Cyber-Fraud in the UK Debate

Full Debate: Read Full Debate
Department: Home Office
Tuesday 25th May 2021

(3 years, 6 months ago)

Westminster Hall
Read Full debate Read Hansard Text Read Debate Ministerial Extracts

Westminster Hall is an alternative Chamber for MPs to hold debates, named after the adjoining Westminster Hall.

Each debate is chaired by an MP from the Panel of Chairs, rather than the Speaker or Deputy Speaker. A Government Minister will give the final speech, and no votes may be called on the debate topic.

This information is provided by Parallel Parliament and does not comprise part of the offical record

Chris Elmore Portrait Chris Elmore (Ogmore) (Lab)
- Hansard - -

I beg to move,

That this House has considered cyber-fraud in the UK.

It is a pleasure to serve under your chairmanship, Mr Dowd; I did not know that you had joined the Panel of Chairs, so I am particularly glad to see you in the Chair.

I am grateful that this important issue was successful in the ballot, affording us a golden opportunity to keep up the pressure on the Government to take this issue and its real-life consequences seriously. We have heard in recent weeks and months from a growing number of colleagues from across the House who have voiced concerns about the scale and scope of this problem, clearly illustrating that this is by no means a constituency-specific issue.

Cyber-fraud impacts us all, and failure to address it at the root risks undermining both our national security and our personal safety. Simply put, it is as real a threat to the weekly online shop as it is to national security. It respects no boundaries and views every home and institution as fair game. It poses a clear and present danger to each and every one of us.

However, tackling cyber-fraud will require grit and determination, and a steadfast refusal to roll over to powerful online platforms that believe they are untouchable. We must remember that their bark is worse than their bite. They know that if one Governments succeeds in implementing real change, more will follow. And we need that one Government to be the UK Government.

The British public are now more likely to experience fraud than any other type of crime and the scale of cyber-fraud in particular is growing exponentially. It is no longer enough to promote public awareness campaigns about not giving out bank details or ignoring unsolicited text messages. We need a substantial and co-ordinated response from financial institutions, Government and law enforcement. The country needs a standardised response and reporting mechanism, so that we can shape a set of established norms and expectations, making reporting easier, alongside tracking reports and timeframes for action.

The Government have said that if something is illegal offline, then it is illegal online. This is a principle that I am sure all colleagues can agree with, but, as is so often the case, we have seen little evidence that the rhetoric is being matched by regulation.

The covid pandemic has shaken our economic foundations to the core. It has also significantly undermined the capacity of many people, businesses and organisations to cope with unforeseen financial costs. All of us in this room will have examples of the rise of online financial scams in our communities. I receive information about new scams faster than I can publicise them to constituents. This is followed by stories of people forced into financial hardship as a result of losing money to these scammers, all of which is truly heart-breaking. People are not falling for these scams because they are naïve; they are being tricked by schemes that are astonishingly sophisticated, aping the look, feel and processes of the legitimate enterprises that they are impersonating.

Economic criminals and scammers employ myriad methods to extract funds from consumers. However, since covid-19 one particular method known as brand cloning scams has become more widespread. Criminals target retail investors looking for investment opportunities online through paid-for advertising on sites such as Google and Facebook. These adverts direct victims to fake price comparison websites, or to the cloned website of a well-known and respected investment manager.

This also creates the untenable situation whereby multi-billion dollar corporations, which own and run the platforms where adverts are posted, profit not only from promoting scams but from the Financial Conduct Authority, which pays for adverts warning consumers against the very same scammers. This has created a perverse incentive; platforms have a financial incentivise not to take proactive steps to block fraudulent adverts.

As many Members in this room will know, I have spoken out against the idea of self-regulation for some time. Why would companies proactively prevent the adverts they are being paid to host? It is a case of the fox not only being paid to guard the hen coop but being given free on-site accommodation too.

The scale of this issue grew exponentially during 2020. The Investment Association recently published statistics showing that the total number of reported incidents of this scam alone may have quadrupled from approximately 300 incidents in July to 1,175 by October. This resulted in estimated total reported losses to savers from these scams more than doubling from approximately 4 million in July to 9.4 million by October, with over 200 victims losing money. There is no depth to which these criminals will not stoop.

Over the course of the pandemic, we have seen an explosion in NHS scams. From antibiotics to testing, vaccines to health insurance, scammers have continued to find ways to harness people’s fears and concerns to devastating effect. The NHS in England has teamed up with police and other agencies in a campaign to warn the public about these scams. Text messages are linked to booking sites that mimic the NHS sites and ask for personal details, including bank details. These bank details are then passed on and used to buy goods online.

While people have been warned that the NHS will never ask for bank account details, PINs or passwords and will never arrive at your home unannounced or ask for identity documents to be sent away, we still have all heard the stories, particularly of elderly people, being conned out of significant amounts of money. Preying on the scared and vulnerable in our society is utterly reprehensible, but it is part of a wider theme of the unpreparedness of Government to deal with the challenges that arrive.

The reality of online fraud is likely to be much greater as not every loss is reported and there is a known disconnect between the amount of fraud and reporting to agencies. Action Fraud recently commented that in 2020 overall it saw 19,000 reports of investment frauds across all categories. These are, of course, only the cases reported. We have to get rid of the stigma of falling victim to a scam so that more people are persuaded to come forward and report fraud.

Another increase we have seen during the pandemic is home working, which has become a necessity for many people. Many businesses and employees are considering a hybrid working pattern once restrictions are fully eased. Many have understood that, although home working brings with it some downsides, particularly for those who can easily be tempted to log in after hours, there are many upsides, including greater flexibility for those with other responsibilities, money saved on the commute and greater comfort. But there are vulnerabilities for business and Government that need to be addressed. Domestic wi-fi and email systems do not usually have the same security as business-operated networks. Business networks should not be the only ones protected by cyber-security. It is people who are often the target of cyber-criminals, and it is people as a whole we should be protecting.

Hybrid working is a natural extension of the increased importance of the internet in our professional and personal lives, and the hybrid nature of our lives needs to be recognised in legislation. If the Government refuse to act and upgrade our analogue legislation, businesses and workers will continue to be at risk of fraud.

In February, the Royal United Services Institute for Defence and Security Studies published its occasional paper on the topic of cyber-fraud, “The UK’s Response to Cyber Fraud: A Strategic Vision”, which notes that the UK economy loses an average of £190 billion every year to fraud, and that the majority of UK fraud now involves internet-based scams. Despite the commitment in the 2019 Conservative party manifesto to the creation of a new national cyber-crime force, the Government’s approach to tackling cyber-fraud can be described as an “alphabet soup”, according to the writers of the RUSI report. They gave a number of key recommendations for Government priority action, but I have highlighted the three that I think are most important as we work to make tackling cyber-crime a priority.

First:

“The National Crime Agency…should publish comprehensive guidance for private sector organisations on how they can lawfully assist law enforcement in preventing and investigating cyber fraud through information sharing.”

We have to change the cultural view that companies must protect their information at all costs, even to the detriment of colleagues, customers and wider society. A regulatory framework is needed not only to protect prospective victims of crime but to ensure that companies are clear about their responsibilities to support the prevention of crime and investigations. We need to face cyber-criminals united, and we must use all the resources we can muster.

Secondly, there needs to be a large-scale development of skills and capabilities within our public sector. There needs to be large-scale training across police forces to help them deal with the huge increase in cyber-crime in our public institutions; to ensure that they have the knowledge to deal with the cyber-threat. The Government need to harness the knowledge in our universities and research agencies, and if necessary work in partnership with those who have the requisite cyber-intelligence—for example, RUSI. We have the expertise and ideas, and we now need to bring that together to develop resilience within our institutions.

Thirdly:

“The Home Office should provide increased resourcing for the National Economic Crime Victim Care Unit to ensure that the service can reach a wider range of residents in more force areas.”

We also need to think about how we reach people. It is obviously important that we reach young people and educate them on the dangers of the internet, the way people can target their victims, and how they are easily reached in schools and educational settings. We should not forget everyone else, particularly older people, for whom the internet is a completely alien landscape, where they have not learned to mistrust the communications from “the bank”, “the Post Office” or, recently, “the NHS”. Although resources to look after victims of crime are important, we also need resources to prevent people from falling victim in the first place.

We stand at yet another turning point in politics and our society. Covid has exposed elements of our society that we cannot be proud of. The inequalities exposed by the pandemic should shame the Government, but they provide us with motivation and a point at which we can recognise the problems and act on them. Online shopping, already expanding before the pandemic, has been turbo-charged. However, with this boost must come responsibilities and a duty to society from the online retailers. We have seen that scams impact not only the wellbeing of their victims but also that of those they impersonate. Online retailers and companies must contribute to their own security through taxation. We in real life, as it were, contribute to our physical wellbeing through taxes, paying for police officers and doctors. The online world must contribute to its wellbeing and that of its customers.

The main problem identified by the RUSI report was the number and diversity of stakeholders involved across sectors, from Government authorities to law enforcement, from financial institutions to private sector industry, and from cyber-security companies to IT companies. Everyone in this interconnected and technological world has an interest at stake. We need clarification on which Department leads on cyber-security and internet safety.

Then there are the quangos. Of course, internet infrastructure relating to national security will have a whole level of security. Although we do not expect our business or private systems to be protected to the level of GCHQ, the ambiguity of life on the internet these days and the host of immersive tasks that we now complete online must come with the requisite protection and guidance. That requires a clear delineation of responsibilities for all involved.

For too long, the Government have been complacent about the dangers of increased internet usage, with analogue laws in a digital age. Far too much leeway is given to social media platforms. Yes, we need to protect freedoms of expression, but we also need to protect people against criminal elements who operate in this online wild west to cause harm. False advertising is illegal. Impersonation to extract financial gain is illegal. Theft, whether in real life or online, is illegal. We needed an Online Safety Bill that would have protected people, not one that merely hints at what is considered immoral. Sadly, this is not the Bill we will be seeing in the coming months.

The Minister will no doubt set out how the Bill will be the best thing since sliced bread, how it is world leading. I understand all of those things, but two years on the Bill has made very little progress and we are now going to pre-legislative scrutiny. Two years ago, it was very positive and progressive, but now other countries are taking the lead around the world. We need to know what the reluctance to act continues to be and why the Government are still delaying. It is important that, as we tackle fraud, we put our communities, children and businesses, which are at risk of cyber-fraud, first.

--- Later in debate ---
Chris Elmore Portrait Chris Elmore
- Hansard - -

I thank the Minister for his response. As we move into pre-legislative scrutiny for the online harms Bill, I hope that there will be broader scope for tackling fraud. I am grateful to the Minister for Digital; I was one of those who lobbied for that change, and I am grateful to her for engaging, but the Bill is still too narrow in its scope around individuals and fraud, and how platforms will respond.

I am grateful to all hon. Members who have taken part today, including the shadow Minister, my hon. Friend the Member for St Helens North (Conor McGinn), and the SNP spokesperson, the hon. Member for North Ayrshire and Arran (Patricia Gibson), for their support for ensuring that the Government do more on tackling the increased threat of fraud in the UK.

It is important that, if additional legislation is needed, the Minister tackles that in the coming months. If he does not, the pandemic of fraud will only get worse. It is truly important that the Government respond in a positive way. Too many people are losing out. Too many people are losing their livelihoods. In some cases, people are taking their own lives. As decision makers and legislators, we have to acknowledge that in the months rather than years ahead.

Question put and agreed to.

Resolved,

That this House has considered cyber fraud in the UK.