Unmasking how

fraudsters target
UK consumers in
the digital age
December 2024
Unmasking how fraudsters target
UK consumers in the digital age

Contents

Executive summary 4
Scam types 6
Introduction 8
How do APP scams impact victims and trust in payments and institutions? 10
APP scam reported by sector in 2023 11
The most common platforms and services used by fraudsters 12
Scams type – overview 13
Purchase scams (highest ten) 14
Romance scams (highest ten) 15
Investment scams (highest ten) 16
Advance fee scams (highest ten) 17
Invoice and mandate scams (highest ten) 18
Impersonation scams – police and bank staff (highest ten) 19
Impersonation scams – CEO (highest ten) 20
Impersonation scams – other (highest ten) 21
How was this data gathered? 22
Data notes 23
How do scam type rankings work? 24
What we are doing to drive better performance and improve
outcomes for consumers in the payments industry? 25
Data tables 26
Scams by sector 27
Volume of APP scams in 2023 of the most common entities 28
Value of APP scams in 2023 of the most common entities 29
Glossary 30

3
Unmasking how fraudsters target
UK consumers in the digital age

Executive summary

Preventing authorised push payment

(APP) scams is one of our top priorities. Key findings in our report
APP scams cause immense suffering and
• Our data shows that fraudsters use major
harm to consumers and society, damage
social media platforms, technology platforms,
confidence in payments and lead to
and the telecommunication sector to commit
permanent loss of trust in institutions.
APP scams against UK consumers, leading to
Our research1 shows that victims’ confidence in losses in the hundreds of millions.
making payments drops after being a victim of an
• According to our data4, £341 million
APP scam. A third say they have also lost confidence
in using new payment methods. The need for action was lost to APP scams in 2023. Over
is clear, and we have taken decisive action to prevent half of these were reported by victims
APP scams across the payments industry. as originating on Meta platforms. Meta
platforms were recorded as being targeted
We have done this by creating incentives for by fraudsters to carry out 54% of the
payment firms to improve scam prevention, through volume and 18% of the total value of APP
the publication of APP scams performance data2 scams. This means Meta platforms were
and through the introduction of a reimbursement used by fraudsters to carry out the loss
requirement in October 2024, which requires victims of approximately £1 in every £5 lost in an
of APP scams to be reimbursed by their bank when APP scam.
they fall victim to a scam.
Most common entities used by fraudsters (by volume)
We want to do more to stop scams occurring Facebook 34%
in the first place, and this means working with Facebook Marketplace 7%
Instagram 8%
other sectors as well as the payments industry. WhatsApp 5%
To make significant inroads to prevent APP scams, Other Platforms 14%
all ecosystem actors need to take action to prevent Telecommunications 12%
Entity Unknown 9%
fraudsters contacting victims and earning their trust. Snapchat 4%
Twitter/X 3%
For this reason, we used our powers3 this year to Family/Friend 3%
require the 14 largest banking groups in Great Britain Google Search 2%
Email 2%
and Northern Ireland to give us data on which
platforms are most commonly reported as being • Telecommunication and email5 providers
exploited by fraudsters to make contact with victims, were recorded as being targeted by
which later result in an APP scam, across different
fraudsters to carry out a significant
scam types. The scam types can be found on
amount of APP scams. The sectors
pages 6–7.
represent 12% and 2% of the volume
respectively and over 40% of the value.
1 See page 10 for further details.
• Meta platforms were used by fraudsters
2 The 14 largest banking groups in Great Britain and Northern to carry out more romance scams
Ireland were required to provide us with performance data under
Specific Direction 18. You can find our reports for the last two against UK payment users than all dating
years www.psr.org.uk/information-for-consumers/app-fraud- websites combined, with 31% of romance
performance-data/
scams being reported by consumers as
3 Information gathering power under section 81 of the Financial
Services (Banking Reform) Act 2013. starting on Meta platforms. (Facebook 14%,
4 APP scams performance report (July 2024). Instagram 10%, WhatsApp 7%).
This constituted 22% of value.
5 No firm level data is available for the Telecommunications and
Email categories.

4 psr.org.uk
 The benefits of publishing this data
• Meta platforms feature as the top three
platforms being targeted by fraudsters Collecting and publishing this data supports our
to carry out the most common type of statutory objective that payment systems work in
APP scam – purchase scams (by volume). the interests of businesses and consumers who
Facebook was used in 44% of incidents, use them. The benefits of publishing this data are:
Facebook Marketplace in 11%, and Instagram • Raising consumer awareness and vigilance
in 8%. Facebook was targeted by fraudsters to by highlighting which platforms and services
carry out the highest amount of losses at 27%. fraudsters most often exploit.
While eBay was used in only 1.6% of cases of
purchase scams, it was used by fraudsters to • Improving the ecosystem’s understanding of
carry out 9% of losses. the scale of the threat. We want firms to know
Purchase scams
how much fraudsters target victims to carry
out APP scams. This should empower them to
44% Volume do more to prevent APP scams happening and
Value encourage cross-industry collaboration.
27%
• Providing valuable insights for payment firms
to build risk profiles of fraudulent methodologies,
13%
11% based on their consumers’ use of particular
8% 8% 7%
5% 5%
1% platforms and services. This should allow for
Facebook Facebook Instagram Entity Twitter/X better-targeted interventions.
Marketplace Unknown
• Support other UK regulators like Ofcom
• Investment scams accounted for the and the government to enforce duties and
highest proportion of losses, at 24%, take actionable steps to prevent harm to society.
despite being just 6% of the volume of
total APP scams. The telecommunication While we recognise and welcome initiatives from
industry was used to carry out 23% of this technology, telecommunications and social media
value, Meta platforms 14% and families firms and the payment industry to better understand
and friends 12%. the threats and improve their collective response,
APP scams remain a major problem.

We consider that systemic action is needed

to address the scale of the threat. Better data
sharing and cross-industry collaboration can
provide actionable data insights to support all
sectors, public and private, to work together and
make interventions earlier on in the fraud lifecycle.
We call on technology, telecommunication
and social media platforms to work with
payment firms to close down vulnerabilities
that fraudsters exploit. This will reduce harm
and result in better outcomes for consumers.

We intend to publish this data every year and intend

to consult in 2025 on how to improve data collation.

5
Unmasking how fraudsters target
Trust in Payments report
UK consumers in the digital age

The 14 largest banking groups in Great Britain and

Scam types Northern Ireland provided scam incidents recorded against
technology, telecommunication and social media platforms
and services, broken into the following subcategories:

for sa le
Laptop
£999
t received
Paymen

ent for My love, I must know many thing

n’t receive
d paym
edietely.
s about you.
We have ease send imm
ite m . Pl
this
id
ready pa
I have al e app.
th
through

of your first pet?

nd the m
oney. What is the name
Please se d payment.
t ha
I haven’

What is your mother’s maiden name?

of the town wh ere

What is the name
you were born?

Purchase scams Romance fraud

The victim pays for a good or service that they The fraudster feigns a romantic interest in
do not receive and the seller had no intention of the victim to win their trust and manipulate
providing. The scammer may create a fake website them into sending money.
or advertise a false product on social media.

anks Inc.
Your subscription with YourAntivirus will renew today United B
and £419.99 is about to debit from your account today.
stomer, ake cha
nges to
Dear cu
Customer ID 583913598208965
st fro m you to m
que nt.
ived a re e accou
We rece Inc onlin nt
Invoice No. HFYDN9732957HW ed Banks ur accou
yo u r U n it
ase lo g in to yo below.
,p le link
Renewal Date orise this word using the
25-11-23 not auth ass
If you did sername and p
with you
ru nt will
ur accou
urs or yo ased.
Subtotal is w ith in 24 ho e re le
£336.00 o th not b
Please d onies will
d and m
VAT 20% be close

Total £419.99 Regards

.
anks Inc
United B

Log in

Invoice and mandate fraud Impersonation scams

The fraudster sends a fake invoice to the victim The fraudster pretends to be a law enforcement
requesting payment for a good or service. officer or bank staff to convince the victim to
make a payment.

6 psr.org.uk
Unmasking how fraudsters target
UK consumers in the digital age

Shipping
Direct
You must deposit a
minimum of £1500.00
Dear client,

We regret to inform you that your parcel was not able to

be delivered on the specified date, 12/02/2023.
The parcel is currently located in the shipping warehouse
in your area.
You must pay a withdrawal
The reason for the delay was that the sender did not pay
fee of £500.00 the necessary fees for the delivery. To avoid the parcel
being returned, we ask that you pay the fee of £6.95 GBP.
You can track your parcel and pay the fee by clicking the

ROI tracking button.

Track and pay

Investment fraud Advance fee fraud

The fraudster convinces the victim to invest in The fraudster convinces the victim to pay a fee
something that does not exist with the promise which they claim will result in the release of a
of a high return. The scammer may be pretending much larger payment or a deposit for goods
to be a financial advisor and using cold calling to or service that they never receive, and the
reach out to the victim. fraudster never intended to provide.

J Payment Instruction
Mock conversation between a victim and someone impersonating their child. The
conversation reads:

Mum,
I’ve changed phone provider this is my new
number you can delete my old number ok
Gareth, xx

Are you at your desk? I need you to

process an urgent payment.
Who is this?
Get back to me asap.

Regards, The oldest one xx

Jane

@team
Could I please borrow money for my rent
scam message
ently targeted with a until the weekend? Sorry to ask xx
Some of us were rec ted . I, or any of our staff
ersona
where I was being imp poi nt in tim e. Keep safe!
at any
won’t ask for money

Impersonation - CEO Impersonation - other

The fraudster pretends to be a CEO or other The fraudster pretends to be someone,
workplace figure to convince the victim (often commonly family or friends, or a celebrity
employees of a business) to make a payment. or public figure to convince the victim to
make a payment.

7
Unmasking how fraudsters target
UK consumers in the digital age

Introduction

An APP scam is where a person dishonestly How fraudsters abuse legitimate

manipulates, deceives or persuades a platforms
consumer into transferring funds from the Scams occur when criminals exploit legitimate
consumer’s account to an account outside services and systems to make false representations
of their control, where: with the intention to make a gain, or cause a loss, or
• the recipient is not who the victim intended the risk of a loss, to another. This includes payment
to pay, or firms, agents or other entities whose systems are
exploited to carry out fraud. We have previously
• the payment is not for the purpose intended.
published performance data on payment firms.
APP scams can be complex and involve multiple For the purpose of this data publication, we defined
actors. These can include payment firms – who an entity used to carry out APP scams as either:
operate the facilities where money loss occurs –
and technology, telecommunication and social media • A platform or service through which the fraudster
platforms – which fraudsters use to communicate made contact with the victim; or
with victims and persuade them to make payments. • A platform or service where the victim saw an
advertisement or profile that subsequently results
in an APP scam.

How do scams occur?

APP scams vary, but most follow a pattern of:

Target Contact Persuade Payment Launder Cashout

Origination

Platform/service

Targeting the Contacting Persuading the victim to Laundering the money

victim (for the victim make a payment and cashing out
example, using (for example,
stolen data, through
finding vulnerable adverts, direct
target groups messages,
on social media, phone
or creating false calls, text
advertisements) messages)

8 psr.org.uk
Unmasking how fraudsters target
UK consumers in the digital age

Case study
A social media account belonging to a friend of a victim
posted about good returns on an investment, highlighting
the ‘benefits of crypto investments’. The victim was
gradually coached into transferring over £2,000 into an
alleged cryptocurrency scheme. When the victim wanted
to withdraw their money, they were charged fees, which
they paid. After further demands were made, the victim
realised they had been defrauded and later found out their
friend’s account had been hacked.

tment
m is s this inves y
don’t w a n t to c ha nge d m
OMG – you a d e o v e r 70k and it ’s e it!
opportunit
y. I have m lebrities us
re tu rn s a t 5% and ce
go o d
life!!! Such 2 March

Victim
Fraudster I am really interested and have never done
Hi there – you need to register here. Its really easy this. What do I do? How much should I put in?
and you can watch your investments grow on the
dashboard. If you have any questions, just reach
out. I am here to help . 😃
Maybe start with £500. You can then watch the
money roll in!

29 March
Fraudster
Hi there – I just wanted to see how your investment Victim
was going? Is there anything I can do to help? Hi – Its going well, I can’t believe my
investment has already started to grow
over the last month.
Fraudster
That’s great. If you’re happy with the way things are
going, do you want to invest more? Victim
Yeah I’ll put in another £500!

Fraudster
Are you sure? I know other people are seeing really Victim
big returns at the moment. I would hate for you to Ok I’ll do that.
miss out. I would recommend putting in 2K.
30 June

Fraudster Victim
Yes, that’s an admin fee, everyone has to pay. Hi, I have been happy with my investments and
Without it your money can’t be released. want to withdraw some of my money, but it says
I have to pay fees, which I have done, its now
asking for more?

Victim
Hello it is asking for more…

Victim
The transcript has been generated from
a victim’s experience and testimonial. Why are you not responding? I want my money!

9
Unmasking how fraudsters target
UK consumers in the digital age

How do APP scams impact victims and

trust in payments and institutions?

We are concerned by the threat that APP Levels of victim satisfaction with banks versus platforms
and services
scams pose to trust in payment systems
and consumer confidence. We therefore Stacked bar chart
commissioned Thinks Insight to produce 10%
a study on how APP scams affect victims’ My bank: Very satisfied 53%, Satisfied 21%,
Neither satisfied or dissatisfied 8%,12%
Dissatisfied
confidence in payments and other
9%, Very dissatisfied 8%
economic activities. 53%
Of the 688 victims surveyed: The platform where the victim thought fraud took
place: Very satisfied 10%, Satisfied23%
12%, Neither
satisfied or dissatisfied 23%, Dissatisfied 13%,
of victims reported they
Very dissatisfied 39%
32% are less willing to try new 13%
payment methods.
21%
of victims were less likely 8%
36% to try new approaches to 39%
managing their finances 9%
because of their experience.
8%
My bank The platform where the victim
reported they were less likely thought fraud took place
48% to shop with a new retailer Very satisfied Satisfied Neither satisfied or dissatisfied
they haven’t heard of before. Dissatisfied Very dissatisfied

Data collection
The study also showed that victims thought
The data we have collected is reported by victims.
technology companies were in part responsible –
When people become victims of fraud, they are
alongside their bank, the fraudster, and the police.
more likely to report the incident to their bank than
Furthermore, only 22% were satisfied with the
to the police. Payment firms have started logging
response of technology companies, compared
when victims report that a social media platform,
to 74% for banks. 41% said they had lost trust
telecommunication or technology firm was used in
in social media – four times as many as had
the scam. This has created a rich dataset of which
lost confidence in banks.
platforms and services are most commonly targeted
You can find the full study here. by fraudsters to carry out APP scams. While efforts
are made by payments firms to ensure the accuracy
of the data, human error by the case handler can
impact the data quality. In addition, our data shows
that in some cases, the victim may not remember
where the initial compromise happened. In other
cases, the consumer may report in error where they
believe a scam originated, when in fact the fraudster
made contact with them earlier and on another
platform. We intend to consult on how we can
improve data collection in the future. You can find
more detail on how this data is gathered on pages
22 to 23.

10 psr.org.uk
Unmasking how fraudsters target
UK consumers in the digital age

APP scam reported

by sector in 2023

In 2023, social media platforms were Telecommunications platforms were targeted by

targeted by fraudsters to carry out 56% of fraudsters to carry out a significant amount of APP
the volume of APP scams (124,057 incidents) scams via fraudulent calls and text messages, at
and 20% of the value lost (£67,429,184), while 12% of volume (26,975 incidents) and 31% of value
lost (£107,229,381). Email providers were also
auction/purchase and listing platforms were
targeted by fraudsters to carry out disproportionality
targeted by fraudsters to carry out 13% of
high losses at 10% by value (£35,001,770) but only
cases (29,473 incidents) and 6% of losses
2% of the volume (3,955 incidents).
(£21,283,030).
Data recorded by payments firms does not currently
break down telecommunication and email data by
individual provider level. We intend to consult on
how this data collection can be improved in 2025.

Scam by sector (ranked by volume)

1 Social Media, Messaging and Call Platforms 56%

2 Auction/Purchase and Listing Platforms 13%

3 Telecommunications Platforms 12%

4 Entity Unknown 9%

5 Search Services 4%

6 Family/Friend6 3%

7 Email 2%

8 Dating Platforms 1%

9 Accommodation/Vacation Platforms Less than 1%

Scam by sector (ranked by value)

1 Telecommunications 31%

2 Social Media, Messaging and Call Platforms 31% 20%

3 Entity Unknown 20% 16%

4 Email 16% 10%

5 Auction/Purchase and Listing Platforms 6%

6 Search Services 6%

7 Family/Friend 6%

8 Dating Platforms 3%

9 Accommodation/Vacation Platforms Less than 1%

6 This includes data where the scam included family or friends of the victim.
Data notes: The figures have been rounded up or down and may not equate to 100% across volume and value totals.

11
Unmasking how fraudsters target
UK consumers in the digital age

The most common platforms and

services used by fraudsters

Over half of all APP scams recorded in The telecommunications sector was targeted
2023 were reported by victims as originating to carry out 12% of APP scams by volume
on Meta platforms. Meta platforms were (26,975 incidents) and 31.5% by value
recorded as being targeted by fraudsters (£107,229,381).
to carry out 54% of volume (119,338 incidents)
and 18% by value (£62,691,418). This means
Meta platforms were used by fraudsters
to carry out the loss of approximately
£1 in every £5 lost in an APP scam.

Most common entities used by fraudsters (by volume) Most common entities used by fraudsters (by value)

Facebook 34% Telecommunications 31%

Facebook Marketplace 7% Entity Unkown 16%
Instagram 8% Other platforms 11%
WhatsApp 5% Email 10%
Other 14% Facebook 9%
Telecommunications 12% WhatsApp 5%
Entity Unkown 9% Instagram 3%
Snapchat 4% Family/Friend 6%
Twitter/X 3% Unknown (Search Services) 3%
Family/Friend 3% Google Search 2%
Google Search 2% eBay 2%
Email 2%

Data notes: The figures have been rounded up or down and may not equate to 100% across volume and value totals.

12 psr.org.uk
Unmasking how fraudsters target
UK consumers in the digital age

Scams type – overview

Purchase scams are the most common Volume of fraud by scam type
type of APP scams in the UK, making up
Pie chart
68% of cases in 2023 (152,192 incidents).
Impersonation scams combined make Purchase Scam 68%
up 14% (31,321 incidents) and advance
Advance Fee Scam 9%
fee scams, the third most common,
made up 9% with 19,341 incidents. Romance Scam 2%
Impersonation scams combined made up 33% CEO Scam 0.1%
of losses (£107,061,348). Investment scams make 68%
up 24% of losses (£80,276,625) despite accounting Impersonation Scam Other 10%
10%
for only 6% of volume (12,500 incidents). Purchase
Investment Scam 6%
scams made up 21% of losses (£72,403,187).
Invoice and Mandate Scam 0.9%
9%
Purchase Scam Impersonation Scam – Other Impersonation Scam – Police/ Bank Staff 4%
Advance Fee Scam Investment Scam 6%
Romance Scam Invoice and Mandate Scam
4%
CEO Scam Impersonation Scam – Police/ 3%
Bank Staff

Value of losses by scam type

0.9%

Pie chart 1%
2% 0.1%
8%
Purchase Scam 21%
7% 21%
Advance Fee Scam 8%

Romance Scam 7%

CEO Scam 1%
19%
Impersonation Scam Other 13%13%

Investment Scam 24%

Invoice and Mandate Scam 8%

24% 8%
Impersonation Scam – Police/ Bank Staff 19%

13
Unmasking how fraudsters target
UK consumers in the digital age

Purchase scams (highest ten)

In purchase scams, the victim pays for a Meta platforms feature as the top three firms
good or service that they do not receive most commonly targeted by fraudsters to carry
and the seller had no intention of providing. out purchase scams, by volume. Facebook
The scammer may, for example, create a was used in 44% of incidents in 2023 (67,337),
Facebook Marketplace in 11% (16,067 incidents),
fake website and promote it through search
and Instagram in 8% (11,885 incidents).
services or spam, advertise a fake product
on social media, or create a fake listing on Twitter/X was targeted to carry out 5%
an auction website. of purchase scams (7,096 incidents) and
Snapchat 4% (6,359 incidents).

Facebook was used by fraudsters to carry out

the most scams by value, at 27% of the total
(£19,509,964). While eBay only accounted for 1.6%
of volume (2,370 incidents)7, its platform was used
by fraudsters to carry out 9% of losses (£6,659,382).

Purchase scams: most common entities (ranked by volume)

1 Facebook (social media, messaging and call platforms) 44%

2 Facebook (Auction/Purchase and Listing Platforms) 11%
3 Instagram 8%
4 Entity Unknown 7%
5 Twitter/X 5%
6 Snapchat 4%
7 Family/Friend 3%
8 Other (Auction/Purchase and Listing Platforms) 2%
9 WhatsApp 2%
10 Telecommunications 2%

Purchase scams: most common entities (ranked by value)

1 Facebook (social media, messaging and call platforms) 27%

2 Entity Unknown 13%
3 Family/Friend 10%
4 eBay 9%
5 Facebook (Auction/Purchase and Listing Platforms) 8%
6 Other (Auction/Purchase and Listing Platforms) 6%
7 Instagram 5%
8 Google Search 4%
9 WhatsApp 3%
10 Telecommunications 2%

7 Ebay falls outside of highest 10 for volume.

14 psr.org.uk
Unmasking how fraudsters target
UK consumers in the digital age

Romance scams (highest ten)

A romance scam is when a fraudster Meta platforms were used by fraudsters to carry
feigns a romantic interest in the victim to out more romance scams against UK payment users
win their trust and manipulate them into than all dating platforms combined, with 31% of the
sending money. Romance scams are less volume (1,590 incidents). Facebook accounted for
14% of the total (719 incidents), Instagram 10% (511
common, with 4,997 incidents in the UK
incidents), and WhatsApp 7% (360 incidents). This
in 2023, but they can be financially and
made up 22% of the total value lost (£5,072,115).
emotionally devastating.
In 13% (662 incidents) of cases the party was not
known, accounting for 17% of losses (£3,900,035).
There are many reasons for this: a victim may not be
able to remember, or in some cases may not want to
reveal how the fraudster contacted them. We intend
to consult on how we can improve data collection in
the future.

Romance scams: most common entities (ranked by volume)

1 Facebook (social media, messaging and call platforms) 14%

2 Entity Unknown 13%

3 Other (social media, messaging and call platforms) 11%

4 Instagram 10%

5 Other (Dating Platforms) 8%

6 Unknown (Dating Platforms) 7%

7 WhatsApp 7%

8 Snapchat 6%
9 Telecommunications 4%

10 Family/Friend 3%

Romance scams: most common entities (ranked by value)

1 Entity Unknown 17%

2 Other (Dating Platforms) 17%

3 Facebook (social media, messaging and call platforms) 13%

4 Unknown (Dating Platforms) 13%

5 Instagram 5%

6 Match.com 5%

7 Plenty of Fish 5%

8 WhatsApp 4%
9 Other (social media, messaging and call platforms) 4%
10 Unknown (Search Services) 3%

15
Unmasking how fraudsters target
UK consumers in the digital age

Investment scams (highest ten)

In investment scams, the fraudster convinces In 16% (1,960) of incidents in 2023 the entity
the victim to invest in something that does was not known, accounting for 26% of losses
not exist with the promise of a high return. (£20,533,462). We intend to consult on how
we can improve data collection in the future.
Investment scams account for the greatest
losses of all APP scams, at 24% of the 2023 Telecommunications companies were used to
total (£80,276,625), despite being only 6% carry out 14% of the total volume (1,694 incidents)
of the volume (12,500 incidents). and 23% of losses (£18,396,441).

Of these investment scams, Meta platforms

were used to carry out 41% of incidents
and 14% of losses: 19% (2,418) of incidents
occurred through Instagram, 11% (1,402) through
Facebook, and 11% (1,314) through WhatsApp.

Investment scam entities (ranked by volume)

1 Instagram 19%

2 Entity Unknown 16%

3 Telecommunications 14%

4 Facebook (social media, messaging and call platforms) 11%

5 WhatsApp 11%

6 Unknown (Auction/Purchase and Listing Platforms) 6%

7 Unknown (Search Services) 5%

8 Snapchat 5%

9 Family/Friend 5%

10 Email 2%

Investment scams: most common entities (ranked by value)

1 Entity Unknown 26%

2 Telecommunications 23%

3 Family/Friend 12%

4 Unknown (Search Services) 9%

5 Facebook (social media, messaging and call platforms) 6%

6 Google Search 5%

7 WhatsApp 5%

8 Email 5%

9 Instagram 4%

10 Other (Social Media, Messaging and Call Platforms) 2%

16 psr.org.uk
Unmasking how fraudsters target
UK consumers in the digital age

Advance fee scams (highest ten)

In advance fee scams, the fraudster Advance fee scams made up 9% (19,341)
convinces the victim to pay a fee which of APP scams by volume in 2023. Fraudsters
they claim will result in the release of a most commonly used Facebook, with 21% of
much larger payment or a deposit for the total cases (4,035). This was followed by
telecommunication companies, at 17% of volume
goods or service that they never receive,
(3,234), and the third most common category in
and the fraudster never intended to provide.
our data is ’unknown’ at 16% of cases (3,181).
This can include claims that the victim has
won a holiday, is entitled to an inheritance Cases with an unknown entity accounted for the
or is awaiting the delivery of goods. most value lost, with 30% of the total (£7,852,261).
Where the entity was known, losses were highest
when they occurred via telecommunication (23%,
£5,904,924) followed by Facebook (9%, £2,390,578)
and friends and family (7%, £1,828,793).

Advance fee scams: most common entities (ranked by volume)

1 Facebook (social media, messaging and call platforms) 21%

2 Telecommunications 17%

3 Entity Unknown 16%

4 Google Search 9%

5 Unknown (Search Services) 7%

6 Instagram 7%

7 WhatsApp 5%

8 Email 3%

9 Facebook (Auction, Purchase and Listing Platforms) 2%

10 Snapchat 2%

Advance fee scams: most common entities (ranked by value)

1 Entity Unknown 30%

2 Telecommunications 23%

3 Facebook (social media, messaging and call platforms) 9%

4 Family/Friend 7%

5 WhatsApp 6%

6 Instagram 5%

7 Unknown (Search Services) 3%

8 Google Search 3%

9 Email 3%

10 Other (Auction/Purchase and Listing Platforms) 1%

17
Unmasking how fraudsters target
UK consumers in the digital age

Invoice and mandate scams

(highest ten)

In invoice and mandate scams, the fraudster In 16% of cases (317 incidents) the entity could
sends a fake invoice to a victim. This is often not be identified, accounting for 13% of value lost
perpetrated against businesses through (£3,568,494). 12% of cases occurred over the phone
email, with 66% of the total volume in 2023 (235 incidents), which accounted for 7% of the value
lost (£2,048,205).
(1,301) and 80% of the value (£22,639,756)
occurring in this way.

Invoice and mandate scams: most common entities (ranked by volume)

1 Email 66%

2 Entiy Unknown 16%

3 Telecommunications 12%

4 Unknown (Search Services) 1%

5 Facebook (social media, messaging and call platforms) 1%

6 WhatsApp 1%

7 Family/Friend 1%

8 Google Search 1%

Invoice and mandate scams: most common entities (ranked by value)

1 Email 80%

2 Entity Unknown 13%

3 Telecommunications 7%

Data notes: The volume and value charts have fewer than ten platforms shown because some of the categories/subcategories have figures
close to 0% and have been omitted on this basis from the chart. Data on those firms can be found in the data tables.

18 psr.org.uk
Unmasking how fraudsters target
UK consumers in the digital age

Impersonation scams –
police and bank staff (highest ten)

In impersonation scams, the fraudster Police and bank staff impersonation scams are
pretends to be someone known to the largely perpetrated via telecommunication, with 90%
victim, or someone in a position of authority of cases in 2023 (8,990 incidents) occurring via text
or trust. This is a high-harm scam type or phone call. In this type of scam, fraudsters often
want victims to clear their entire bank account,
because victims can experience high levels
so the losses are very high, with £57,719,548
of long-lasting stress and emotional harm.
lost through telecommunication alone.
In some cases, victims can lose their entire
savings and there is permanent loss of trust
in institutions and payments.

Impersonation scams (police/bank staff): most common entities (ranked by volume)

1 Telecommunications 90%

2 Entity Unknown 6%

3 Email 2%

4 WhatsApp 1%

Impersonation scams (police/bank staff): most common entities (ranked by value)

1 Telecommunications 90%

2 Entity Unknown 6%

3 Email 2%

4 WhatsApp 1%

Data notes: The volume and value charts have fewer than ten platforms shown because some of the categories/subcategories have figures
close to 0% and have been omitted on this basis from the chart. Data on those firms can be found in the data tables.

19
Unmasking how fraudsters target
UK consumers in the digital age

Impersonation scams –
CEO (highest ten)

CEO scams are a type of scam where It is largely perpetrated through email, with
someone impersonates a senior 71% of cases in 2023 (153 incidents) occurring
figure in a workplace to trick staff in this way. This accounted for 60% of the value
into making payments. lost (£2,297,287). Fraudsters commonly target
businesses in this scam.

Impersonation scams (CEO): most common entities (ranked by volume)

0 10 20 30 40 50 60 70 80

1 Email 71%

2 Entity Unknown 10%

3 Telecommunications 6%

4 Facebook (social media, messaging and call platforms) 5%

5 WhatsApp 3%

6 Instagram 2%

7 Snapchat 1%

8 Twitter/X 1%

Impersonation scams (CEO): most common0entities (ranked

10 by value)
20 30 40 50 60

1 Email 60%

2 Entity Unknown 34%

3 Family/Friend 5%

4 Telecommunications 1%

Data notes: The volume and value charts have fewer than ten platforms shown because some of the categories/subcategories have figures
close to 0% and have been omitted on this basis from the chart. Data on those firms can be found in the data tables.

20 psr.org.uk
Unmasking how fraudsters target
UK consumers in the digital age

Impersonation scams –
other (highest ten)

Other impersonations scams – 49% of total value in 2023 (9,529 incidents,

including friends and family impersonation for £20,941,262). This is followed by WhatsApp
– happen commonly via telecommunication, at 23% of cases, with 4,993 incidents and
accounting for 45% of total cases and £8,238,709 lost (19% of total value).

Impersonation scams (other): most common entities (ranked by volume)

1 Telecommunications 45%

2 WhatsApp 23%

3 Entity Unknown 8%

4 Facebook (social media, messaging and call platforms) 7%

5 Email 4%

6 Family/Friend 3%

7 Instagram 3%

8 Unknown (Search Services) 2%

9 Other (social media, messaging and call platforms) 2%

10 Snapchat 1%

Impersonation scams (other): most common

0 entities (ranked
10 by value)
20 30 40 50

1 Telecommunications 49%

2 WhatsApp 19%

3 Entity Unknown 12%

4 Email 9%

5 Family/Friend 3%

6 Facebook (social media, messaging and call platforms) 2%

7 Unknown (Search Services) 1%

8 Other (social media, messaging and call platforms) 1%

9 Instagram 1%

10 Amazon 1%

Data notes: In some of these impersonation cases, a fraudster may have deceived a victim into thinking that they are staff of a given platform
or service. It may be that the scam did not originate on the platform or service it has been attributed to, but the name of the platform or service
was used by the fraudster to trick the victim.
21
Unmasking how fraudsters target
UK consumers in the digital age

How was this data gathered?

We requested data from the 14 largest payment We requested APP scams data on the organisations
service providers (PSPs) in Great Britain and below, where the platform or service was recorded
Northern Ireland, who together account for the at least once as used by fraudsters to carry out APP
majority of UK retail banking transactions. We also scams across the different scam types. Not all the
require these firms to provide us with regular APP firms listed were recorded across all scam types.
scam performance data. They are: The charts between pages 14 to 21 and data on
pages 28 and 29 only contain the rankings and
data of the highest ten platforms or services.
Payment service providers APP scams data

Allied Irish Bank (AIB) Group Email providers No company-level data

available
Barclays Bank UK plc
Social media, call LinkedIn, Twitter/X,
The Co-operative Bank plc and messaging Snapchat, Telegram,
platforms or apps Facebook, Instagram,
HSBC UK Bank plc
WhatsApp, Unknown, Other
Lloyds Bank plc Accommodation/ SpareRoom, Airbnb,
Metro Bank plc vacation website Unknown, Other
or app
Monzo Bank Limited
Entity Unknown No data
National Westminster Bank plc
Auction/purchase eBay, Gumtree, Amazon,
Nationwide Building Society and listing platforms Shpock, Pets4Homes,
or apps Facebook Marketplace,
Northern Bank Limited (trading as Danske Bank) Unknown, Other
Santander UK plc Telecommunications No company-level data
– no company-level available
Starling Bank Limited
data available
TSB Bank plc Dating website Tinder, Bumble, eHarmony,
Virgin Money UK plc or app Hinge, Match.com, Plenty
of Fish, Unknown, Other
Family/Friend No data
Search services Google Search, Bing, Yahoo,
Ecosia, Unknown, Other

We requested data for all push payment types. We also asked for a breakdown of scams into the
The data in this report aggregates all these: following subcategories:
• Purchase
• Faster payments
• Romance
• CHAPS
• Investment
• Intra Bank Transfers
• Advance fee
• Bacs payment
• Invoice and mandate fraud
• Bacs Standing Order
• Impersonation – police/bank staff
• International SWIFT
• Impersonation – CEO
• Impersonation – Other

22 psr.org.uk
Unmasking how fraudsters target
UK consumers in the digital age

Data notes

1. The data we collected was victim self-reported 7. As a claims management platform, the data
i.e., when the victim reports to their payment inputted into BPS covers both confirmed and
firm where they believe the scam started. suspect fraud. For this exercise, we have only
Noting that: used data drawn from confirmed fraud cases
a) In some cases, the victim may not remember which have been fully investigated and closed.
where the initial compromise happened. Therefore, it is likely that not all incidents
of scams will have been included in our
b) In other cases, the consumer may report to
data reporting.
their payment firm that a scam started on a
specific platform, when in fact the fraudster 8. The data inputted into the BPS platform relies
made contact with them earlier and on on victims reporting to their payment firm.
another platform or service. For example, The total volume and value of fraud across
a victim may tell their payment firm that they the UK will then be higher than the numbers
believe the fraudster persuaded them to make detailed here. BPS data may also be subject
a payment over telecommunication, but the to future restatement if further information
point of original contact between the victim becomes available.
and fraudster was on a dating platform or via 9. Once we received the data, we collated and
social media. analysed it and created a dataset for each
2. While all efforts were made by payment firms individual entity and sector.
to ensure the accuracy of the data, the data 10. We have used data from firms and the
may contain inputting errors by the case handler industry body UK Finance to support the
or subject to differences in interpretation data described in our report.
by payments firms with assigning scams to 11. There are minor differences for some scam
platforms and services. types in comparison with UK Finance data.
3. The payment firms we requested data from This is likely due to the limitation of our data
are members of UK Finance and participants being collected from 14 firms, whereas UK
of the Best Practice Standard (BPS) claims Finance data includes a wider set of payment
management platform. The BPS allows firms. The more significant difference for the
payment firms to create cases in real time, telecommunications and social media sectors
quickly passing information to other financial is due to our categorisation of WhatsApp as
institutions whose customers may have received a social media, messaging and call platform,
fraudulent money into their account. The real whereas industry categorises it as telecoms.
time nature of the platform greatly increases 12. We are aware that there are a small number
the chance of being able to stop the funds of irregularities in how some scam cases
ending up in criminal hands. have been allocated as originating on specific
4. Firms subject to the request were permitted to platforms. These irregularities may include
provide this data from their internal datasets or inconsistencies between payment firms in the
from BPS, so long as they used the format we number of scams reported per platform, or as
specified and provided all the available data. unexpected categorisation of scams into types
5. Most payment firms provided their data via BPS not typically associated with a platform. This
while some used a combination of BPS and their is likely to result from differing approaches and
internal case management systems. interpretation by payment firms at the time
of recording the scam case and the victim’s
6. Participants of the BPS platform own the data
recollection of where the scam started.
entered and stored and are responsible for its
accuracy and completeness. However, extensive
testing, engagement with payment firms during
the development of the platform, and validation
with other sources of scam data have shown
that the data from BPS is broadly consistent
with industry trends.
23
Unmasking how fraudsters target
UK consumers in the digital age

How do scam type rankings work?

• The rankings presented in this report are based List of categories/sub-categories to be ranked
on the 40 categories and subcategories listed.
Airbnb
• Where firm level data is available, sector totals Amazon
have been excluded from the rankings. Bing
Bumble
• This data was collected by payment firm and
eBay
based on consumer reports, at the time of
Ecosia
when a victim reports a scam. Therefore:
eHarmony
– If a consumer did not know, did not Email
remember, or did not want to reveal Entity unknown
which sector the fraudster contacted Facebook (Auction/Purchase and Listing
them on, the payment firm staff marked Platforms)
it as ‘Entity unknown’. Facebook (Social Media, Messaging and
Call Platforms)
– If the consumer revealed the sector but not Family/Friend
the platform, then the payment firm marked Firefox
the entity as ‘Unknown (Sector Name)’. Google Search
– If the consumer revealed the sector but Gumtree
the platform is not listed in the entity list Hinge
used by the payment firm staff, then the Instagram
payment firm marked the entity as LinkedIn
‘Other (Sector Name)’. Match.com
Other (Accommodation/Vacation Platforms)
Other (Auction/Purchase and Listing Platforms)
Other (Dating Platforms)
Other (Search Services)
Other (Social Media, Messaging and Call
Platforms)
Pets4Homes
Plenty of Fish
Shpock
Snapchat
SpareRoom
Telecommunications
Telegram
Tinder
Twitter/X
Unknown (Accommodation/Vacation Platforms)
Unknown (Auction/Purchase and Listing
Platforms)
Unknown (Dating Platforms)
Unknown (Search Services)
Unknown (Social Media, Messaging and
Call Platforms)
WhatsApp
Yahoo

24 psr.org.uk
Unmasking how fraudsters target
UK consumers in the digital age

What we are doing to drive better

performance and improve outcomes
for consumers in the payments industry?

We have adopted a multi-pronged approach to tackling APP scams across payment systems

The reimbursement requirement

In October 2024, we introduced a reimbursement requirement requiring payment
firms to meet the cost of reimbursement. This incentivises industry to invest further
in end-to-end scam prevention. It increases consumer protections so most victims
of APP scams are swiftly reimbursed, boosting confidence in the UK payments
ecosystem and reducing harm to payment users.

Improved scam prevention through data sharing

Innovative solutions to prevent scams are critical to strengthening the payments
ecosystem. We want to support intelligence-sharing between payment firms
so that they can improve scam prevention in real time – for example, stopping
or delaying high-risk payments. From Q1 2025, we will work with industry
and other regulators, such as the FCA, to better understand the best way
to achieve system-wide protections to prevent APP scams.

Confirmation of Payee (CoP)

In 2019, we introduced the name and account-checking service, Confirmation
of Payee (CoP), by directing the six largest banking groups to implement it.
CoP has helped reduce some types of APP scams, as well as misdirected payments.
In 2022, we expanded the requirement so that nearly all consumer payments would
be covered. Since 2020 there have been 2.5 billion CoP checks conducted.

Protection of payment systems

We want Pay.UK, as the independent payment system operator, to run
Faster Payments in a way that ensures customers are protected and scams are
prevented from entering the system. We want Pay.UK to lead the development
of protections for payment system users.

APP scams performance data

In 2023, we directed the 14 largest banking groups in Great Britain and
Northern Ireland to provide us with APP scams performance data. For the
last two years, we have published payment firm-level data showing the highest
senders and receivers of APP scams, and how well these firms reimburse victims.

25
Unmasking how fraudsters target
UK consumers in the digital age

Data tables

26 psr.org.uk
Unmasking how fraudsters target
UK consumers in the digital age

Scams by sector

Rank Category Total Volume % Share of Total Total Value % Share of Total

1 Social Media, Messaging and Call Platforms 124,057 56% £67,429,184 20%

2 Auction/Purchase and Listing Platforms 29,473 13% £21,283,030 6%

3 Telecommunications 26,975 12% £107,229,381 31%

4 Entity Unknown 19,552 9% £55,837,451 16%

5 Search Services 9,979 4% £21,236,644 6%

6 Family/Friend 6,043 3% £20,747,611 6%

7 Email 3,955 2% £35,001,770 10%

8 Dating Platforms 1,414 1% £10,098,612 3%

9 Accommodation/Vacation Platforms 1,086 Less than 1% £1,719,409 Less than 1%

TOTAL 222,534 100% 340,583,091 100%

Data notes: The figures have been rounded up or down and may not equate to 100% across volume and value totals. The totals on this page
also include aggregate data of all entities we collected data on.
27
Unmasking how fraudsters target
UK consumers in the digital age

Volume of APP scams in 2023

of the most common entities

Invoice & Impersonation

Sub- Mandate Impersonation Scam – Police/ Investment Advance Purchase Romance
Category category Fraud Scam – Other CEO Fraud Bank Staff Scam Fee Scam Scam Scam
Email No data 1,301 842 153 169 253 500 – –

Social media, messaging and call platforms

Facebook 26 1,403 10 40 1,402 4,035 67,337 719

Instagram 2 681 4 7 2,418 1,277 11,885 511

Snapchat 6 282 2 – 636 351 6,359 319

Twitter/X – – 2 – – – 7,096 –

WhatsApp 26 4,993 7 88 1,314 968 3,344 360

Other – 360 – – – – – 594

Accommodation/Vacation Platforms

Other – – – – – – – –

SpareRoom – – 1 – – – – –

Entity Unknown 317 1,785 21 559 1,960 3,181 11,067 662

Auction/Purchase and Listing Platforms

Amazon – – – 13 – – – –

Facebook – – – – – 405 16,067 –

Unknown 2 – – – 701 – – –

Other 2 – – – – – 6,626 –

Telecommunications 235 9,529 13 8,990 1,694 3,234 3,088 192

Dating platforms

Unknown – – – – – – 62 370

Other – – – – – – – 526

Family/Friend 11 702 1 46 609 – 4,216 173

Search services

Google Search 10 – – 7 – 1,675 – –

Unknown 26 348 – 49 664 1,442 – –

Data notes: This table only contains data relating to the 10 highest entities who were most commonly reported as being used by fraudsters to
carry out APP scams across each scam type. If an entity was not one of the highest 10, their data has been omitted.
28 psr.org.uk
Unmasking how fraudsters target
UK consumers in the digital age

Value of APP scams in 2023

of the most common entities

Invoice & Impersonation

Sub- Mandate Impersonation Scam – Police/ Investment Advance Purchase Romance
Category category Fraud Scam – Other CEO Fraud Bank Staff Scam Fee Scam Scam Scam
Email No data £22,639,756 £3,941,991 £2,297,287 £1,137,027 £3,683,699 £692,097 – –

Social media, messaging and call platforms

Facebook £11,916 £879,717 £2,365 £25,641 £5,044,028 £2,390,578 £19,509,964 £2,946,445

Instagram – £282,821 £415 – £2,855,774 £1,223,999 £3,292,556 £1,222,408

Snapchat – – £30 – – – – –

Twitter/X – – £70 – – – – –

WhatsApp £47,162 £8,238,709 £1,073 £484,000 £3,685,729 £1,591,288 £2,449,348 £903,261

Other – £470,726 – – £1,781,063 – – £948,339

Accommodation/Vacation Platforms

SpareRoom – – £750 – – – – –

Entity Unknown £3,568,494 £5,326,016 £1,319,214 £3,975,928 £20,533,462 £7,852,261 £9,362,042 £3,900,035

Auction/Purchase and Listing Platforms

Amazon – £263,628 – £167,868 – – – –

eBay – – – £86,400 – – £6,659,382 –

Facebook – – – – – – £5,444,785 –

Other £15,176 – – – – £434,725 £5,316,773 –

Telecommunications £2,048,205 £20,941,262 £21,471 £57,719,548 £18,396,441 £5,904,924 £1,496,302 –

Dating platforms

Match.com – – – – – – – £1,097,171

Plenty of Fish – – – – – – – £1,040,668

Unknown – – – – – – – £2,911,538

Other – – – – – – – £4,561,874

Family/Friend £49,904 £1,200,068 £184,846 £274,914 £9,602,067 £1,828,793 £7,218,290 –

Search services

Google Search £22,036 – – £27,558 £4,412,750 £717,019 £2,805,226 –

Unknown £12,504 £462,890 – £301,022 £7,115,594 £883,930 – £749,562

Other £2,400 – – – – – – –

Data notes: This table only contains data relating to the 10 highest entities who were most commonly reported as being used by fraudsters to
carry out APP scams across each scam type. If an entity was not one of the highest 10, their data has been omitted.
29
Unmasking how fraudsters target
UK consumers in the digital age

Glossary

Concept Definition

BACS Payment Bankers’ Automated Clearing Services. A Bacs payment is one of the most
common bank-to-bank transfers in the UK. There are two main types of Bacs
payment: direct debit, where one party has been given permission to pull money
from the bank account of another party, and direct credit, where a party deposits
the money in the other party’s account.
BACS Standing Pays a specified amount of money on a set date, similar to a direct debit. However,
Order where a direct debit is giving permission to an organisation to take money from your
bank account, a standing order is set up by the consumer with their bank.
CHAPS Clearing House Automated Payment System. CHAPS is a sterling same-day system
used to settle high-value wholesale payments as well as time-critical, lower-value
payments like buying or paying a deposit on a property.
Consumer A service user of a payment firm. These are individuals, microenterprises (enterprises
that employ fewer than ten persons and have either an annual turnover or an annual
balance sheet total that does not exceed €2 million) or charities (a body whose
annual income is less than £1 million per year and is a charity as defined by the
Charities Act 2011, Charities and Trustees Investment (Scotland) Act 2005 or the
Charities Act (Northern Ireland) 2008).
Faster Payment A payment made across the Faster Payments system.
Faster Payments The UK electronic payment system that provides near real-time payments as well
as standing orders and forward-dated payments, operated by Pay.UK. The service
facilitates real-time payments of up to £1m – initiated primarily online, mobile, or
via telephone banking. Over 90% of APP scam losses occur over Faster Payments,
based on UK Finance data.
Financial Services Legislation passed by the UK parliament that established the Payment Systems
(Banking Reform) Regulator to ensure that payment systems are operated and developed in a way
Act (FSBRA) 2013 that considers and promotes the interests of all the businesses and consumers
that use them.
International SWIFT Payment messaging system standardising international monetary transfers
between banks.
Intra Bank Transfers Payments made from an account with a payment service provider to another account
held with the same payment service provider.
Ofcom The regulator and competition authority for communications services in the UK
including online safety and telecommunications.

30 psr.org.uk
Unmasking how fraudsters target
UK consumers in the digital age

Glossary continued

Concept Definition

Payment Service A provider of payment services to customers typically through the provision of
Provider (PSP) accounts. A PSP may be a bank, an e-money institution, a building society, or a
payment institution. In the UK, a PSP must be authorised and regulated by the FCA.
PSPs may be direct PSPs or indirect PSPs, depending on whether they are able to
initiate payments directly in a payment system or only via an indirect access provider.
Payment system A system made up of a series of steps that allow funds to be transferred between
accounts, allowing people and businesses to move payments between one another.
Push payment A monetary transaction that is sent (‘pushed’) by the payer to the payee, such as
making a bank transfer to a friend or family member or passing cash to a cashier
at a shop.
Reimbursement From 7 October 2024, PSPs must fully reimburse customers who have lost funds in
requirement an APP scam if they meet certain requirements. The cost of the reimbursement will
be split 50/50 between the sending and receiving PSPs of the payment.
Section 81 Section 81 of the Financial Services (Banking Reform) Act (FSBRA) 2013, which
gives the PSR powers to require any person (who may or may not be a regulated
party) to provide information and documents which they require in connection with
their statutory functions.
Specific Direction 18 A requirement from the PSR for the 14 largest GB banking groups in the United
Kingdom to provide information about APP scam payments that they have sent.
The PSR compiled comparisons of information for each directed PSP and certain
receiving PSPs, and published these comparisons or extracts of these comparisons
and will continue to do so periodically.
UK Finance A trade association that represents more than 300 firms in the banking and finance
industry in the UK.

31
Unmasking how fraudsters target
UK consumers in the digital age

© The Payment Systems Regulator Limited 2024

The Payment Systems Regulator Limited

12 Endeavour Square
London, E20 1JN

Telephone: 0300 456 3677

Website: www.psr.org.uk

32 psr.org.uk