City of London Police AC Peter O’Doherty – key insights into the police approach to fraud & cyber crime

We met with Assistant Commissioner Peter O’Doherty, City of London Police, who has responsibility for leading the UK policing response to fraud and cyber crime.

As the lead force for fraud, Peter’s remit includes Action Fraud, the National Fraud Intelligence Bureau, the National Fraud and Cyber Crime Academy, and numerous specialist fraud investigation teams. Peter provided insight into the continuing rapid growth of the crime threats, and how the police are evolving their capabilities at a very quick pace to respond, with a shift in focus to prevention and disruption.

How would you describe today’s threat from fraud and cyber crime?

The threat is huge, complex and growing. Over half of all crime now is fraud and cyber crime and that’s reflected in the Crime Survey for England and Wales and, in my view, it is still heavily under-reported. The highest estimation of the cost of fraud is from Experian at £193 billion a year – and I believe that in reality,  it is likely to be much higher than this.

Businesses, in particular, don’t report cyber and fraud as much as would we like them to. This is for a variety of reasons: commercial sensitivities, maybe a lack of faith in the system or lack of awareness around where to report and whether the police will be interested. There is a view that policing prioritises individual victims – this isn’t as true as it used to be and policing wants to provide the best service it can for business victims. Every victim from an individual through to a large corporate deserves and needs a service. We also need to challenge the perception that if a big business is victimised they can afford it and there’s no real victim.

I’ll share one statistic to also explain how citizens are impacted when businesses lose money.  According to the Association of British Insurers, every year as a result of insurance fraud, all of our premiums go up by £50. If we assume each of the 67 million people in the UK have an insurance policy at £50 per person, that’s about £335 million a year.

Fraud and cyber crime also make a big impact on Small and Medium Enterprises (SMEs) –  there are over 5 million SMEs in the UK.  Statistics show that almost half of SMEs will go out of business following a cyberattack.

How are rapid advances in technology influencing fraud and cyber crime?

Today we know that much of our lives is largely online. There are 25 billion devices currently connected to the internet and this is predicted to be as high as 125 billion in the next five years. The Internet of Things means you can control everything from your fridge to your security system from an app on your phone. We have the evolution of smart cities where everything is digitally driven. All these changes, while providing huge improvements in the quality of living, equally provide opportunities for crime.

There is also the continued globalisation of people, goods and services and changing social norms. Many young people are now buying and using crypto currencies such as NFTs – non fungible tokens – and it’s predicted that everyone under 25 will be on the metaverse for one hour per day in the future.

How is the cost-of-living crisis making an impact on crime? 

As the economy is squeezed, people get more desperate to survive. We’ve heard the phrase ‘heat or eat’. This may push some people into difficult decisions and to start to commit low level cyber crime. It’s so easy to get hold of assets, recycled malware for example. You can carry out this crime hidden behind your computer.

Some people’s view is that keeping money in a bank now may not be the best place as the value of the pound is decreasing. So, investing elsewhere may be an option, maybe crypto assets and gold. This is a big opportunity for investment scams. Also, mortgage fraud.

It is of concern and we are monitoring it closely.

Are there changes in the threat relating to the Ukraine / Russia conflict?

With the Ukraine / Russia conflict, we see the mobilisation of tanks and troops, we don’t see as visibly the cyber warfare Russia is using to attack Ukraine, plus the groups seeing this as an opportunity to attack Russian infrastructure. Cyber is no longer just a vehicle for crime, it is also used for cyber warfare – as a way of attacking critical national infrastructure to destabilise an economy. Russia has thousands of people involved. It is a capability many countries are building.

What are the links between fraud and organised crime?

Most fraud and cyber crime is driven by organised crime networks emanating from different countries – some specific crime type threats are associated with certain countries.

The income generated as a result of fraud can be invested in other types of crime, such as importing firearms and human trafficking. There is poly criminality where gangs are involved in a plethora of different criminal activities. The City of London Police is looking to show connections for serious organised crime and encourage an understanding within policing to accept this and do more to tackle fraud.

What are the key challenges today to investigating fraud?

About 70% of all fraud offences are committed by crime networks and individuals based overseas, making investigating fraud difficult, complex, protracted, expensive, and it may not bear fruit, especially when crimes emanate from countries where we don’t have diplomatic relationships. I’m not saying that we won’t investigate and the public rightly expect us to do so, and where we can, we want to deliver visible justice, and put someone behind bars.  But this international dimension and complexity mean this may not be possible. Additionally, investigating this type of crime may not prevent further victims. So, we are now focusing our efforts more on prevention and disruption.

As an example, we saw fraud happening more and more around computer service software and service contact centres  purporting to be from Microsoft. They were contacting Windows users saying their operating system was in need of a free upgrade. The victim gave permission for the call handler to remote access their device and the criminals employed a banking trojan enabling them to steal banking details and ID. If we can identify where the contact centre is, we contact the local authorities and work with them to tackle this crime.

Additionally, we had a Microsoft specialist working with us looking at the nature of the crime and taking learning back to Microsoft to implement prevention measures. There was subsequently a big campaign on how Microsoft will never contact you and take over your device. They made changes to their customer service methodology and how they contact users.

How do the police handle fraud reports?

Any fraud against a person or business comes into the Action Fraud website or contact centre. This is submitted to the National Fraud Intelligence Bureau (NFIB) as a prime report and data washed against other feeds coming in, for example from retail banking. If there are other similar crimes, for example four victims of an investment scam from the same organised crime network, the NFIB will link them together to create a case. Then the NFIB will determine which agency or police force should own primacy and will send out the case for investigation.

Each of 43 forces has a fraud team that can investigate these crimes. As well as these local force teams, there are also regional teams with small fraud investigation teams. There are nine Regions across policing now. These were formed in recognition of the fact that terrorists and organised crime groups do not commit crime within one police force area. The City of London Police provides leadership to the regional fraud teams, with more resources being added to them all the time.

The City of London Police has fraud investigations teams for frauds committed in the City of London and also 25% of its cases are from other forces where they do not have the capacity or specialist capability. Additionally, the City of London Police has specialist units funded from outside the force. This includes an Insurance Unit, funded by the Association of British Insurers; an Intellectual Property (IP) Unit, funded by central government; and Dedicated Card and Payment Unit (DCPCU); funded by the banking industry.

For the most vulnerable victims and distressing cases, we have the Economic Crime Victim Care Unit – this gives victims of fraud prevention advice, and, in some cases, this includes detailed telephone support.

We want to strongly encourage people to report fraud. Due to the volume of crimes reported, we know the likelihood of investigation is small – but it helps us understand that crime, and helps with prevention messages and how we can stop it. If a business reports a fraud there might be ten others experiencing the same thing; that linked series case with have multiple victims and will be more likely to be investigated.

The NFIB must have considerable intelligence and expertise about fraud. How does it use this to tackle and prevent crime?

Our National Coordination Office organises action throughout the country. For example, if romance fraud is a big problem, we will identify the top 20 people carrying out this crime across the country and will work with the police forces involved to tackle this.

In addition, the NFIB uses all the intelligence it gathers to identify cyber enablers, like email addresses, telephone numbers and websites and will work with partners to take them down to stop further crimes. We look at crime trends and produce a myriad of prevention and awareness raising products.

The NFIB also hosts the National Fraud and Cyber Crime Training Academy – providing training for businesses and law enforcement on many areas, including fraud investigation and crypto currencies.

How is the response to fraud developing?

Our efforts have to be focused on early prevention. At the moment, our response to fraud is very reactive. But we are building a proactive response to identify and map these criminal networks and disrupt them before they create any victims.

We are improving the service provided by Action Fraud and by 2024, we will give business a better victim journey. I acknowledge that at the moment, even if you report to Action Fraud, most crimes are not getting investigated – although the probability is getting higher, it is still a small percentage.  We are building a proactive system with the regional teams. This will include continually increasing the capacity of our teams and replacing the technology behind the NFIB. It will be much more effective in preventing and disrupting crimes that could harm people and their businesses and should reduce victimisation.

Are you taking a similar approach to cyber crime and moving your focus to disruption and prevention?

Enforcement of cyber crime can difficult – we are chasing ghosts who use encryption and proxy services to find the person behind the crime. We do some great work and are making arrests all the time but, yes, it is becoming more about prevention. We are working with tech companies as much as possible, supporting them to make new products – hardware, software firmware – as secure as possible. It is also about understanding the threat and helping business become more secure.

Is a cyber crime report handled in the same way as a fraud report?

Yes, cyber crimes come into the Action Fraud website or contact centre and the NFIB determines where to send it next it next. For cyber crime, there are three possible layers where  an investigation could take place:

• Low cyber crime – will be allocated to the local police force cyber team, for example hacking someone’s social media account
• Middle complexity – to the regional cyber team (in the Regions)
• Complex, sophisticated, high harm – eg wannacry on NHS go to the National Cyber Crime unit (NCCU).

It’s worth mentioning that crime can come into Action Fraud or the NCCU – these groups are connected and share information on crimes and decide where it is investigated. The NCCU is system lead for cyber – a national agency under government.

There is also the National Cyber Security Centre (NCSC) – part GCHQ, who lead on the incident response for major attacks on critical national infrastructure. The NCSC and NCU respond together to an incident – and also provide awareness campaigns and education.

There are many organisations providing information on cyber crime; can you highlight some key ones?

There are currently a number of institutions and agencies like the London Cyber Resilience Centre giving advice to business. The Cyber Resilience Centres – hosted by police, working in partnership with universities and business – provide cyber crime prevention services to SMEs. Plus other agencies like the Cyber Defence Alliance, a specific service for banks, and the Global Cyber alliance, which looks at global trends and pushes out prevention messages.

Although it is good to have all these organisations with some great people working in this area, I recognise it can be confusing! Together, we are working on coordinating these and making it clearer where to go for advice. We want clear demarcation between what agency pushes out messages when, and not have a duplication of messages.

Fraudsters are becoming increasingly sophisticated about making their scams look genuine. We need to be clear and consistent in the messages we put out.

Lastly, in brief, can you list some the key new initiatives and developments in cyber and fraud to watch out for (and perhaps the topic of future articles)?

There is lots of work going to improve our response. Cyber crime and fraud are increasingly a priority for government and we are increasing capacity across policing to help increase and improve response. Some key initiatives to look out for this autumn are:

• The new fraud strategy being launched this autumn – I have worked in this space for 13 years and currently there is the highest level of interest from government
• Every local policing and crime plan now specifically mentions fraud
• The police funding in the latest spending review has increased to enable us to increase capacity in this area
• We are launching a fraud app for police officers, which provides support on where to report fraud and cyber crime and explains threats. We want every cop to understand crypto; so many crimes involve blockchain
• The Police Cyber Alarm is available to all SMEs – it captures and monitors all external threats trying to attack businesses. Captures are sent to a central point and analysts look at trends and typologies and send back to business with advice on what to do
• We have cyber dogs who can sniff out PCs and servers
• We have cyber vans we can deploy to an attack to coordinate the policing response
• In our people strategy, we are looking at ways to recruit, retain and train – people go to work in industry for more money.

Andrea Berkoff

Editor

City Security magazine

For more articles on cyber crime and prevention, see our Cyber Security Category

For more articles on City of London Police see our Police & Partnerships Category