The National Economic Crime Centre’s boss on tackling cyberfraud
The coronavirus pandemic has seen a surge in cyberfraud as the world has moved online, with the National Economic Crime Centre, under director general Graeme Biggar, fighting to stay one step ahead
When eccentric businessman John McAfee, creator of the eponymous anti-virus software, was charged with conspiracy to commit fraud and money laundering earlier this month, cryptocurrencies were his alleged tool of choice.
McAfee is accused of inflating the price of cryptocurrencies to his large Twitter audience, selling them and illicitly creaming off a £1.45-million profit, prosecutors claim.
Cryptocurrency fraud and its use for money laundering are just two of the many threats tackled by the UK’s National Economic Crime Centre (NECC), a unit of the National Crime Agency dedicated to identifying, thwarting and aiding in the prosecution of money crime.
Though NECC director general Graeme Biggar has no issue with digital currency as such, he acknowledges its allure to criminal gangs. “Cryptocurrency itself is not evil. There is nothing wrong with it as a form of currency. It will be used in crime in the same way cash and money flowing through banks is. The vast majority of the use of cryptocurrency is legitimate.”
However, when used with nefarious intent, cryptocurrency can become toxic. Biggar explains that it’s a way of extracting money from victims that is quick and feels anonymous and untraceable. In the vast majority of ransomware and cyberattacks where there is payment involved, cryptocurrency will be the desired form of payment. Digital currency is used by criminals to launder their money and to facilitate fraud.
“It’s clearly a very volatile market. We’ve seen what’s happened to the price of bitcoin over the year. Just as with any other volatile new market, people try to defraud others by getting them to invest in it when there’s nothing there. We’ve seen a real spike in attempts to do that. Lots of phishing emails going out trying to encourage people to invest in cryptocurrency when it is just a fraud. That’s not cryptocurrency’s fault, it’s just a hook that’s being used,” says Biggar.
The NECC produces a weekly assessment for the government and law-enforcement community and has set up a “fusion cell”, combining the resources of 30 public and private sector bodies, including banks, accountants and telcos, which meets weekly to share intelligence.
According to the Office for National Statistics, 4.4 million people in the UK said they had been the victim of fraud in 2020, losing £2.3 billion. That makes it the single most-reported crime in the country. Reassuringly, perhaps, the vast majority of these are simple frauds involving small amounts of money.
“That’s a number that matters in two ways,” stresses Biggar. “One, it represents an awful lot of people who are potentially losing their life savings, but also it starts to have a macro-economic impact. A lot of this is happening online and it feels like it can begin to have an impact on people’s confidence in the digital economy, which is clearly an enormous part of the way the world works now, a bigger part as a result of COVID. It’s really important we can maintain confidence in it now.”
According to Fraud - The Facts 2020 compiled by UK Finance, the banking and finance industry body, a huge growth in ersatz online adverts and social media fraud includes romance scams, investment and purchase fraud, where goods are advertised on auction sites at “too good to be true” rates to entice people to buy.
Fraudsters have also increasingly been targeting younger people online through so-called money mule adverts offering students and young people, in particular, money to have funds transferred through their bank account and back out again, which is effectively money laundering.
The Dedicated Card and Payment Crime Unit, a specialist police unit funded by the financial services industry, has helped close more than 1,600 social media accounts linked to fraudulent activity. Some 500 of these were used to recruit young people as money mules, while almost 250 were involved in trading stolen card details online.
The coronavirus pandemic and the physical restrictions imposed to curtail the virus’s spread have, paradoxically, catalysed a surge in online crime. “What we saw was the online, digital-type crimes like cybercrime, online fraud, which is the biggest single crime in the UK, and child sexual exploitation were less affected by lockdown,” says Biggar. “In some ways they were enhanced by it because more people were online and at home.”
Physically moving large sums of cash around was also made harder during COVID, with travel restrictions acting as another incentive for criminals to move into cryptocurrencies. “Criminals had a cash-flow crisis,” says Biggar.
“They couldn’t move their cash easily because no one was on the roads, no one was moving around, businesses were not operating so they weren’t depositing cash at banks the same way they would normally do; someone coming into a bank depositing large amounts of cash would stand out even more.”
As a result, villains had to stockpile the cash proceeds of their crimes. Last year, that lockdown loot got smaller when entire organised crime groups were dismantled during Operation Venetic, which saw £54 million, 77 firearms and two tonnes of drugs seized, plus 746 people arrested.
Venetic led to the dismantling of EncroChat, a bespoke encrypted global communication service used by 10,000 criminals in the UK for co-ordinating and planning the distribution of illicit commodities, money laundering and plotting to kill rival criminals.
The NECC has also been busy investigating frauds committed against the pandemic-induced government bail-out schemes, such as the Coronavirus Business Interruption Loan Scheme, Bounce Back Loan Scheme and employee furlough. Historically, the NECC was not set up to examine fraud against the public sector, but has been pulled in this direction because of the schemes’ critical role in bolstering the national economy.
“There has absolutely, definitely been sophisticated, organised efforts to access those schemes from people with very obviously criminal intent. We’ve seen this throughout and we’ve been working really closely with the banks and with government to try to identify what is happening to then revise the processes banks are using to approve the loans, such as increasing checks,” says Biggar.
The NEEC works closely with the legal, accountancy and conveyancing sectors to raise awareness of their vulnerability to become unwittingly involved in money crimes as “professional enablers”. These include the Flag-it-up campaign to identify money laundering via potential breaches and the use of suspicious activity reports.
Also, in 2018, the Office for Professional Body Anti-Money Laundering Supervision was launched to strengthen the UK’s anti-money laundering measures. Housed within the Financial Conduct Authority, it works with groups such as the Solicitors Regulation Authority to prevent lawyers from being inveigled into crime, such as money laundering.
“There are really strong caucuses within those professions driving to up their collective game. They’re massively broad professions with thousands of practitioners in many firms, so it’s quite a challenge,” Biggar concedes.
His message to companies that think they may be vulnerable to criminal attacks is simple and straightforward. Firstly, get your cybersecurity sorted. Secondly, abide by the money laundering regulations, as well as know your customer, know your business, and have the right policies and training in place, being sure to report suspicious activity through suspicious activity reports. And thirdly, ensure you have a rigorous counter-fraud strategy.