Remote-access and malware fraud both decline as fraudsters pivot to social engineering

LONDON (April 15, 2026) — Just released data from nine UK financial institutions serving a combined more than 100 million accounts shows reported cases of attempted social engineering scams increased by 62% in 2025. Purchase scams (+63%), investment scams (+34%), and romance scams (+47%) accounted for the largest year-over-year increases. Remote-access and malware-related fraud attempts both declined, as fraudsters continue to shift attacks on UK consumers from traditional account takeover to social engineering.

“The continued growth of social engineering scams in the UK likely surprises no one,” BioCatch Director of Global Fraud Intelligence Tom Peacock said. “As banks bolstered their controls to protect customers from third-party fraud, fraudsters mastered the art of social engineering and haven’t looked back. Our data shows substantial increases in attempts across many scam types in 2025, highlighting just how pervasive authorized fraud has become in the UK.”

BioCatch, which prevents fraud and financial crime by recognizing patterns in human behavior, published these findings based off proprietary data from its customers in the region. The UK also saw a 140% increase in phishing attempts in 2025 and a 112% increase in fraud originating from stolen devices.

“In London alone, Metropolitan Police data shows us more than 70,000 phones were reported stolen in 2025,” BioCatch Global Advisory Director Jonathan Frost said. “Insurance industry data shows the UK makes up 40% of all stolen device claims across Europe. If these devices are not well secured, criminals can profit in two ways: They can either sell the device or use it to commit fraud by bypassing normal security checks. Those criminals who do both will see significant gains for relatively little risk. Stolen devices undermine strong customer authentication. To address this, financial institutions should continuously assess behavioral intent, because once a bad actor has control of a trusted device, they can often commit fraud with relatively little friction.”

UK financial institutions reported 16% more mule accounts in 2025 than they did in 2024, likely reflecting both the continued expansion of mule networks in the country and improved mule account detection techniques deployed by UK banks.

“Winning the battle against fraud ultimately rests on the ability to identify and disarm the enemy at an early stage,” said Katy Worobec, Azymus Consilium Fraud Consultancy director and former managing director of economic crime for UK Finance. “Collation and exchange of intelligence between trusted allies is vital … Individual technologies and tools at the vendor level play their part too, gleaning information from the enemy by stealth, identifying behaviors, patterns, and signals that indicate whether transactions and interactions with organizations are genuine.”

Download the report to view its complete findings and read analysis of them.

###

About BioCatch:

BioCatch prevents fraud and financial crime by recognizing patterns in human behavior, continuously collecting more than 3,000 anonymized data points — keystroke and mouse activity, touch screen behavior, AI agent usage, jailbroken devices, and more — as people interact with their digital banking platforms. With these inputs, BioCatch's AI and machine-learning models continuously assess both user intent and any signs of coercion or manipulation throughout every millisecond of every digital banking session, allowing banks to distinguish the criminal from the legitimate in real time. Insights drawn from across the entire network of BioCatch institutions further amplify the power and accuracy of that real-time risk-scoring. As of the end of Q1 2026, more than 30 of the world's largest 100 banks and 357 total financial institutions deploy BioCatch solutions, analyzing 18 billion user sessions per month and protecting more than 680 million accounts accessed from more than 1.7 billion devices around the world from fraud and financial crime.

###

PR contact:

Mac King
BioCatch director of global marketing communications
Mac.King@BioCatch.com