Cifas’ Fraudscape 2025 six-month update confirms what many in the industry are already experiencing: fraud remains a growing challenge.
In the first half of the year, more than 217,000 cases were filed with the National Fraud Database (the highest number ever recorded and a slight increase on the same period last year). Identity fraud continues to dominate with over 118,000 cases, while account takeovers exceeded 38,000. Perhaps most notable is the 35% rise in misuse of facility filings, which points to changes in how accounts are being exploited.
In this blog, I’ve shared my reflections on the key findings, what surprised me in this year’s report, and where I believe the industry needs to focus its attention for the rest of 2025.
Why overall fraud volumes are still rising
The most obvious takeaway from the report is the sheer volume of cases. In the first half of 2025, over 217,000 filings were made to the National Fraud Database, a 1% increase on the same period last year and the highest figure ever recorded. Three areas stand out in particular: identity fraud (118,000 cases), account takeover (38,000 cases), and misuse of facilities (51,000 cases).
From my perspective, several factors are driving this sustained upward trend. The rise of AI has made targets far more accessible for criminals, and with data being stolen at increasing rates, and available cheaply, it creates the perfect melting pot for fraudsters to exploit. While organisations are sharing more intelligence, criminals are adapting faster.
What surprised me in the latest Cifas findings
What genuinely surprised me this time was the scale of SIM-swap and account takeover activity. The preference for hijacking live, trusted accounts over creating fake ones is significant. It’s riskier for victims and harder for banks to detect, because the account already carries a transaction history and a level of customer trust.
SIM swaps are especially concerning as they highlight a major vulnerability in telecom processes. Since SIM swaps can bypass SMS-based two-factor authentication, they directly increase the risk of account takeovers and APP scams.
Why identity fraud filings are changing
The report shows more than 118,000 identity fraud cases in the first half of 2025, still the single largest fraud category. While filings are down 7% compared with the same period last year, I fear this doesn’t reflect real progress. Instead, it looks more like a tactical move, with criminals favouring account takeovers of existing, trusted accounts over the creation of new fraudulent identities.
Why younger victims and certain sectors are seeing increases
The underlying detail tells a different story. Insurance filings rose by 25%, largely linked to impersonation for motor policies, while public sector filings almost doubled. Victims in the 21–30 age range also saw a sharp rise, particularly in plastic card fraud, where filings increased by 17%.
This shows that while overall volumes have dipped, criminals aren’t retreating. They are adapting. Oversharing of personal data online leaves younger people especially exposed, and new sectors are being tested as opportunities.
Why telecoms are a prime target for account takeover
Account takeover filings stayed steady overall at just over 38,000 cases in the first half of 2025. But beneath that stability lies a major change: telecoms-related cases surged to 26,166, up 73% on the same period last year. That means almost seven in ten account takeovers now involve telecoms.
That’s because mobile phones have become the gateway to everything else. If fraudsters gain access to someone’s mobile account, they can bypass two-factor authentication and potentially access the victim’s financial services too. On top of that, mobile contracts make it easy to order additional high-value devices, which are resold quickly for profit.
Why SIM swaps and underreporting are a growing concern
The report also points to organised “mobile dealer” fraud and highlights the role of SIM swaps in enabling account takeover. SIM swaps are particularly dangerous because they undermine SMS-based security checks, making it much easier to execute APP scams or other account fraud.
There’s also evidence of underreporting, especially in telecoms. This creates a blind spot, because without consistent intelligence sharing across telcos and banks, the true scale of the problem is hard to quantify and even harder to address.
Why the victim profile is changing
Another notable change is in the victim profile. People aged over 61 now account for 32% of all takeover cases, up from 25% last year. This suggests that fraudsters are still exploiting digital natives but also targeting older groups, often through telecom-related scams where security processes are weaker.
At the same time, online retail account takeovers have dropped by 62% as controls against credential stuffing and brute force attacks improve. This reinforces the pattern of criminals moving towards sectors where defences are weaker and returns are higher.
Why misuse of facility cases are increasing
Misuse of facility has seen one of the sharpest increases in the report. In the first half of 2025, there were over 51,000 cases – a rise of 35% compared with last year. The majority of these involved bank accounts, which made up 73% of filings, driven by categories such as “funds received, conduct unexplained” and the new “funds received, money muling” designation.
For banks and payment providers, this flags one major operational risk. The surge reflects the growth of organised mule networks and the challenges institutions face in identifying them quickly.
Why younger people remain vulnerable to money muling
Cifas recorded over 16,000 cases of mule activity in H1 2025, down 17% on last year. Despite this overall fall, younger demographics remain disproportionately affected: 57% of cases involve people under 30.
Criminals are deliberately targeting this age group on platforms where they spend the most time; Instagram, TikTok, Snapchat and encrypted messaging apps. The recruitment is framed as “no risk” and dressed up as lifestyle or “side hustle” opportunities. Terms like cash-flipping or easy money make it sound harmless, and many don’t understand the seriousness or the long-term consequences of getting involved.
Education is the missing piece. Many under-30s haven’t had clear guidance on fraud risk, banking responsibilities, or the legal implications of acting as a mule. Without that baseline, it’s easier for criminals to sell the narrative that “the bank won’t care” or “it’s just a quick transfer.” Schools, universities and financial institutions all have a role to play in closing that gap.
Where current fraud intelligence has blind spots
While the report highlights clear trends, there are still areas where industry visibility is limited. For me, telecoms stands out: without stronger identity vetting, fraud-incident sharing between telcos and banks, and fast emergency processes for suspected SIM swaps or takeovers, the true scale of risk will remain underestimated. A regulator-led approach, with defined telecom security KPIs, could help address this.
Mule networks are another blind spot. Institutions can often see them only once activity has been flagged, but few are mapping recruitment channels, transactional flows and payout chains in near real time. Advances such as graph databases, which can live-stream data connections, have the potential to close this gap. Techniques like federated learning could also help organisations share intelligence on evolving fraud tactics without compromising data privacy.
What to expect for the remainder of 2025
Looking ahead, there are several risks firms should arm against:
#1. AI-enabled impersonation: Generative AI is making it easier for criminals to create deepfake voices, clone writing styles, and simulate live video calls, increasing the risk of convincing impersonation scams.
#2. Targeted recruitment of mules: Financial criminals are using social media ads and AI-driven chatbots to mass-recruit young people and vulnerable groups. Recruitment is often framed as “side hustles” or “helping out,” glamorised to look like genuine opportunities.
#3. Social acceptance of fraud: There is a growing perception, particularly among younger demographics, that fraud against financial institutions is a “victimless” crime. This normalisation is a serious concern and highlights the need for stronger public education.
Final takeaways
The data in this latest Fraudscape update underlines what many of us already know: fraud is growing and it’s adapting. Identity fraud remains the largest category, but the growth in account takeovers and misuse of facilities shows where criminals see the biggest opportunities.
Financial services firms need stronger collaboration with telecoms providers to close off the vulnerabilities that SIM swaps and account hijacks expose. We need better, faster intelligence-sharing on mule networks so they can be disrupted before funds disappear. And just as important, we need education, both in schools and through banks, that makes the risks clear and tackles the perception that fraud is a victimless crime.
Criminals are moving quickly, enabled by technology and social channels. If we want to keep pace, industry responses have to move just as fast, grounded in better data, closer partnerships, and more direct engagement with those most at risk.
Ready to take action?
At Jaywing, our Fraud Health Check helps organisations understand where they may be most exposed and how their defences compare to emerging threats. It’s a practical first step in making sure controls are keeping up with the speed and sophistication of today’s fraud tactics. Learn more here.