One in five fraud victims send money to criminals via cryptocurrency

Fraud victims are falling through the cracks while criminals abuse tech, warns Which? Money
Chiara CavaglieriSenior researcher & writer

New Which? research finds that 20% of fraud victims who were tricked into sending money to criminals in the past two years used cryptocurrency, and 17% used digital wallets such as Apple Pay. 

With limited legal protection against losses, these victims are paying a heavy price while criminal gangs abuse technology, our financial systems and the wider digital world with ease. 

In June 2022, Which? Money surveyed 1,008 people who had fallen victim to fraud in the past two years and had lost money as a result. Here, we take a look at how fraud victims are targeted and the glaring holes in our defence against cybercrime.

Be more money savvy

free newsletter

Get a firmer grip on your finances with the expert tips in our Money newsletter – it's free weekly.

This newsletter delivers free money-related content, along with other information about Which? Group products and services. Unsubscribe whenever you want. Your data will be processed in accordance with our Privacy policy

The financial impact of fraud

Losses range wildly depending on the type of fraud. Online shopping fraud, for example, typically involves lower amounts: the average loss was £650 in the year to December 2021, according to Action Fraud. For investment fraud it was £24,000.  

In our survey, fraud victims aged 65 and over reported losing more money than any other age group (an average of £2,697 compared with £1,731 overall).

Male fraud victims lost slightly more than females on average, but women aged 65 and over lost twice as much as male victims of the same age. The situation reverses when we look at younger victims.

Banks often struggle to recover stolen funds, and they might refuse to refund fraud victims if they think they were careless – but banks don’t always act fairly. In our survey, 25% of people who'd lost money didn’t manage to get any of their money back, 17% got some but not all of it, and 48% got it all back. 

Only 19% of victims took their fraud complaint to the Financial Ombudsman Service (FOS), a free service that settles complaints between consumers and financial businesses. Worryingly, 32% said this is because they had never heard of the FOS.

Gaps in fraud protection

In cases where people are tricked into transferring money to an account controlled by a criminal (known as authorised push payment (APP) fraud), a voluntary industry code exists to refund them (the Contingent Reimbursement Model (CRM) code). But this only covers UK bank transfers to 'another person'.

This means that victims who send money to a cryptocurrency account or another digital wallet in their own names first – before it is moved on to a fraudster – can fall through the cracks. Transfers to a foreign account are another gap in protection, while victims who make payments to criminals using their debit or credit cards have limited protections.

In our survey, 46% of authorised fraud victims sent the money to a UK bank account. But the rest sent the money via a cryptocurrency website/app (20%), an e-wallet such as Apple Pay, (17%), a foreign bank account (19%), or a forex wallet (6%). 

In many of these cases, victims wouldn't be able to rely on the CRM code to ask their banks for reimbursement, though banks must adhere to other relevant guidance and standards.

The latest annual report from the banking industry revealed that losses to APP fraud increased by 39% in 2021 to £583.2m, and the number of cases rose by 27% to 195,996. Less than half of the losses were returned to fraud victims. 

If you've lost money to fraud and your bank refuses to reimburse you, we advise that you escalate a complaint to the FOS. Complaints to the FOS about banks’ handling of authorised fraud more than doubled in the 2020-21 financial year; of these, 73% were upheld in favour of the customer, so banks are getting it wrong more often than not.

Fraudsters abuse social media and search engines

Which? has repeatedly found that scam content is rife across the internet. Criminals have proven they can easily create thousands of phishing emails, copycat websites and phoney social media profiles as bait to defraud victims. 

When we asked victims of fraud how they were first targeted, one in five said a fraudster gained access to their personal or financial details and made an unauthorised transfer or stole their identity to open an account in their name. But the rest were contacted directly (by email, telephone, or even turning up on their doorstep) or came across the fraud online (eg on social media and search engines). 

Online companies such as Google and Meta currently bear no legal responsibility to make checks on the advertisers who make them money. We've previously found that these firms are slow to remove fake adverts even after victims report them, or fail to spot repeat offenders posting new malicious content. 

More than half (58%) of victims identified at least one website or mobile app as being involved in their fraudulent incident, with Facebook most commonly cited. 

  • Facebook – 19%
  • Google – 17%
  • WhatsApp – 11%
  • Instagram – 8%
  • Yahoo search – 4%
  • Twitter – 4%
  • TikTok – 4%
  • YouTube – 4%
  • Bing (by Microsoft) – 3%
  • LinkedIn – 2%

Victims lack faith in authorities

In 29% of cases, victims were notified about the fraud by their bank. But only 51% of other victims reported the fraud to their banks. 

If you’re the one to notice fraud, you should contact your bank in the first instance to see what your options are for recovering your money. It’s concerning that those who didn't were most likely to say they didn’t think the bank would do anything about it (18%), or they felt too embarrassed to report it (16%). 

Younger victims, aged 18 to 24, were less likely to report the incident to their bank than victims aged 65 or over (37% versus 60%); only 14% of female victims of fraud reported it to the police, compared with 23% of men. 

Once you’ve contacted your bank, you should report the scam to Action Fraud (the fraud and cybercrime reporting centre) or Police Scotland. These reports allow the police to build a clearer picture of how victims are being targeted, but too few victims are submitting them: only a quarter (24%) in our survey said they had contacted Action Fraud.

Of those who didn’t report, 23% said they didn’t know they could report it to Action Fraud at all, while 17% said they didn’t think Action Fraud would do anything about it. 

Tackling the UK’s fraud epidemic

Addressing the UK’s fraud problem requires dedicated police resources as well as improved intelligence, and we’re failing on both counts.

Just 0.8% of the police workforce in England and Wales focused on economic crimes in 2021, and there is no streamlined approach to reporting or data sharing, as fraud reports are filtered through dozens of organisations, including Action Fraud, local police, regulators, banks, Citizens Advice, Trading Standards, HMRC, the Information Commissioner’s Office, the third sector, and businesses such as Google or internet service providers.

Campaigning from Which? has contributed to two milestones that should benefit fraud victims:

  • First, Which? is working to amend the draft Online Safety Bill to strengthen protections for consumers from scam adverts. The Online Advertising Programme, which will review the regulatory framework of all paid-for online advertising, could also help to strengthen protection against fraudulent adverts. Which? is calling for a statutory regulator with powers to prevent such adverts appearing in the first place and to force businesses to collect and share data on scams.
  • Second, the draft Financial Services and Markets Bill gives the Payment Systems Regulator powers to require all payment firms using Faster Payments to reimburse APP fraud victims. Which? welcomes the draft legislation but wants a broader range of payment methods covered.

Other improvements to protections are on the horizon. For example, National Trading Standards told Which? that pilot schemes are underway to roll out a multi-agency approach to fraud to create a more consistent response in terms of victim care and investigations. Action Fraud is also undergoing a review with the intention of making the reporting process easier for victims and individual police forces.

In the meantime, victims continue to face an uphill battle while the various authorities scramble to stem the tide of soaring financial fraud.

More on this

Related articles