UK banks see surge in fraud as scams shift to authorised payments, study shows

By Aarav Garg

New data published by BioCatch has shown a sharp rise in social engineering scams across the United Kingdom, reflecting a shift in fraud tactics towards authorised transactions.

Analysis based on nine UK financial institutions, covering more than 100 million accounts, has found that attempted social engineering scams increased by 62% in 2025. Purchase scams rose by 63%, investment scams by 34% and romance scams by 47%, marking the largest year-on-year increases.

In contrast, remote-access and malware-related fraud attempts declined, indicating a move away from traditional account takeover methods.

The data has also highlighted a 140% increase in phishing attempts and a 112% rise in fraud linked to stolen devices. According to industry and law enforcement figures, device theft has become a growing risk factor, particularly in urban areas, where compromised devices can be used to bypass authentication controls.

“The continued growth of social engineering scams in the UK likely surprises no one,” BioCatch Director of Global Fraud Intelligence Tom Peacock said. “As banks bolstered their controls to protect customers from third-party fraud, fraudsters mastered the art of social engineering and haven’t looked back. Our data shows substantial increases in attempts across many scam types in 2025, highlighting just how pervasive authorised fraud has become in the UK.”

The findings suggest that as financial institutions have strengthened technical defences, fraudsters have adapted by targeting human behaviour rather than system vulnerabilities. Social engineering attacks typically involve manipulating users into authorising payments, making them harder to detect using conventional security measures.

Banks also reported a 16% increase in mule accounts in 2025, reflecting both the expansion of organised fraud networks and improved detection capabilities.

The report underscores the growing importance of behavioural analytics in fraud prevention, as institutions seek to identify suspicious intent even when transactions appear legitimate. It also highlights the need for stronger safeguards around device security and customer awareness, as fraud increasingly relies on exploiting trust rather than breaching systems.

“Winning the battle against fraud ultimately rests on the ability to identify and disarm the enemy at an early stage,” commented Katy Worobec, Azymus Consilium Fraud Consultancy director and former managing director of economic crime for UK Finance. “Collation and exchange of intelligence between trusted allies is vital … Individual technologies and tools at the vendor level play their part too, gleaning information from the enemy by stealth, identifying behaviors, patterns, and signals that indicate whether transactions and interactions with organisations are genuine.”