Cifas: fraudsters using AI pushed the number of fraud cases in Britain to a record 444,000

The British market is facing a new wave of digital fraud: according to anti-fraud organization Cifas, the number of confirmed cases in the national database has reached a record 444 thousand per year. The main accelerator — accessible AI tools that help criminals attack ordinary users faster and more convincingly.

Record growth in attacks

For Cifas, this statistic has become a signal that fraud has ceased to be a collection of scattered schemes and increasingly resembles a scalable service. If criminals previously had to spend time preparing emails, messages, and narratives for each scenario, now a significant portion of this work can be automated. As a result, not only the number of attempts grows, but also the number of cases where criminals succeed in intercepting access to mobile numbers, banking portals, and accounts in online stores.

The danger is that the victim often encounters not a crude forgery, but a very plausible contact. A message from a "bank," a letter about a delivery problem, or a request to confirm login can look convincing enough for a person to voluntarily provide a code, password, or other access key. Against this backdrop, the record of 444 thousand cases looks not like a spike, but a sign of systemic shift.

For the market, this is already a new baseline risk.

How AI helps

Cifas links the growth to the fact that generative models have made deception cheaper and turned it into a mass phenomenon. AI makes it possible to quickly generate variations of the same scenario, adapt the style to a specific service, and release large volumes of messages without noticeable loss of quality. For criminals, this is especially valuable where it's necessary to build trust in seconds: during account recovery, identity confirmation, or when moving the conversation into "urgent" mode, when a person acts on autopilot.

"AI makes it possible to scale deception to an industrial level"

• mobile accounts and SIM services
• banking portals and payment applications
• online store accounts
• password recovery processes

For account-takeover schemes, AI is convenient because it helps overcome the most sensitive stage — the initial contact. There is no need to technically hack the victim: it is enough to convince them to confirm an action, click a link, or reveal login details. When such scenarios are launched on a large scale, even a small percentage of successful attacks turns into a noticeable stream of compromises. This is precisely why services where users are accustomed to quickly responding to notifications are particularly vulnerable.

Why defending is harder

The problem is not just in the number of attacks, but in lowering the barrier to entry for fraudsters themselves. What previously required copywriting skills, social engineering knowledge, and time for manual preparation, now is partially assembled by ready-made tools. Because of this, fraudulent campaigns become faster, cheaper, and more flexible: the text can be rewritten for a new brand in minutes, and the scenario can be adapted to a bank, telecom operator, or shop.

The user sees a familiar tone and customary wording, so it becomes increasingly difficult to recognize the risk immediately. For financial and e-commerce services, this means additional load on anti-fraud systems and support. It is no longer enough to simply filter templated emails or block obvious phishing domains: attacks become more varied, meaning they pass through old rules better.

For the ordinary user, the main risk is that compromising one account often drags along the next ones — from the phone to the bank and purchases. Old defense scenarios are already insufficient.

What this means

The story with a record 444 thousand cases shows that AI amplifies not only useful services but also criminal tools. Businesses will have to invest in smarter checks and customer education, while users need to treat any "urgent" request for codes, passwords, and login information as a potential attack.