facilitated the fraud, they were unable to give a more detailed account of what may have happened. Some suggested that the fraudster may have got hold of their details (their credit card data, phone number, mailing address, company information, for instance) through a large-scale cyber attack aimed at an organisation/website they had used or signed up to, for example, like the cyber attacks on British Airways in 2018. For others, the lack of clarity of how the fraudster may have obtained their details led them to believe a preceding cyber crime as the ‘only logical explanation’. Some victims also reported having been locked out of their accounts and receiving notification to call a certain number to help them re-gain access to their online accounts.

In other instances, the online fraud predated and facilitated the cyber crime. Some victims recalled, for example, receiving a message or other communications (text message or email) which requested details from them, such as passwords, banking details, personal address or other information, only to later find out that they had lost money or their personal details had been stolen. In one example, a victim received a message on Instagram informing them they had won £600 in a competition and needed to send an email with their personal details. After the victim sent the email, the fraudster hacked their social media accounts. The victim only later considered the initial communication (winning a competition) to be suspicious after the cyber crime occurred.

In a few instances, victims reported that the cyber crime had led to a non-fraud offence, for example, cyber bullying. One example involved a victim whose work email account had been accessed without their permission and then used to send harassing emails to their partner - who was working for the same company. This resulted in the partner experiencing severe anxiety and having to take time off work.

2.5 Repeat victimisation

The experience of victims varied, with some incidents being a one off, while for others multiple incidents had occurred, which they believed were linked.

Where multiple crimes occurred at the same time or very quickly following one another, victims typically saw these as a single crime and focused on the one that they considered most significant to them; for example, if money had been lost they would focus on the fraud element, even if a CMA crime had been instrumental in the fraud.

Conversely, victims talked in a more nuanced way about different crimes if they occurred at different times. Victims of cyber crime specifically were more likely to report multiple related incidents compared to those who had experienced fraud. For instance, after a hacking incident, several victims found that their other accounts had also been compromised.

“They were [..] leapfrogging [..] and once they got into the business bank account, they could then see other people’s accounts.”

Victim of cyber crime and online fraud

Some victims believed that an initial cyber attack made them vulnerable to subsequent ones as their personal or payment details were exposed during the first attack. When loss of money occurred, some wondered if their bank/payment service was at fault. To protect their details and prevent further incidents, some reported this concern to their bank, Internet provider or the police.

On the other hand, victims of fraud who experienced repeat victimisations were more likely to believe that the attacks were unrelated from each other, and that they had simply been unlucky to have been targeted twice. These are victims’ reflections and therefore it is not clear whether individuals had suffered random attacks or deliberately been targeted.

“I just can’t believe I’ve missed the signs not once but twice. Just clicked on a link and not even thought twice about it being potentially fraudulent. I should feel like a victim but I don’t. I blame myself for clicking on the links.”

Victim of cyber crime and online fraud

2.6 Sense of victimhood

The extent to which victims perceived themselves as a ‘victim of a crime’ varied greatly. Evidence from the desk review indicated there is a “status issue” surrounding online crime and fraud, which has multiple consequences on reporting, as some victims do not perceive the offence as a crime and therefore do not see themselves as a victim. This is particularly the case where there has been no financial loss (Button et al., 2020; Fonseca et al., 2022). This evidence is broadly consistent with findings in this report with victims often only viewing an incident as a crime if it involved notable financial loss, while smaller losses were often viewed as ‘scams’. If victims were fully compensated, they were less likely to consider themselves as victims of crime, regardless of how quickly they were reimbursed.

Online versus offline

Among victims who experienced an online crime, whether online fraud or cyber crime, views were mixed as to whether they had been a victim of a crime. In some cases, for example, where the criminal accessed a victim’s online accounts without their permission, this was seen as similar to someone stealing their wallet in public. Incidences which occurred in person, were also more likely to be considered a crime. However, for most, the lack of physicality of a digital incident reduced the perceived seriousness of the crime. In these cases, victims were more likely to refer to the incident as a ‘scam’ rather than as a crime, even if they had suffered financial loss as a result. This indicates that victims apply different thresholds to what constitutes a crime in online versus offline settings, seemingly requiring a higher level of severity to consider an online activity as a crime.

“I didn’t really [think of it as a crime], because when I think of crime I think more about mugging or burglary or, you know, car theft, things like that. I’ve had some stuff happen to me offline that I feel like is more of a crime.”

Victim of cyber crime

Self-blame

Any blame that victims felt for having facilitated the crime also influenced whether the victim saw themselves as a victim of a crime or not. This was especially true for victims of fraud, where victims had been manipulated into actively handing over money or personal details.

For a few victims, this ‘active’ participation made them feel less of a victim of crime, as there was a sense they themselves could have prevented the crime from taking place. However, this was the minority view. Most victims either felt that the manipulation was part of the crime itself (and therefore they were still a victim of a crime, even if they ‘fell’ for it) or that their self-proclaimed ‘stupidity’ did not undermine the criminal nature of the attack or incident. Victims of both cyber crime and fraud reported feeling isolation, shame and embarrassment caused by the emotional impact of victim blaming. This evidence is consistent with previous findings where fraud victims had willingly sent money or personal details to the offender (Button et al., 2020).

“I felt like I was a victim of a criminal offence, but I also felt very stupid. I just cannot believe, I couldn’t believe that I’d been so gullible. I consider myself to be fairly well educated, but I just do not understand. I look back at it now, and it was almost like I was in some sort of trance and I was being told to do these things, and I was just doing them.”

Victim of cyber crime, online and offline fraud

2.7 Impact of cyber crime and fraud

Victims of cyber crime and fraud reported being affected by their experience to varying degrees. As reflective of findings from previous research, victims reported experiencing a wide range of emotional, health and financial harms from fraud and cyber crime, as well as impacts on day-to-day behaviours (Home Office, 2025).

Anxiety was the most reported impact; however, for some victims, anxiety and panic attacks lasted several hours to a day following victimisation, whereas others continued to experience anxiety longer term and in some cases beyond the resolution of their incident. The main concern among victims which heightened anxiety and stress was the possibility of revictimisation, which is consistent with findings from previous evidence reviews (Button et al., 2020).

Victims spoke of ongoing anxiety impacting on their day-to-day life and ability to socialise and connect with others. This impact caused some victims to take time off work, others focused on securing their accounts, and a small number accessed mental health services for support. Victims who had accessed some form of support provision generally felt that the support they had received had been helpful (more detail on the role of support in chapter 5).

For many, the initial anxiety was replaced by a sense of guilt or feeling ‘responsible’ for having fallen victim (see section 2.6). This sense of guilt often remained even when the other emotions had subsided.

“I was just really cross with myself because I did consider myself to be a more intelligent person than what I obviously was.”

Victim of online fraud

Victims who experienced stress and frustration said this increased when they had a negative reporting experience or did not achieve a positive outcome (for example, resolution in form of reimbursement or compensation or criminal conviction in their incident). Victims who were left waiting for information or felt they were not being listened to felt more stressed than if their incident had been resolved swiftly.

In a few cases, victims spoke of experiencing PTSD and suicidal thoughts following victimisation. This was mainly when life-altering amounts of money had been lost (see case studies 1 and 2 as examples).

“Once I realised I had become such a victim it made me suicidal… I had worked hard, saved a little bit of money. I’m not far off from retiring and now I’ve thrown 24 grand to some fool… anyway, I was the fool because when I started asking more questions and they were very evasive, I really should have clicked. Never mind. I was suicidal.”

Victim of cyber crime and online fraud

Victims were also impacted by the extent of the financial loss they had experienced and by how much this affected their daily life or future plans (for example, holidays, moving house).

Some of the victims who had lost personal information without any monetary loss also felt victimised. This was mainly driven by their concern of the potential risk of future victimisation or misuse of their information.

“I didn’t lose any money financially, but somebody used my personal details, that they must have only got online in whatever way they did it… I’m a victim of some criminal activity because they obtained my details without my consent.”

Victim of cyber crime

Victims frequently reported short term behavioural changes as a result of victimisation. This included not making online purchases or shopping online or closing accounts on platforms where they had experienced cyber crime or fraud. For example, victims who had purchased fake or counterfeit goods online felt the experience was a ‘wake up call’ and reported being more vigilant after the incident in checking if a site was trustworthy and reading reviews before making purchases. Others focused on reinforcing their digital safety by securing their information online, for example, by changing their passwords or adding additional protection, such as 2-factor authentication, to their accounts.

“Online shopping now is a bit more of a lengthy process. I read reviews on everything and I’ll be like, ‘Okay, this website. What are the reviews? Is it trustworthy?’, and it takes me 2 or 3 times as long to buy one thing than it does anything else.”

Victim of cyber crime and online fraud

Similarly, behavioural changes also appeared to lesson over time, which builds on findings from existing research (Home Office, 2025), suggesting some variation in the extent to which behaviours may be adopted following different types of support received after a cyber crime or fraud incident.

3. Reporting

This chapter explores the reporting landscape and victims’ experience of reporting a cyber crime or fraud, as well as their satisfaction with the reporting process. The research was also designed to hear from a small number of victims who had decided not to report, to better understand factors influencing this decision.

3.1 Key findings

While Action Fraud is the national reporting centre for fraud and cyber crime, there was a lack of awareness among victims taking part in the research that this organisation exists. Victims instead were more likely to report to their bank/building society, the social media platform or online selling platform where the cyber crime or fraud had taken place, although some did choose to also report the crime directly to the police or Action Fraud. Victims’ choice of which organisation to report to was primarily driven by who they thought would be most able to resolve the situation.

Victims’ experiences and levels of satisfaction with their reporting journey were mixed and often depended on the agency they reported to. Generally, satisfaction was higher with reports to banks/building societies and lower with reports to social media companies / online selling platforms or police. Feedback on Action Fraud was mixed.

The research identified 3 key factors that influenced victims’ satisfaction with the reporting process, these were:

  • being treated with empathy and understanding whilst reporting
  • a timely response to the report
  • a positive outcome of the reporting

3.2 Overview of reporting landscape

There are a range of organisations who victims of cyber crime and fraud can report incidents to, although all fraud and cyber crime victims should report crime to Action Fraud, a national service that aims to ensure a coordinated, joined up and effective police response to fraud and cyber crime[footnote 4]. Often victims chose to report to one or more agencies, with most choosing to inform either their bank/building society, Action Fraud or the police. Table 2 provides high-level overview of the different reporting processes for each of the 3 key agencies, at the time of the research.

Table 2: Cyber crime and fraud – high-level overview of reporting pathways for individuals

For further information on reporting routes: Cybercrime - National Crime Agency; Reporting fraud - Stop! Think Fraud.

3.3 Overview of Action Fraud reporting mechanism

Action Fraud is the UK’s national reporting centre for fraud and cyber crime. It is managed by the City of London Police (CoLP). When reports are received, NFIB analyses them to identify useful information and potential connections between incidents. Where there is sufficient evidence and a viable lead, NFIB creates intelligence packages and disseminates them to an appropriate local police force to investigate. Those reports deemed not viable for investigation are not closed but remain under constant consideration for links to newly reported crimes. NFIB assesses the cases based on available resources, potential outcomes and other ongoing investigations. If the police do not investigate a case, it is sent to the Action Fraud National Economic Crime Victim Care Unit (AF-NECVCU), which provides targeted support and assistance to fraud and cyber crime victims. NECVCU has 3 levels (1 to 3) with level 1 offering the least support and level 3 offering the most. At the time of this research, level 1 had been rolled out across the country; however, there may have been variations in support across regions for level 2 and 3[footnote 5]. The level of victim vulnerability is determined through a self-assessment questionnaire completed during the reporting phase, which determines the appropriate level of support needed, including if NECVCU support is suitable.

3.4 Victims’ experience of and satisfaction with reporting

Overall, victims’ experiences and levels of satisfaction with their reporting journey were mixed and often depended on the agency they reported to. While victims’ experience of and satisfaction with reporting differed by type of organisation they reported to, the research found several key factors that were considered to positively or negatively affect most victims’ reporting experience. Naturally, victims also raised many of these factors when considering the barriers and enablers of reporting, which is discussed further in chapter 4.

Ease and accessibility of reporting. Victims repeatedly mentioned that the ability to easily identify how to report and who to, as well as how quickly they could get through or hear back from the relevant organisation they reported to were key. Victims wanted clear signposting to relevant contact details (for example, telephone numbers or email addresses). While findings from the literature suggest that victims prefer less time-consuming reporting options (van der Zee et al., 2019), and the findings from this current research corroborate this, victims also said that being able to engage personally with a professional was equally important. There was consensus from victims taking part in the research that ‘talking to someone’, either face to face or on the telephone, felt much more personal than communicating online (via chat or email), which echoes previous research (Home Office, 2025). Most victims interviewed spoke negatively about online automated reporting systems. This was mainly due to the word limit on the initial report submission restricting the detail that could be provided about the incident and the long-waiting times to hear a response. The improved reporting service which replaces Action Fraud includes several improvements to the existing system to improve the victim experience, and the timeliness with which cases are sent to police forces for action.

Empathy and understanding while reporting. The reporting experience was heavily influenced by the victim’s perception of whether they and their concerns were being taken seriously or not.

“They were incredible, they never made me feel like I’d messed up or made a mistake or that any of it was my fault… I never actually felt at any point that they were actually implying that I’d done anything wrong. They were really supportive, really fast at getting it nipped in the bud.”

Victim of offline fraud

Timely response to report. Linked to the point above, victims’ experience and satisfaction with reporting was driven by the responsiveness of the organisation they had reported to, which is consistent with existing evidence (Home Office, 2025). This also included receiving updates, even when no progress had been made. Specifically, in cases where the victim was told they would receive a call-back or follow-up email, satisfaction would often be directly linked to whether this happened and whether this was done in a timely manner. Victims also spoke positively about the reporting experience when there was consistent engagement with the same person to whom the initial report had been made.

Outcome of reporting. Victims’ perceptions of the reporting process were also driven by the outcome of reporting, as per previous research (Home Office, 2025). Victims who had money stolen from their accounts wanted to be reimbursed and, while other factors were important during the reporting journey, ultimately the victim’s experience was retrospectively viewed through the lens of whether they were reimbursed. For those who were driven by wanting to see the perpetrator caught and held responsible, the lack of outcome equally impacted how they felt about their wider reporting journey.

“I just want to know the outcome, really, because I don’t feel like I’ve really had some sort of closure… if I knew that they’ve caught this person and they’ve got to pay a fine… it would just be a bit more relieving.”

Victim of online and offline fraud

Victims’ experience specific to reporting to Action Fraud

Overall, there were low levels of awareness of Action Fraud. Only a few victims had direct contact with the service during the reporting process. Of those that did contact Action Fraud, the majority were prompted to do so by other organisations (either by the police or their bank/building society).

For those who had reported directly to Action Fraud, some spoke positively about Action Fraud’s strong channels of communication and frequent contact with the victims. In these cases, there was a broad sense that Action Fraud cared about the victim and took their case seriously. Some of these victims were given an Action Fraud contact point who offered advice on the next steps of reporting and advised on how to protect themselves against personal identity theft in the future.

“She gave me the tools, like a toolbox and said ‘right you have to do this, this and this. The reporting is one thing but now we have to make sure you’re safe, that your personal details are not compromised, that they [the criminals] don’t take out loans in your name etc with personal identity theft.’”

Victim of online fraud

Others were less satisfied with Action Fraud and described the service as a ‘library’ or resource for victims of ‘smaller’ or less significant crimes, rather than being an agency that was tough on perpetrators of cyber crime and fraud. Once victims had completed an online Action Fraud form about the crime, they received a generic thank you email for reporting the crime (with an associated crime number) and often heard nothing further.

Victims of cyber crime and fraud are eligible to receive different levels of support, depending on their level of vulnerability (see section 5.3). If a case is not investigated by the police, victims should still receive some support from NECVCU.

“I rang them, had various conversations and also sent letters to their head office, none of which provided any I would say reasonable response. It was just a case of, ‘Right, thank you, we’ve got your information, and this is your crime reference number.’ And that was it.”

Victim of online and offline fraud

Evidence from the desk review further suggests that some victims encountered issues with the Action Fraud online reporting tool (Button et al., 2020; Scholes, 2018). This was echoed by victims taking part in this research. As outlined above, improvements are being made to the reporting tool as part of the launch of a new national reporting service for fraud and cyber crime victims.

Victims’ experience specific to reporting to their bank or building society

When victims had experienced criminal activity that targeted their bank or building society accounts, the majority immediately contacted their bank or building society. Victims spoke of being motivated to contact the bank or building society immediately to ensure measures were put in place to prevent additional funds being taken and to request reimbursement for the money that had been ‘stolen’ as soon as possible[footnote 6].

Case study: Payment to unknown party

‘Nicole’ noticed one evening before going to bed that 3 transactions for £28 each had been made from her Curve card to an unknown PayPal account. ‘Nicole’ immediately contacted HSBC to cancel her bank card connected to her Curve card to stop any further payments from happening. Afterwards ‘Nicole’ contacted Curve and they blocked the card. A week or so after, ‘Nicole’ got the money back from Curve and they issued a new card.

‘Nicole’ felt that would be the end of it; however, several days later ‘Nicole’ noticed that the same thing had happened, but this time it was 3 transactions for £280 each to an unknown PayPal account. ‘Nicole’ contacted HSBC who directed her through to the fraud team, who were quick and responsive in ensuring ‘Nicole’ they would make sure she was refunded by Curve. HSBC cancelled the HSBC card connected to Curve and advised ‘Nicole’ to cancel her Curve card, as it appeared to be compromised.

“When I’d passed the data protection, they were able to tell me that the transaction had been seen, they told me the details of where the transactions had gone to, the PayPal account and tell me the amounts, the times it was taken and that it had triggered their fraud system already with the quick succession of payments for identical amounts. They’d automatically cancelled one of the payments already, so they froze my account on that side and issued me with a new [bank] card.”

‘Nicole’ felt supported and reassured by HSBC’s response which made her feel less stressed about contacting Curve for a second time. Later, ‘Nicole’ contacted Curve for reimbursement and asked how their account had been compromised on 2 separate occasions and what Curve was going to do to rectify the issue. After several email correspondences with Curve, they reimbursed ‘Nicole’s’ account but never provided a satisfactory response to ‘Nicole’s’ security enquiry. At this point, ‘Nicole’ decided to close her Curve account.

There was a perception that banks or building societies were better placed to assist in recovering the money lost than if they reported to the police or Action Fraud. This was because many victims said they did not believe that law enforcement could provide reimbursement and therefore chose not to report the crime to the police or Action Fraud (Button et al., 2020).

“I didn’t [report to police or Action Fraud] because I was just more concerned about getting the money back in my bank account.”

Victim of cyber crime and online fraud

In some instances, especially where victims had been tricked into transferring money to the criminal, the victims were asked to share evidence with the bank or building society, including screenshots of email or online communication with the scammer to prove what had happened. In other instances, the banks promised to reimburse the victims after a face-to-face meeting or telephone conversation with the victim and no further evidence was required. The majority of those who had to provide evidence considered this to be a reasonable request.

“And then he says, ‘Right, just screenshot it all, email it to this address, we’ll have a look at it and we’ll let you know the outcome of it within 7 to 14 days or something like that,’ and so I just left it at that.”

Victim of online fraud

That being said, a minority thought the bank’s request for evidence suggested they were not believed or somehow culpable in the crime(s).

A few victims also expressed a level of guilt that the bank or building society had to reimburse them in situations where they felt responsible for the incident. One victim, who had been tricked into moving money into the criminal’s account and encouraged to apply for a loan, explained that initially she reported her situation to her bank, and they refused to reimburse her as they felt she had willingly moved the funds and signed up for the loan. She went into her local branch to appeal the decision and explained that she had been scared into moving her money and applying for the loan. The bank manager overturned the initial decision and refunded her the money because she sounded distressed in the audio recordings.

“I just phoned their fraud department to actually say thank you very much. In my opinion they were quite at liberty to actually say, ‘Well, no, you’ve been really stupid, we’re not going to give you any money back. Because the times that we’ve told you not to share authorisation codes with anybody and things like that, you should know better by now.’ But they did give me £2,000 back and I phoned them just to say thank you.”

Victim of cyber crime leading to online and offline fraud

Victims often received follow-up calls from either the bank or building society’s internal fraud teams or from their initial point of contact. The calls provided updates on the status of the report and likelihood of receiving reimbursement. A small number received follow-up calls from the bank or building society to check up on their emotional welfare. Victims who had not received any follow-up were more likely to feel the organisation was not interested in resolving the incident.

Victims’ experience specific to reporting to police

In a few cases, victims chose to report their cases to the police. Most of these reports went via calling 111. Victims were generally not satisfied with the police and reported that the only action the police took in response to the report was to advise on who else the victim should report their crimes to, often the bank/building society or Action Fraud.

Although referring victims to Action Fraud is in line with guidance (see table 2), victims who were referred on tended to feel let down by the police, as they often saw this as the police not taking their case seriously. For example, several victims mentioned they had tried to phone the police but that no one had answered their calls, so instead they completed an online form. The correspondence they received online directed them to Action Fraud. In several other cases where victims had successfully got through to the police on phone lines, the police explained to the victim that they did not have the resources available to handle these types of crimes and consequently directed the victim to Action Fraud. It should also be noted that not all victims who had reported to the police mentioned they had been referred onto Action Fraud. In some situations, the police explained that the incident was ‘too minor’, not in the public interest or did not meet the Crown Prosecution Service (CPS) threshold for prosecution and let the victim know they had closed the case.

“I provided this information to the police and I think all they did was put them on the desk and put something else on top of it. I don’t think they dealt with it.”

Victim of online and offline fraud

In addition to being referred to Action Fraud, some of those who had contacted the police were directed to other local constabularies. For example, in one case where the police were investigating the report, the victim was advised to make contact with police that were local to the perpetrator themselves. In doing so, the victim was informed that the original force they had contacted had not shared any information with the second force. About a month after reporting to the second force, they were informed by the second force that the case had been closed due to a lack of evidence.

Victims’ experience of reporting to a social media or online platform

Victims who had experienced cyber crime or fraud through social media platforms, for example, Instagram or online platforms like eBay or Amazon, typically contacted the platform directly via online channels, phone calls or chatbots. However, they often struggled to find appropriate contact information for teams responsible for cyber crime or fraud. For victims who had purchased goods from fraudulent sellers on platforms like eBay, there was confusion about whether to report the crime to the platform or their bank/building society. eBay sometimes advised victims to seek compensation directly from their financial institution or PayPal, depending on the initial payment method.

Victims were generally dissatisfied with the reporting process on these platforms, as they felt that little action was taken in response to their reports. Most victims reported receiving no support from social media companies or online platforms and were not referred to other services. If victims had experienced financial losses due to cyber crime or fraud, they typically reported the incident to their bank or building society as well.

Other reporting experiences

The research also heard from a few victims who had experienced investment fraud or cryptocurrency scams (see case study 2). Victims of cryptocurrency scams found the reporting process challenging, as they were often not clear on who to report to. Some also felt they had engaged in ‘risky’ activity, further deterring them from wanting to report the crime to the authorities. For a few victims, this meant seeking legal advice to help them make sense of what happened and understand what options are available to them.

“My first thought when I felt that I’d fallen victim to the crime, was to go online, to try and talk to someone (a lawyer) – I didn’t want to talk to anyone I knew. I was so embarrassed and humiliated that I had lost £24,000, because of some pretty face behind a device encouraging me to do so.”

Victim of online fraud

For those who did report, this tended to be directly to the platform/site that hosted the investment or their bank. One victim described contacting a website where they had purchased the cryptographic or ‘non-fungible tokens’ (NFTs). They were invited to complete online forms, but nothing further transpired:

“It was just a form that I filled in online. It was like one of those things, like doing your tax return or something, where it just leads you through a bunch of questions… They’re facilitating these things to happen and when something goes wrong, they don’t care at all about it, they just wash their hands of it. They don’t care at all and they’re not interested in the slightest that they’ve got whole collections on their site which are complete scams.”

Victim of online fraud

For those who reported directly to the police, there was a sense that officers did not understand the ‘cyber world’ of cryptocurrency and were unable to help resolve the matter. Consequently, some victims concluded there was little point in reporting to the police. Instead, victims of cryptocurrency frauds often sought advice from online communities on online fraud and cyber crimes.

A few victims approached lawyers for legal advice. One victim was so perplexed and confused by her situation that they sought legal advice after transferring money to a scammer who did not deliver the goods or provide a refund. Another victim sought legal advice, as he felt too ashamed to explain his situation to friends and family.

As a ‘last resort’, some victims who had lost substantial amounts of money and could not get compensation from their bank/building society also reported their crime to the Financial Ombudsman. This was done in the hope that the Financial Ombudsman would advocate for them and/or provide a resolution (see case study 1 for the full experience). The examples provided by victims were still awaiting adjudication, in line with the published waiting time of several months, and so it is not possible to report on the eventual outcome.

“I’ll probably have to work to the end of my life to even try to recuperate what I lost if the Financial Ombudsman doesn’t defend my case.”

Victim of online and offline fraud

4. Enablers and barriers to reporting

This chapter discusses the perceived enablers and barriers to reporting cyber crime and/or fraud. In addition to exploring general motivation to report, the chapter also considers the barriers and enablers to reporting to different law enforcement agencies.

4.1 Key findings

The belief that reporting would lead to the money being recovered was by far the biggest motivation for those with financial losses. Other key drivers included victims’ desire to protect others, a sense of civil duty, as well as a desire for a just outcome.

Key barriers to reporting included victim shame, a sense that the crime was not serious enough to warrant reporting or that victims would not be taken seriously by police, low levels of awareness of Action Fraud, as well as a shared belief that the police lacked relevant resources to pursue the incidents.

While an overall driver to reporting, victims’ desire for reimbursement was another key barrier to reporting to law enforcement as the police and Action Fraud were seen as less able to recover money lost.

Raising awareness of Action Fraud as a key reporting body, ensuring all relevant information about reporting can be found in one easily accessible place, and cyber crime and fraud being taken seriously, were all seen as ways to encourage reporting in the future.

Those who had chosen to report to the police generally felt they could trust the police to take action and worried less about taking up police time. Activities such as positive reinforcement campaigns which included examples of victims’ positive reporting experiences may assist in building trust and confidence in police and therefore further encourage reporting.

4.2 Key enablers

There were several factors which were seen to influence a victim’s motivation to report the cyber crime and/or fraud experienced.

Reimbursement

Where the cyber crime or fraud led to financial loss, feedback from victims suggested that wanting to recover as much of the money lost as possible was one of the main drivers for reporting the crime. Reimbursement as the biggest driver also explains why most victims chose to report to the organisation they thought would most likely be able to help them recover their funds (often their bank/ building society or online platform) before reporting the crime to law enforcement. This is in line with existing evidence (van der Zee et al., 2019.

“I feel like that [the bank] is the first place you’d go. Obviously, they’re the ones who control the money going in, going out. I feel like that’s the only way I could have got my money back, and the quickest way as well.”

Victim of cyber crime leading to online and offline fraud

Sense of justice

Several victims were motivated to report the crime to the police as they hoped that the perpetrator would be caught and receive a criminal conviction for the financial and emotional harm, thereby preventing further crimes and offering some sense of justice to the victim. This was often driven by victims’ desire to see the offender be held accountable for their actions and is in line with findings from previous research about improving the responses to online fraud victims (Cross et al., 2015). However, in most cases, the perpetrator was not identified, despite the victim reporting the crime and expressing a distinct desire to pursue and punish the criminal.

“That was my motivation to try and catch the thief to stop them from doing whatever they’re doing. But nobody was interested, up to now. I still have that reference, nobody has asked me for it. I volunteered that information, nobody cares.”

Victim of online fraud

Seeking justice was also linked to a sense of duty to prevent others being victims of cyber crime or fraud. Often victims spoke of feeling like it was their civic duty or obligation to report the incident to the police, especially if this would help protect others seen as ‘more vulnerable’ than themselves. This sense of duty was more pronounced in victims with higher levels of trust in the police to take matters seriously. Feedback from victims suggests that those who had reported to the police generally had trust in the police to take action and worried less about taking up or ‘wasting’ police time compared with other victims taking part in the research. Conversely, a lack of trust in institutions, and their willingness and ability to act, was a key barrier to reporting (see section 4.3). Case study 3 further illustrates how perceived inactivity of the police can lead to a loss of trust and discourage future reporting.

“If I don’t report, then the sellers will just continue to get away with it. They’ve won, they’ve done what they set out to do. They’ve got away with fraud and victimising somebody.”

Victim of cyber crime

4.3 Key barriers

The reasons why victims chose not to report were underpinned by various factors. Some felt too ashamed of their perceived ‘stupidity’ and feared the judgement of organisations. Others did not know who to turn to, or did not feel confident that an organisation would be able to help or support them.

Lack of awareness of when to report to police or Action Fraud

In addition to a lack of awareness of what cyber crime or fraud is and whether it constitutes a crime, many victims were also unsure of which organisation to report the offence to. This finding is consistent with previous research which also highlighted confusion on the role of different services in responding to cyber crime and/or fraud reports (Home Office, 2025). Victims interviewed emphasised the need for greater clarity on who victims should report to as well as what happens following reporting.

“I just didn’t know there [Action Fraud] was such a thing. I just thought normal police have got enough to do. They’re not going to bother about my [incident] but, yes, if I knew there was something out there that maybe someone could look through it to save it happening to somebody else then definitely.”

Victim of offline fraud

There was a low level of confidence in whether cyber crime and fraud could be considered a crime, particularly if they had not incurred a financial loss. In cases involving cryptocurrency, there was added uncertainty about the legality of the investment. This further increased victim’s confusion on whether to report the crime and who to report it to. Some victims of cyber crime and fraud did not report these incidents to the police as they were not physically hurt or threatened, and consequently felt that these were not crimes ‘worthy’ of being reported.

In addition to this, in some cases when the victim had reported to their bank or other service provider, victims thought that these organisations would ‘report’ the cyber crime or fraud to the authorities. Others assumed this would be done automatically. This led to some victims not proactively reaching out and reporting to the police or Action Fraud, as they thought this had already been done on their behalf.

Perceived lack of assistance with financial compensation

As mentioned above, where victims experienced financial loss, wanting to recover as much of the money lost was one of the main drivers for reporting the crime. However, when the amount of money lost was perceived as low, victims said they did not think it would be worthwhile to report or try to recover the funds. It was apparent that the value of the financial loss was relative to each victim’s individual financial circumstances, rather than the specific amount lost, which is in line with findings from the desk review (Fonseca et al., 2022; van der Zee et al., 2019). To encourage reporting, it is important for victims to recognise even small monetary losses as a crime.

“I wouldn’t have known at that time who to report, that there was a specific person, or organisation, to report [to] other than the police, and then it just seemed as if it was too minor to contact the police.”

Victim of online fraud

Sense of shame or embarrassment

The decision not to report a cyber crime or fraud incident was influenced by the victims’ sense of shame or embarrassment being so strong that it weighed more heavily than any desire to report or resolve the incident. This shame tended to stem from a feeling that they “should have known better” or not believed the perpetrator, which is in line with previous research (Button et al., 2009).

“I thought to myself, is there any point, really, in phoning the police or anything because they’re going to say it’s your own fault and don’t be so daft next time.”

Victim of online and offline fraud

However, for a few victims, their sense of shame and guilt actually encouraged them to report the crime. This was because reporting gave those victims a sense of action and an opportunity to ‘undo’ some of the damage done:

“You’re submerged by a complete feeling of guilt towards your family and so it’s as if you jump into a survival mode… but I said, ‘I have to do something. It’s not good enough, I must react and call the police immediately.’ Which I did straight away.”

Victim of online and offline fraud

Capability of organisations

Victims reflected on their strong desire for the agencies and organisations to treat their cases ‘seriously’. However, victims also voiced the concern that nothing would happen if they did report a cyber crime or fraud. There was broad consensus, irrespective of the crime, that the police lacked both the resources, capacity and interest to deal with many of the cyber crimes or frauds reported, particularly those that simply involved stealing funds directly from bank and building society accounts. This was echoed by existing evidence (Button et al., 2020; Fonseca et al., 2022). Several victims explained that they did not feel like the police understood the world of cyber and more technical types of online fraud like cryptocurrency. Consequently, there seemed little point in reporting these types of crime to the police.

“Any of my experiences with the police, nothing’s ever been resolved… I just don’t have a lot of faith in it unless it’s a really, you know bad, bad crime. When it’s burglaries, we got burgled, they didn’t really do much.”

Victim of cyber crime and online fraud

4.4 What could encourage victims to report?

The following themes emerged from discussions with victims on what would encourage victims to report future crime to Action Fraud, and more generally.

Improving confidence of agencies and organisations. Those who had reported to the police generally had trust in the police to take action and worried less about taking up or ‘wasting’ police time, which is reflected in the literature. Activities such as positive reinforcement campaigns (regarding action taken by institutions in response to reports, or successful outcomes) which included examples of victims’ positive reporting experiences may assist in building trust and confidence.

Raising awareness. Awareness of routes to report, including to Action Fraud as the national reporting centre, was low across both those who reported and those who did not report. The small number of victims who directly reported to Action Fraud had – in most cases – not heard of the service before and found out about the option to report to Action Fraud by googling terms such as ‘reporting of cyber crime or fraud’ after the incident had taken place. Raising awareness could be particularly valuable for those victims who felt the incident they experienced did not warrant involvement of the police as it was not ‘serious’ enough, as it could provide signposting to financial institutions or Action Fraud.

Awareness raising campaigns, whether digital (for example, on social media and television) or using public spaces, for example posters at bus stops, were mentioned as a way to help the public understand more about how – and where – to report cyber crime and fraud.

Ensuring that information is clear, accessible and in one place. This was seen as something that would further encourage victims to report. As several victims found it difficult to distinguish between cyber crimes and fraud (especially cyber crimes and online fraud), keeping the language used to describe the crimes broad (to cover both cyber crime and fraud) and easy to understand in Action Fraud materials should be considered. This will help improve understanding on the nature of the crime and whether able to report it.

5. Support for victims of cyber crime or fraud

This chapter considers the support that is currently available to victims of cyber crime and/or fraud, alongside victims’ experience of accessing support, and their views on how support could be improved.

5.1 Key findings

All victims of cyber crime and fraud are eligible for support from organisations such as Age UK, Citizens Advice (directly or through their partnership with Cifas) or Victim Support if they choose to. However, most victims were not aware of any support available to them and had not been offered support when they reported the cyber crime or fraud.

There were mixed views about the need for support in the first place; while some victims said they would have welcomed support, others felt that support was unnecessary as they did not feel they had been affected in the same way as victims of other more ‘serious’ crimes.

Overall, the level of support provided was therefore seen as adequate by most, although a small number of participants would have appreciated emotional support to help them deal with the impact of the cyber crime or fraud. This suggests that while a universal provision of support may not be needed, victims could benefit from a more streamlined approach to support those who do need it can more easily opt in.

In addition, those who received more comprehensive support were highly appreciative of it and felt that it had improved their wider victim journey. This was even the case if they were unsatisfied with the outcome of their case (for example, because they had not received compensation for their financial losses). This shows that support can be a powerful tool in improving overall satisfaction.

5.2 Overview of what support should be available

The support victims should receive varies by the type of organisation they report to. Currently, there is some guidance indicating what support victims of cyber crime and fraud should receive when reporting to Action Fraud. There is currently no overarching guidance as to what support different organisations such as banks or building societies should provide to victims [footnote 7]. Any support available will therefore differ by each organisation/ service provider. Victims can still contact Victim Support or access support through other organisations such as Age UK, Citizens Advice (directly or through their partnership with Cifas) if they should choose to.

5.3 Victims’ awareness and experience of support

Most victims in this research reported that they were not aware of any support available to them and had not been offered support when they reported the cyber crime or fraud. In a few cases, victims were provided with practical advice, emotional support or signposting. This was provided by Action Fraud/NECVCU and fraud specialists within banks/building societies. When victims were given support, this was generally at the time of initial reporting and was provided by the organisation they had reported the cyber crime or fraud incident to.

There were mixed views about the need for support and this varied from case to case, which was similar to previous research (Home Office, 2025). While some victims said they would have welcomed support, especially receiving practical advice about what they should do after the incident had taken place, as well as how to better protect themselves against cyber crime and/or fraud in the future, others felt that “hand holding” was unnecessary for these types of crime. This was especially the case for victims who had experienced criminal activity that targeted their bank or building society accounts as their primary motivation for reporting the crime was financial reimbursement (see chapter 4).

These findings indicate that while a universal provision of support may not be needed, victims could benefit from a more streamlined approach to be offered and/or signposted to support, allowing those who felt support would be beneficial to access it more easily.

Reflections specific to the support provided by Action Fraud

Although advice and support should be provided to all victims reporting to Action Fraud, only a few victims who had directly reported to Action Fraud mentioned receiving support. From the interviews it was not clear whether victims were eligible for additional support through NECVCU or not. Similarly, when victims spoke about additional support they received, it was not always clear whether this was through Action Fraud, NECVCU, Victim Support or other support organisations.

In a few cases, Action Fraud provided the victim with more comprehensive support including follow-up calls. This went beyond the more typical general advice on how to avoid scammers and how to stay safe online. Two victims reported being referred onto Victim Support (most likely via NECVCU), having regular check-ins and being signposted to resources to support them with their mental health after the incident. In one case, the victim had lost nearly all their life savings (see Case study 1 below); in another case, the victim had been classified as vulnerable due to their pre-existing and documented mental health struggles. In both instances, the victims were highly appreciative of the support they had received, highlighting that where support is provided to victims identified as having additional needs, this was well received. Similar to reflections about the reporting experience, victims valued having one clear point of contact and follow-up calls or emails being made to keep them up to date with their case, similar to previous literature (Skidmore et al., 2020).

“They [Action Fraud] have been wonderful. They’ve gone above and beyond to double check, to see if I was alright, to make sure that Victim Support, someone was in contact with me from Victim Support.”

Victim of cyber crime and online fraud

Reflections specific to support provided by banks/ building societies

As with support received from Action Fraud, victims’ reports of support received from banks and building societies varied widely. Not everyone who had reported to their bank or building society was offered support or advice. For those who were, banks usually provided practical advice related to the closing of compromised accounts. In a few cases, victims also reported receiving calls to see how they were doing and if they felt they needed any further help, for example, providing them with a helpline number. Victims were generally satisfied both with the level and quality of support they received from their bank/ building society.

“Going back to the incidences that I’ve described, would I expect [bank] to come and somehow provide me with support? A person turning up and checking I was okay? No, that’s a bit too much to expect. So, I’m not quite sure. It’s just a case of where money has been fraudulently removed from a bank account, make sure you repay it, because it’s the bank’s systems that are the ones that are flawed, so therefore the responsibility rests with them.”

Victim of cyber crime and online fraud

Reflections specific to support provided by social media company or online platform

None of the victims who had experienced cyber crime or online fraud (including online fraud leading to offline fraud) reported receiving any support, whether practical or emotional, after reporting to social media companies or online selling platforms. However, there was clear consensus from victims that they would have benefitted from some support. While this was very much linked to practical advice (for example, letting them know how they could report or how they can keep their profile safe from cyberattacks or supporting them by taking down fraudulent ads or profiles), victims often saw this lack of basic support and signposting as an indication that social media companies and online platforms were not taking steps to prevent future incidents.

5.4 Victim suggestions on how to improve support

Victims made several suggestions of how support could be improved in the future.

Victims spoke of the importance of practical support that highlights what victims can do to better protect themselves, with resources that individuals could access in case of any future incidents. They suggested making support more accessible by offering different support mechanisms, for example, in-person groups/support sessions (especially if provided by bank), online chats for those who prefer not to speak to someone face to face or over the phone, or via Zoom or Teams.

“Often it’s nice to see faces on Zoom and Teams, so maybe they could offer an online counselling session if people wanted to talk about it, so that you’re seeing somebody face to face.”

Victim of cyber crime and online fraud

Victims often commented on the difficulties they had finding the right contact number to reach the correct team or sub team that could help them with their situation. Ensuring contact numbers are correct and easy to find was seen as making support more accessible. One victim also suggested providing video training instead of only text to make support more inclusive for those struggling to read or digest written advice.

“There should be some sort of video training about it from a reliable source, giving people the instructions verbally and visually in the sense of a video, not just textually and audibly.”

Victim of cyber crime

The victims mentioned the benefits of forums being available for victims of cyber crime and/or fraud to discuss their experience and support with each other as a suitable form of support. There was a sense that individuals who had gone through similar experiences would be well placed to provide both practical and emotional support to victims, without adding strain to other services such as police or third-sector organisations.

6. Conclusions

This research has broadened the existing evidence base by providing additional insights on the experience of victims of cyber crime and fraud and whether they decide to report the incident or not. It has explored how victim journeys, whether by type of crime or reporting pathway, differed. This usefully informs ongoing considerations for improving the reporting experiences of victims of cyber crime and fraud as well as how victims can be better supported throughout their journey. In light of this, this chapter raises several implications for policy and practice.

The findings show that victims are often unsure whether the incidents they have experienced are cyber crime or fraud. Greater awareness of what defines cyber crime and fraud would support improved understanding of how to report and who to report to, and particularly the role of Action Fraud. Improving awareness and knowledge could be supported through campaigns and information sources.

There was a perception that agencies, such as the police, do not have the capabilities to respond to reports of cyber crime or fraud. This was particularly referenced in relation to cyber crime and more complex types of online fraud, such as cryptocurrency scams. To improve confidence in law enforcement response to reports, it is important that communication approaches highlight positive examples of how cyber crime and fraud are being tackled.

Greater clarity is required on how agencies and organisations work together to respond to reports of cyber crime and fraud incidents. Victims were unclear whether the onus was on them to report incidents to other agencies, for example, if they reported online fraud to their bank or building society, whether they should also contact Action Fraud or the police. This could be supported by the provision of clear, accessible information which clearly sets out the reporting process and the requirements of both victims and different agencies and organisations.

The research identified that victim satisfaction with the reporting process increased when victims felt they were treated with empathy and understanding, and received a timely and positive response to the report. Consideration should be given to ensuring that the reporting process has clearly established timelines for responding to reports made, including the process of providing updates on the outcome of the reports, which are included in information that is available for victims.

Greater acknowledgement of the impact of cyber crime and fraud will help ensure that agencies and organisations are consistent in their provision of support as well as signposting to other support services. It is also important that the short- and long-term impacts of these crimes are recognised in the provision of ongoing support. This can be supported by having a consistent point of contact as well as follow-up contact. This support should reflect the impacts experienced as well as provide information on how to prevent further incidents of cyber crime and fraud. Implementing a more comprehensively available support offering may therefore present an opportunity to increase satisfaction with reporting services.

7. Detailed case studies

It should be noted that participant names and some details within the case studies presented in this report have been altered to ensure participant anonymity.

7.1 Case study 1 – Online fraud leading to offline fraud

‘Jess’, a woman in her late forties, had just returned from travels abroad when she caught COVID in March 2022. She was self-isolating away from her husband and grown-up sons when she received a text from someone claiming to be the NHS saying she had been in contact with someone who had COVID and needed to buy a test kit. As she was currently suffering from COVID herself and feeling unwell, ‘Jess’ clicked on the link and provided her card details to buy the kit for £1.29.

Later that day ‘Jess’ received a phone call from a fraudster claiming to be Bank of Scotland (BoS) (‘Jess’ banks with BoS) who told her she had been a victim of a COVID scam, and her bank accounts may be compromised, therefore she would need to act right away to protect her savings. This made her panic, and she told the fraudster she had an account with HSBC as well as BoS.

“If you’re caught in that very instant when you let your guard down because you’re not at all well, it can sound plausible. It’s a bit like a spider that makes its web, and it just waits for an insect to fall in and they close in on you. You can’t get out of that situation. So, you’re really taken in a very dense psychological state of panic. And that’s what they use.”

The fraudster reassured her that he was there to keep her safe and recommended she move any other savings she may have into a Revolut account. ‘Jess’ already had a Revolut account but was told to set up a second account and move her savings from HSBC to this new account. In her state of panic, ‘Jess’ set up a second account on her Revolut mobile app.

“It’s a combination of psychological manipulation, but equally a technical manipulation, and they combine those 2 together in a very fast-paced tempo so that you do not have the time to step back and think…count to 5…take a breath…and hang up.”

The fraudster stayed on the line and reassured her throughout this process, while also stressing the urgency needed in order for her to protect her money as her accounts were already compromised. ‘Jess’ moved all her savings from her HSBC account into the second Revolut account. As soon as the transfer had completed, the fraudster ended the call. Once the call had ended, ‘Jess’ realised that she had been defrauded and experienced a panic attack. Since then, she has suffered from extreme guilt, insomnia and developed PTSD as a result.

“I hear the voice of that man [at night] and I see what happened in the accounts and everything was so quick and everything was ‘panic panic.’ Why didn’t I hang up?”

‘Jess’ called the police straight after the incident had happened. The police connected ‘Jess’ with Action Fraud, who asked her to submit a report online, which she did. The same day ‘Jess’ reported the incident to Revolut, who said it was not their responsibility as ‘Jess’ had authorised the payments herself and had shown her scam aware warnings on the Revolut app during the process. ‘Jess’ also went to her local HSBC branch who told her as she had moved the money from HSBC to her Revolut account there was nothing they could do to help her.

‘Jess’s’ case was referred onto NECVCU, who called her back the next day and advised her on securing her personal details by reporting to Cifas. This made her feel safer. ‘Jess’ was also provided with a support leaflet with activities, giving her access to PTSD workshops online, and advised her to raise the matter with the Financial Ombudsman (FO). ‘Jess’ contacted the FO on the same day and has since also instructed a lawyer to help her with her case.

At the time of writing (May 2023) ‘Jess’s’ case with the FO is ongoing. She has not been able to recover any of the money and she has had no further contact with HSBC, Revolut or AF-NECVCU. Although she has had some support addressing the metal health issues she developed as a result of the incident, she is still suffering from flashbacks and PTSD and has started therapy to help her come to terms with what had happened. Besides the profound impact the incident has had on her mental health, it has also affected her and her family’s lifestyle as ‘Jess’ will not be able to retire at the age she had previously planned if she cannot recover the savings that have been lost.

7.2 Case study 2 – Online fraud involving reporting to Action Fraud

‘Martinez’, a man in his thirties, received a text from an unknown number in May 2022. He replied to let the sender know that they had contacted the wrong person. The person apologised, and they carried on texting over the next month or so. The sender told ‘Martinez’ they were a Chinese woman living in the UK working in cryptocurrency. The individual also told him they had a poorly family in China who they sent money to. This made ‘Martinez’ feel sympathetic, and he talked about details of his own life such as his job and family.

In conversation, ‘Martinez’ mentioned he was an insomniac, and the individual responded that they knew of treatment clinics in the US that could treat insomnia, but it would cost £200,000 in total. The fraudster suggested they could help ‘Martinez’ raise some of the money through cryptocurrency trading. As they had been talking for over a month at this point, ‘Martinez’ felt he could trust them and decided to invest £500. He was instructed to download the apps Binance and BitMart, which asked for personal identification, email addresses and 2-way authentication. This made him feel the investment was legitimate and secure.

‘Martinez’ transferred money from his bank to another bank to convert it into cryptocurrency. He received a confirmation of payment, which he was happy with. Within half an hour, ‘Martinez’ had made $200 profit. The fraudster then instructed him on how to withdraw the money, which he did.

Based on his success, ‘Martinez’ decided to invest £3,000 but this time did not make the same quick return profit, so the fraudster suggested putting more money in and holding it in the account. ‘Martinez’ started to feel nervous, but the fraudster sent him pictures of trades they had done with large returns, which convinced ‘Martinez’ to invest a further £10,000. His bank initially declined this, but he called to okay the transfer and the bank agreed.

Over the following months ‘Martinez’ continued to pay into the account until he had £24,000 in cryptocurrency. At this point he decided he wanted to withdraw his money and the profit he had made. ‘Martinez’ was informed by the app that he had to pay tax before he could access his money. He asked the customer service team to take the tax off the money in his account, who told ‘Martinez’ he needed to pay the tax from his account to a third party. This was when ‘Martinez’ realised he had been scammed (August 2022).

“At this point my heart absolutely dropped. My first thought when I felt that I’d fallen victim to the crime, was to go online, to try and talk to someone – I didn’t want to talk to anyone I knew. I was so embarrassed and humiliated that I had lost £24,000, because of some pretty face behind a device encouraging me to do so.”

‘Martinez’ initially contacted a lawyer who confirmed it sounded like a scam. He then went to TaxScouts to confirm that HMRC would never request a payment through a third party. ‘Martinez’ then compiled a file of the conversation record, bank references, credit cards and payment reference numbers; he took this to his local police station and reported it. The police told him to contact Action Fraud.

“The police just were not that interested. They said, ‘We’re sorry’. They didn’t have enough resources to handle that sort of case, so they simply gave me [the] Action Fraud line and asked me to report it to Action Fraud.”

‘Martinez’ filed a report with Action Fraud and received a confirmation email but had no further contact at the time. He also went to his high street bank, who told him that as he had moved money to a different bank account, it was outside of their control. A few days after visiting the bank, ‘Martinez’ received a letter empathising with his position about the money he had lost and explained a little more about the type of crime he had become a victim of. This letter did not include any signposting to support organisations or information on what type of support ‘Martinez’ could access. By this point ‘Martinez’ was feeling suicidal from the shame that he had fallen for such a scam, his insomnia worsened, and he began experiencing heart palpitations and panic attacks in the night.

“The banks, in my opinion, failed me because they didn’t try hard enough in telling me about the fraud. They tried once, but that was it. They didn’t try hard enough. These 2 initial people [police and bank] should be more aware of the pain and difficulties that victims go through and they should be offering them more help. It shouldn’t just be handing somebody a piece of paper, there should be somebody making a phone call to say, ‘How are you?’ Getting that somebody to talk. I didn’t have anyone to talk to, I just had to talk to myself.”

A few months passed in which ‘Martinez’ had no further correspondence with the police, bank or Action Fraud until he received a follow-up phone call from Action Fraud (February 2023). Action Fraud asked about ‘Martinez’s’ wellbeing and if he needed any support along with a few clarification questions about his experience. ‘Martinez’ explained that he was upset that he was only being offered support now as he needed it most during the first few weeks when he felt physically sick and suicidal. At the time of the research, ‘Martinez’ has not recovered any of his money and is working with a solicitor to see if he can file a case against either of the banks for financial compensation.

“Nobody has been interested, they haven’t helped one jot. Not the police. The police were disappointing. The banks I could understand their stance because they don’t particularly care about anybody as long as they make their money. I’ve got a solicitor who is helping me to try and get some money out of the banks, whether that’s successful or not, I don’t know. If any of these organisations, the bank, the police initially, if they had made an effort to talk to me in my case, that would have helped a great deal.”

7.3 Case study 3 – Offline fraud

In March 2022, ‘Andrea’, a woman in her forties, was looking to purchase concert tickets for July 2022. She went online to Ticketmaster and could not get any tickets as they had sold out. When mentioning this to a friend, her friend told ‘Andrea’ of a man she knew who worked in events and could get concert tickets. Upon receiving his number, ‘Andrea’ called the man and bought 5 tickets from him at £95 each. He asked ‘Andrea’ to pay via a bank transfer, which she did. After paying for the tickets ‘Andrea’ texted the man to ask for confirmation that he had received the money, he did not reply. Two weeks before the concert ‘Andrea’ was yet to receive confirmation, or the tickets, so she contacted the man again and asked for the tickets; he replied stating that he had been busy, and she would receive the tickets soon. The concert came and went, and ‘Andrea’ never received the tickets.

‘Andrea’ felt very stressed and upset on the day of the concert, as she had intended to go with her family, who were all waiting for confirmation of the tickets before leaving for the concert.

“She [‘Andrea’s’ daughter] is sitting there all dressed and we’re all dressed and you’ve got people going, ‘Has he rung you? Has he phoned you? Have you text him? Has he text you back?’ It’s really stressful because you’re just going, ‘No’, and then you feel like an idiot.”

Initially, ‘Andrea’ assumed something had gone wrong and began chasing the man for a refund, texting him to say the tickets never arrived. It was at this point ‘Andrea’ realised she had been defrauded and would not get a refund from the man.

“I was fuming that we didn’t go to the concert, but I did think that I would get my money back.”

‘Andrea’ decided to contact her friend who had recommended the man, her friend was shocked at what had happened and told ‘Andrea’ she had purchased tickets from the man in the past without a problem. ‘Andrea’, feeling she had been a victim of fraud, decided to seek legal advice through a solicitor in August 2022. The solicitor advised ‘Andrea’ she could open a dispute resolution with the man and take him to small claims court, and was firm with ‘Andrea’ that she was unlikely to get any money back from the bank. ‘Andrea’ decided to report the incident to the bank anyway, as she felt there was no harm in trying.

Upon contacting the bank, they opened a case and gathered information from ‘Andrea’ alongside her bank statement before forwarding her to the fraud team. The fraud team investigated the case and within a day provided ‘Andrea’ with a full refund. The fraud team at the bank also gave ‘Andrea’ some advice on what to look out for in the future, and tips such as paying with PayPal or with a credit card instead. The fraud team at the bank advised ‘Andrea’ to also contact Action Fraud and report the incident. ‘Andrea’ felt very positive about her experience with the bank and felt they could not have handled it better.

“They were really, really good. I was really upset at the time, so they just diffused the situation, calmed me down and gave me advice going forward actually, just said what to look out for.”

On the advice of the bank, ‘Andrea’ contacted Action Fraud online and filled in a form. Afterwards she received a confirmation email from Action Fraud but had no further correspondence with them. ‘Andrea’ thinks it would have been useful to speak to Action Fraud more about the man who had committed the fraud to help stop him from doing something like this again.

Despite not discussing the incident further with Action Fraud, ‘Andrea’ felt she had a positive experience and a successful outcome, and hoped that she had provided enough information to both the bank and Action Fraud to stop the man from victimising anyone else. Particularly, ‘Andrea’ feels the moment she contacted the bank and received support, the impact of the experience lessened and she no longer felt stressed.

“The bank were incredible, they never made me feel like I’d messed up or made a mistake or that any of it was my fault… I never actually felt at any point that they were actually implying that I’d done anything wrong. They were really supportive, really fast at getting it nipped in the bud.”

7.4 Case study 4 – Cyber crime and online harassment

‘Luke’, a man in his late thirties, worked for an estate agent company alongside his partner. After working for the estate agent for over a year, ‘Luke’ decided to leave feeling he was not making any progress in his role. He resigned on 28 April 2022 and left the company. A week later, his partner, who still worked for the estate agent started receiving harassing emails from an unknown sender, using ‘Luke’s’ old work email address. The emails included malicious comments about personal details and family matters.

Over the next 6 weeks, ‘Luke’s’ partner continued to receive malicious emails daily which resulted in them taking sick leave from work due to the stress and anxiety. In June 2022, ‘Luke’ decided to use a bot and online fraud protection company to track the IP address of the anonymous sender. This was when ‘Luke’ discovered the emails were being sent by a senior official within the company who had accessed his work email account without permission. ‘Luke’ contacted the company, providing evidence of the email abuse, but they refused to acknowledge ‘Luke’s’ complaint.

At this point, ‘Luke’ decided to contact the local police and report the incident.

“I got the police involved and uploaded all the data to West Yorkshire Police. A PC took a full statement over the phone and then decided that it wasn’t worth the Crown Prosecution Service’s time to pursue it because they deemed it to be a minor offence.”

‘Luke’ felt surprised the police were not going to pursue the incident, and felt a loss of trust in the police, especially as the police told him the matter was not in the public interest. ‘Luke’ was told that his case would not go to Action Fraud:

“They said what he’d done was computer misuse, and an abuse of power at work, which wouldn’t have been for Action Fraud.”

Both ‘Luke’ and his partner suffered from depression and stress because of the incident and felt helpless. ‘Luke’ felt the impact of the incident was greatest in June and July 2022 when the emails had continued for several months. Eventually, in December 2022, ‘Luke’s’ partner resigned from the company because of the stress.

Since reporting to the police in June 2022, ‘Luke’ and his partner have been pursuing the incident privately, intending to have the perpetrator prosecuted, as ‘Luke’ feels he has sufficient evidence of who was sending the emails. In early 2023, the individual resigned from the company and, in a grievance document before they left, admitted (according to ‘Luke’) to having sent the emails. ‘Luke’ has contacted the Information Commissioner’s Officer (ICO) and The Advisory, Conciliation and Arbitration Service (ACAS) for support with his case.

‘Luke’ was not offered any support with the incident by the police or other organisations, and felt that the only way he has been able to overcome the mental impact of the incident was by making progress privately with the ICO and ACAS. The main support ‘Luke’ wished he had access to was step-by-step guidance that clearly explained the processes a person could follow to report their incident rather than having to seek out the information himself.

Glossary

Term Definition
Action Fraud (AF) Action Fraud is the national reporting centre for fraud and cyber crime. It collects reports about fraud and cyber crime on behalf of the police in England, Wales and Northern Ireland.
National Fraud Investigation Bureau (NFIB) The National Fraud Intelligence Bureau (NFIB) sits alongside Action Fraud within the City of London Police, which is the national policing lead for economic crime.
National Economic Crime Victim Care Unit (NECVCU) The Action Fraud National Economic Crime Victim Care Unit (AF-NECVCU) is a team of specialist advocates working within the City of London Police that supports vulnerable people who have fallen victim to fraud and cyber crime, with the aim being to make them feel safer and reduce the possibility of them becoming a repeat victim. It is the first unit in the country to provide a bespoke service to victims of economic crime.
Cifas Cifas is a fraud prevention service in the United Kingdom. It is a not-for-profit membership association representing organisations from across the public, private and voluntary sectors. Cifas states its mission is ‘to detect, deter and prevent fraud in society by harnessing technology and working in partnership’.
Computer Misuse Act 1990 (CMA) The Computer Misuse Act 1990 (CMA) is the main legislation that criminalises unauthorised access to computer systems and data, and the damaging or destroying of these. The Act has the intention of protecting the integrity and security of computer systems and data through criminalising access to them, which has not been authorised by the owner of the system or data.
Hacking Hacking is the act of compromising digital devices and networks through unauthorised access to an account or computer system. Hacking is not always a malicious act, but it is most associated with illegal activity and data theft by cyber criminals.
Malicious software Malware, or malicious software, is any program or file that is intentionally harmful to a computer, network or server. Types of malware include computer viruses, worms, Trojan horses, ransomware and spyware.
Cyber crime Cyber crime involves gaining unauthorised access or causing damage to computer systems, internet-enabled devices, or the information held on those devices. Examples include hacking or accessing computer systems or data without permission, such as an individual’s banking, email or social media accounts, or the disruption and infection of computer systems, such as a phone or laptop with malicious software (ransomware, malware, for instance).
  Cyber crime can be used to gain access to online accounts or devices to commit fraud or other crimes. Therefore, victims may have experienced both cyber crime and fraud.
Fraud Fraud occurs when a person acts dishonestly, with the intent of making a gain (often financial), at the loss of another. Fraud can happen online, offline or through a combination of both online and offline activities.
Online fraud Online fraud refers to fraud committed using the internet/social media (including WhatsApp). Examples include tricking victims into giving personal information after clicking on a link to a website, obtaining money, payment details or sensitive information from victims online, including fake dating profiles and fake investment opportunities, stealing money from a victim’s online banking account, and selling fake goods or services online.
Offline fraud Offline fraud is the act of gaining a dishonest advantage, often financial, over another person in a face-to-face setting (for example, at the doorstep, in a victim’s home) or via the phone (including through SMS text messages). Examples include obtaining money, payment cards or sensitive information from victims, in person or over the phone, and selling fake goods or services in person or via the phone.

Appendices

Appendix A: Supplementary detail on methodology

The Study Team conducted a desk review of academic literature, grey literature, and unpublished research on cyber crime and fraud reporting. The desk review sought to provide context to the research objective outlined in this study but also a) further understand the scale and diversity of the reporting landscape for cyber crime and fraud, and b) identify the links between cyber crime and fraud, as well as other offences.

To achieve these aims, the Study Team reviewed literature published after 2015 and conducted in the UK or with evidence focused on UK cyber crime and fraud policy. Literature included in the desk review was focused on the victim landscape, the process of victimisation and impacts, and the reporting process or decision not to report. In total, the Study Team reviewed 15 pieces of literature for this research.

Interview data was used to identify if each victim had experienced further crime types, based on the definitions provided by the Home Office. Table A1 below illustrates the occurrence of different types and examples of cyber crime and fraud among interviewees. By doing this, the analysis provides a more nuanced categorisation of the crime types victims had experienced.

Table A1: Final sample and types of incidents included in the report (by crime type)

Crime category Crime type Example Occurrence amongst sample
Cyber crime My device was infected with a computer virus or other malware For example, laptop was acting strangely, unable to access documents/ applications. 5
Cyber crime Someone accessed my online accounts without my permission Online bank account, PayPal or Amazon account being hacked. Fraudulently obtaining login details for one account and using details to log onto other online accounts. 21
Cyber crime Someone accessed my personal devices without my permission For example, laptops and personal devices hacked into remotely and used to access online accounts. 2
Cyber crime Someone denied me access to files on my device and asked for money to release them Ransomware attack, blocking access to laptop/encrypting data and asking for money. 1
Online fraud I lost money as a result of clicking on a bad link on an email/website For example, receiving a link from PayPal or bank asking to update details via email or WhatsApp 3
Online fraud I unknowingly bought fake or counterfeit goods online or made online purchases that did not arrive Purchases made through eBay, Facebook Marketplace, or social media that were fake or did not arrive. 8
Online fraud I was tricked or deceived into giving or donating money or goods to an organisation or person online. This includes sending money to a fraudster pretending to be a legitimate recipient Fraudsters pretending to be a bank, online payment service, or internet provider online. 8
Online fraud I lost money or data as a result of fraudsters gaining access to my online banking account or card details Online bank account, PayPal or Amazon account being accessed by fraudsters. Card or PayPal details being used to make unauthorised purchases online or payment transfers. 23
Online fraud Other Crypto scam 2
Offline fraud I lost money, data or property to someone acting fraudulently in a face-to-face setting or via phone (including SMS) Providing banking details over the phone to fraudsters pretending to be internet provider. Parcel delivery or courier scams sent via SMS. 10
Offline fraud I unknowingly bought fake or counterfeit goods in person or over the phone, or made purchases over the phone that did not arrive Buying fake tickets to an event or other goods such as laptops or cars that were fake or did not arrive in person or over the phone. 2
Offline fraud I was tricked or deceived into giving or donating money or goods to an organisation or person through deception in person or via the phone Donating money to fraudsters pretending to be a legitimate charity. 4

Appendix B: Ethical considerations

Ethical consideration when engaging with victims of crime

As is standard practice, the research was supported by Ipsos UK’s internal Ethics Group.

Strict ethical procedures were embedded in the research project to ensure the welfare of all involved, particularly the victims of cyber crime and/or fraud. These included gaining informed consent and identifying and removing barriers to participation.

Prior to interviews, participants were given an information sheet, privacy notice and consent form clearly outlining the purposes of the research, what the research involved, details on confidentiality and anonymity, the possibility for publication and the contact details for the research team to help answer any questions.

At the point of the interview, the researcher used the introductory section to reiterate the key points about the research and gave them the option to opt out and ask further questions about the research.

Enabling participation

This included:

  • explaining at the start of each interview what will be covered and the potential for distress, and checking participants are comfortable discussing these topics
  • reiterating to participants the voluntary nature of the interview and that taking part in the research does not affect their eligibility for support/relationship with the organisation that may have made them aware of the research
  • offering a flexible approach to interviews, for example, by allowing for face to face, online or telephone interviews and offering participants the opportunity to take breaks from the discussion if needed
  • ensuring Ipsos’s disclosure policy was clear in all relevant research materials and informing participants of the necessary steps in the unlikely event they were to disclose details of serious harm
  • providing participants with a support information leaflet with links and contact details for services and support if the interview has prompted feelings of distress or concern

  1. At time of writing, Action Fraud is being replaced with an improved national reporting service and work is underway with the City of London Police (CoLP) to carry out this transformation. The new service will use the latest technology to improve reporting tools and support services for victims, providing far greater intelligence to policing for investigations, and allowing for greater prevention and disruption at scale. A number of improvements to the existing system have already been put in place to improve the victim reporting experience and the quality and timeliness with which cases are sent to police forces for action. The new service will have a phased launch into 2025. 

  2. The findings from this scoping phase are not included in this report. 

  3. Please note that participants recruited via Action Fraud did not undergo additional screening and were not asked how affected they have been. 

  4. Action Fraud can be contacted by phone on 0300 123 2040 or on their website

  5. Since this research was conducted, NECVCU has been expanded to ensure consistent support for victims of cyber crime and fraud across England and Wales. 

  6. Mandatory reimbursement for money lost through Authorised Push Payment fraud over the Faster Payment Service was introduced by the Payment Services Regulator in October 2024. 

  7. Operational guidance from the FCA sets out a number of internal steps for organisations to follow. 

Back to top