3 Ways Social Engineering Undermines Fraud Defences in the UK

In 2024, social engineering strengthened its position as a dominant tactic in the arsenal of fraudsters, exploiting human psychology to bypass technological safeguards. The UK Finance Annual Fraud Report 2025 looks at fraud data from 2024 and highlights a concerning shift towards more sophisticated and targeted scams. The UK regulator's focus on reimbursement for victims of Authorised Push Payment (APP) fraud has led to banks tightening controls - but the fraudsters are adapting their approach to keep overall losses as high as ever. Here are three prominent social engineering trends that challenge the UK's fraud prevention efforts.

1. Manipulating Victims into International Payments

The introduction of mandatory reimbursement rules for domestic Authorised Push Payment fraud in October 2024 encouraged banks to strengthen their fraud defences against fraudsters who use tactics such as vishing and phishing trick their victims in to sending money using UK Faster Payments. Additional industry initiatives such as the confirmation of payee service made it more difficult for fraudsters to use Faster Payments to facilitate their crimes.

By encouraging victims to transfer funds internationally, scammers exploit the current regulatory gap, as these transactions often fall outside the protective scope of the UK reimbursement scheme. Consequently, international payment scams have nearly doubled their share of APP fraud losses to 11% in 2024.

This shift underscores the need for banks to apply fraud detection and prevention measures across all payment channels, not just those where the need to reimburse victims has forced their hand. Initiatives such as enhanced cross-border fraud prevention measures and consumer awareness regarding international transactions are required to stop this upward trend from continuing to rise.

2. Switching Their Focus to Card Payments

In 2024, Card-Not-Present (CNP) fraud surged, with nearly 2.6 million cases reported. Traditionally classified as unauthorised fraud, the influence of social engineering remains a significant factor. Fraudsters increasingly deceive individuals into revealing sensitive information including card details or one-time passcodes (OTPs), which are then used to authorise fraudulent online transactions.

Organised criminal groups have also become more sophisticated, setting up fake companies and websites that often impersonate legitimate businesses, alongside targeted, persuasive online advertising. These tactics lure victims into purchasing goods that never arrive. The prevalence of fake shopping sites and deceptive ads allow fraudsters to deceive at scale-facilitated by their ability to set up fake companies and acquire merchant accounts to process card payments.

While card fraud had remained relatively stable in recent years-thanks to card scheme security measures such as Strong Customer Authentication (SCA)-the landscape is changing. As banks and regulators have tightened controls and introduced liability for APP fraud, criminals have shifted focus. Fraudsters are now applying social engineering tactics, originally developed for APP scams, to card-based fraud, exploiting vulnerabilities in digital commerce and payment ecosystems.

3. Targeting High-Value Transactions Over Volume

A notable trend is for fraudsters to focus on fewer, high-value scams rather than numerous low-value ones. In 2024, the number of reported cases of APP fraud fell by 20% to just under 186,000, however the value of losses was only 2% less than the previous year.

Once social engineering has been deployed to get a victim engaged, the relative effort and risk of going for a larger sum is minimal. By investing time in building trust with victims, scammers can orchestrate significant financial losses through methods like investment fraud, which accounted for £144 million in losses-a 34% increase from the previous year. This approach not only yields higher returns for fraudsters but also makes detection more challenging. Investment fraud transactions often involve planned, deliberate transfers that look like normal financial activity rather than impulsive, out-of-character payment transfers indicative of other scam types.

Conclusion

New regulation and the response by UK banks have led to a focus on fraud prevention particularly related to APP fraud. It should be noted that the regulation only came into force in October 2024 and banks are still actively working on developing and strengthening their fraud defences in response. Many of the benefits of their new approaches may not become evident until we see the data from 2025 and beyond.

As ever, fraudsters are adapting and looking for new - or re-visiting old - vectors of attack. Financial institutions, regulators, and consumers must collaborate to enhance awareness, implement advanced security measures, and adapt to the sophisticated tactics employed by fraudsters. By understanding these emerging trends, stakeholders can better protect themselves and others from the growing threat of social engineering scams.

How FICO Helps Fight Fraud

To effectively counter these evolving social engineering threats, institutions are turning to advanced fraud prevention platforms like those offered by FICO. FICO's fraud solutions use real-time analytics and machine learning to spot anomalies in transaction behaviour, even when scams are well-disguised through social engineering. Leveraging contextual data enables detection of behaviours indicative of a wide range of fraud typologies across both real-time and card payments.

Crucially, FICO's fraud solutions enhance detection with omni-channel engagement capabilities, allowing financial institutions to intervene at critical moments through text messages, push notifications, or live agent calls. These timely, personalized alerts can help "break the spell" fraudsters hold over victims, prompting them to pause and reconsider before completing a scam-initiated payment.

FICO also leverages Scam Signal, a multi-award winning tool that uses shared telco intelligence-such as call and messaging patterns-to identify when a scam is likely in progress. This collaboration between financial services and telecom data adds another powerful layer to scam detection, enabling early intervention and helping to stop payments before the money leaves the victim's account.

How FICO Can Help You Combat Fraud and Social Engineering