A walkthrough of the verified figures — losses, demographics, reimbursement, and the reporting gap that hides the true scale
Published 8 May 2026 · ScamSupport research · ~14 minute read
Headlines about UK fraud usually move in one of two directions: doom-laden ("epidemic of scams") or reassuring ("losses fell this year"). Both pictures can be drawn from the same data, depending on which slice you choose. This piece walks through the verified figures — from UK Finance, City of London Police, the Office for National Statistics, and Cifas — with no editorial pressure to dramatise or downplay. The goal is a clear, current map of what's actually happening: how much money is being lost, who's losing it, what's rising, what's falling, where the reimbursement system is helping, and where the reporting gap hides the rest.
Wherever a number appears below, the source is named in the same paragraph and linked at the end. None of the figures are extrapolated or smoothed. If a statistic feels surprising, follow the link and check it yourself.
UK Finance's Annual Fraud Report 2025 — the industry's authoritative source on losses suffered by banking customers — confirms £1.17 billion stolen in 2024, the fourth consecutive year above the £1 billion threshold. The number combines two categories the industry tracks separately: unauthorised fraud (where criminals access accounts directly, e.g. via card or credential theft) at £722 million, and authorised push payment (APP) fraud (where the victim is tricked into authorising the payment themselves) at £450.7 million.
For 2025, only first-half data is available so far: UK Finance reported over £600 million stolen in H1 2025 alone, putting the full-year figure on track to match or exceed 2024. The first-half number alone exceeds the total annual losses of any year before 2020.
Beyond banking-channel losses, City of London Police reported in April 2026 that UK victims lost £879.8 million to investment fraud in 2025 — an average of £2.4 million a day, equivalent to £1,675 lost every single minute. Investment fraud is the standout growth category, and a substantial portion of it doesn't appear in the UK Finance figures because the funds often leave the banking system through cryptocurrency rails before any "loss" is recorded against a bank account.
Cifas's Fraudscape 2025 report adds the volume dimension: over 421,000 cases recorded to its National Fraud Database in 2024, the highest level on record, an increase driven primarily by identity fraud and "facility takeover" attempts (criminals seizing existing accounts rather than opening new ones).
The two-year change tells a more interesting story than the headline level.
Authorised push payment (APP) fraud is down. UK Finance recorded a 2% fall in APP losses (£450.7m, from £460m in 2023) and a 20% drop in case volume (under 186,000 cases). This is the first sustained decline in APP fraud since the category began being tracked, and it correlates directly with the introduction of the Payment Systems Regulator's mandatory reimbursement scheme on 7 October 2024. When banks bear the cost, banks invest in detection — and the resulting fall in cases is the most important success signal in the data.
Unauthorised card fraud is up modestly. Fraud losses on UK-issued cards reached £572.6 million in 2024, a 4% rise from £551.3 million in 2023. Most of that increase comes from remote purchase fraud — transactions where criminals use card details to buy something online without physically holding the card — which UK Finance reports rose 11% in value to just under £400 million.
Romance fraud is down sharply. Cases fell 2% and losses dropped 17% to £30.5 million in 2024, the first decline in the data series. Two factors plausibly contribute: the dating apps have introduced platform-side scam detection (most romance scammers now move conversations off-platform within days, which the apps are flagging as a risk signal), and public awareness has improved markedly through campaigns like Take Five.
Investment fraud is up steeply. The City of London Police figure of £879.8 million in 2025 represents the fastest-growing single fraud category. The dominant venue is no longer email or cold calls; it's WhatsApp investment groups, Telegram crypto signals channels, and "celebrity-endorsed" platforms surfaced through fake social-media ads. The technical sophistication on offer (yield calculators, faked "live trading" dashboards, mock customer-service tickets) is unprecedented for consumer fraud.
Identity fraud is at record levels. Cifas reports identity fraud cases at the highest volume in the National Fraud Database's history, driven primarily by criminals using stolen personal details to take over existing accounts — bank accounts, mobile contracts, online retail accounts — rather than opening new ones. The shift matters because takeover attacks bypass the "new account" controls that have been the focus of identity-fraud prevention for the past decade.
The demographic data is more nuanced than the popular narrative.
Older adults (61+) account for 29% of fraud filings, the largest single age band. They are disproportionately targeted by impersonation scams — banks, regulators, government agencies, courier companies — for two reinforcing reasons. First, they hold a higher share of the country's savings and investments, making each successful conversion more lucrative for the criminal. Second, they have on average less digital fluency, which makes some technical tells (URL inspection, sender-domain checks) harder to spot. The over-61 demographic is also where bank-impersonation phone-call scams have their highest success rate.
Under-30s are the fastest-growing victim group. Cifas reports that fraud against people under 30 is the steepest growth segment in the dataset, driven primarily by social-media and encrypted-messenger contact channels. 88% of young people aged 13–21 reported encountering suspected fraudulent content online in the past year, and nearly one in three (29%) have been a victim of fraud. The dominant scam types in this age band are different from the older-adult mix: ticket scams, fake job and "task" scams on Telegram, and influencer-promoted investment platforms. Report Fraud reported a significant increase in losses from ticket scams targeting younger consumers in 2025.
Women are slightly more likely to be victims than men, and disabled people are more likely to be victims than non-disabled people. Both gaps are modest but consistent across the ONS Crime Survey for England and Wales, year after year. The disability gap, in particular, suggests that scam-prevention guidance needs to consider accessibility more deliberately than it currently does — a campaign that's only delivered through complex websites or technical jargon will reach the wrong audiences.
Barclays' Scam Trends 2025 reports that around half of UK adults experienced a scam attempt in 2025 — not necessarily a successful one, but an exposure event. Half is a striking number. It implies the question for any given person is not whether they'll be targeted but when and how often. The defensive strategy that follows is to invest in the foundational protections (password manager, MFA, the type-the-URL reflex) once, so that the response to the inevitable attempt is automatic rather than ad-hoc.
Every figure cited above understates the true scale. Three reasons compound:
Most attempts don't become losses, and most attempts aren't reported. The UK Finance and Cifas numbers are confirmed losses only. The Take Five awareness campaign and ONS Crime Survey both estimate that the typical adult experiences several scam attempts a month; only a fraction result in financial loss.
Most losses aren't reported. UK Finance's own survey work suggests reported losses are only one-third to one-half of total losses. The under-reporting is concentrated in two categories: small-value fraud that victims rationalise as "not worth the bother", and high-shame categories like romance fraud, sextortion, and investment scams targeting older adults, where the victim doesn't want family members to find out.
The reporting infrastructure has been transitioning. Action Fraud, the UK's national fraud reporting service since 2009, was replaced by Report Fraud (reportfraud.police.uk) in December 2025. The transition has caused a temporary dip in apparent reporting volume that will normalise over the coming months. Anyone trying to compare 2025 figures to 2024 should be aware that the apparent volume change includes a measurement artefact, not just a real-world change.
If you apply UK Finance's own correction factor — that reported losses are about a third of true losses — the realistic UK fraud loss for 2025 is likely in the range of £3 to £4 billion, of which roughly £1.2 billion is the visible, reported portion.
The PSR's mandatory APP scam reimbursement scheme, which came into force on 7 October 2024, has produced the clearest positive shift in the data. The headline mechanism: UK banks must refund victims of authorised push payment scams in most cases, up to £85,000 per claim. The cap was reduced from an originally proposed £415,000 before implementation, but the lower cap still covers the vast majority of consumer cases — high-value APP fraud above £85,000 is rare.
The first six months of operation, analysed by ThreatMark in March 2025, showed:
The Financial Ombudsman Service remains the free, independent escalation route for any case the bank refuses. Bank refusal rates dropped notably in the first six months — whereas pre-2024 a substantial fraction of APP fraud claims required Ombudsman intervention to recover funds, the scheme has shifted the default toward in-bank resolution.
The honest caveat: reimbursement is a recovery mechanism, not a prevention one. The fastest-growing fraud categories (investment fraud, identity-takeover) sit largely outside the APP framework. Investment fraud, in particular, is structured to look like a legitimate transaction the customer chose to make — the criminal vanishes after the funds have been moved through several legitimate-looking platforms — and reimbursement claims here often fail.
The UK fraud-prevention apparatus has a structural lean toward post-incident response. The Take Five campaign delivers excellent guidance for people who already think they might be being scammed; reportfraud.police.uk handles reports after the loss; the PSR scheme handles refunds after the report. Each of these works well within its remit, but together they leave a gap on the prevention side.
The most consistent finding across multiple datasets — UK Finance's APP scam analysis, ONS Crime Survey, the Cifas Fraudscape series — is that the protective behaviours that actually defeat modern fraud (a password manager that won't auto-fill on lookalike domains; multi-factor authentication; the habit of typing URLs rather than clicking links) are not yet widely adopted in the UK adult population. Individual conversations with vulnerable family members, set up at zero cost in 30 minutes, do more to prevent scams than any awareness campaign of a similar budget.
If you've reached this point in the article and you have parents, in-laws, or older neighbours, the highest-leverage thing you can do this week is to install a password manager on their phone, set up MFA on their email and primary bank account, and walk through the four universal red-flag check (urgency, sender mismatch, off-platform action, mismatched relationship) with two or three real examples. The dataset above is unsentimental about who's getting hurt, and it's people who don't have those defences in place yet.
Five conclusions, each grounded in the evidence above.
1. The threat is structural, not exceptional. Half of UK adults experiencing a scam attempt in 2025 (Barclays) means the question isn't whether you'll be targeted but when. Build the defences once, not after the first attempt that nearly works.
2. The reimbursement framework is real and material. If you're caught by an APP scam (you authorised a payment under deception), you have a strong legal entitlement to refund up to £85,000. Banks are required to investigate and pay rather than refuse by default. If a bank refuses, escalate to the Financial Ombudsman — it's free.
3. The big growth area is investment fraud, mostly via WhatsApp and Telegram. If a friend, family member, or social-media contact starts talking enthusiastically about a trading platform you haven't heard of, the strong prior is that it's a scam. Check the FCA ScamSmart warning list before any deposit. If the platform isn't FCA-authorised, walk away.
4. Demographic targeting is real but the defences are universal. The patterns that work for an over-61 (impersonation, urgency, authority) and an under-30 (job/task scams, ticket scams, investment groups) look different, but the protective behaviours are the same: password manager, MFA, type-the-URL, four-point red-flag check. Don't let the demographic differences obscure that the same five things help everybody.
5. The reporting gap means our personal experience is undercounting. If someone you know has been scammed, the realistic priors are that they aren't the only person you know it has happened to — just the one who told you. Treat the topic with the seriousness the headline numbers suggest, not the seriousness of the conversation count.
Each captures a different slice. UK Finance covers banking-channel losses (its members are the major banks); City of London Police covers fraud reported through the national service it operated until December 2025 and which is now Report Fraud; ONS conducts the Crime Survey for England and Wales, which estimates total fraud experience including unreported incidents. No single source has a complete view, and only by triangulating do you get a realistic figure.
It's an inference, not a published number. UK Finance's own surveys consistently suggest reported losses are roughly one-third to one-half of true losses; multiplying the visible £1.17 billion by 2.5–3.5x produces the £3–4 billion estimate. The exact multiplier is uncertain; the order-of-magnitude conclusion (true UK fraud losses are in the low billions per year) is well-supported across multiple research bodies.
Roughly comparable per-capita to the US, where the Federal Trade Commission's most recent report puts annual reported consumer fraud losses at $10 billion across a population five times larger than the UK's. Both economies have seen sustained increases since 2020. Australia and Canada are in a similar per-capita range. The UK figure isn't unusually high or low; it's simply a representative slice of a global problem.
The published six-month review from independent analyst ThreatMark and the PSR's own monitoring data show refund rates substantially higher than pre-scheme levels. Anecdotal reports of refusals still appear, but each case has a free escalation route through the Financial Ombudsman, and the burden of proof has shifted toward the banks. If a UK bank is refusing an APP scam refund and you believe you qualify, escalating to the Ombudsman is the straightforward next step.
UK Finance publishes its half-yearly press release on its fraud data page; the Office for National Statistics publishes Crime Survey for England and Wales updates quarterly at ons.gov.uk; Cifas publishes the annual Fraudscape report each spring at cifas.org.uk. Each is free and authoritative.