Scottish Crime and Justice Survey 2023/24: Main findings

Fraud and computer misuse

Background to fraud and computer misuse in the SCJS

Where possible, the Scottish Crime and Justice Survey works to keep pace with the changing nature of crime in Scotland. In recent years, one aspect of crime which has been steadily increasing is fraud, with the number of police recorded cases more than doubling in Scotland between 2014-15 and 2023-24 (up 140%).

A user consultation in 2022 gathered feedback expressing a desire for the SCJS to collect more information on cyber-crime incidents – many of which are crimes of fraud.[1] In 2023/24, a new victim form was included in the SCJS questionnaire, with the aim of gathering information on crimes of fraud and computer misuse. For the first time, this allows us to estimate the volume and prevalence of these crimes in Scotland, as well as present information on their characteristics (such as victim demographics). This new victim form replaces the previous cyber-crime module.

Fraud is a complex and evolving crime category that encompasses a wide range of offences. The fraud data has been subdivided into more specific subtypes, allowing for more detailed analysis. As this is the initial year of collecting this data in this format, it remains in development, and we anticipate refining these categories in future reports based on emerging trends and user feedback.

For the purposes of this report, fraud and computer misuse is broken down into the following categories:

• bank and credit card fraud - for example gaining access to someone’s bank account or using someone’s bank details to make a payment
• other types of fraud - for example buying or selling goods online, investment fraud or door to door salespeople
• computer misuse - include incidents of hacking, viruses or other types of computer misuse.

As the SCJS is a survey of adults living in private residences, the results presented here do not include crimes against businesses, tax fraud, or benefit fraud for example.

In addition to the specific crime groups mentioned above, it is also possible to discuss the characteristics of fraud in terms of the elements that are common to all subgroups. In this report, further analysis is provided in the following ways:

• whether the crime involved any loss to the victim or not
• whether the crime involved the use of any cyber-technologies or not

The findings presented in this chapter represent an initial, high-level, summary of the information collected through these new questions. Analysts will continue to review the data presented here to ensure it best meets the needs of users and provides a fuller understanding of the nature of these types of crimes.

What was the extent and prevalence of fraud and computer misuse in Scotland in 2023/24?

The SCJS estimates that 9.5% of adults in 2023/24 were victims of at least one crime of fraud or computer misuse, within a margin of error[2] between 8.3% and 10.7%. The proportion of adults who experienced fraud or computer misuse individually was 8.3% and 1.4% respectively.

As a sample survey of the public, SCJS results on fraud and computer misuse are estimates with wide margins of error, not exact counts. Analysis is focused on the best estimates for each year of the survey. Further details are provided in the Background chapter and in the Technical Report.

The estimated volume of crimes of fraud and computer misuse was 524,000 between a lower estimate of 456,000 and an upper estimate of 593,000. These crimes account for 44% of all crime measured by the SCJS in 2023/24. As shown in Figure 5.1, most of these crimes were fraud (87% or 456,000 crimes) with the remaining 13% or 68,000 crimes being computer misuse.

Figure 5.1: Of the estimated 524,000 incidents of fraud and computer misuse in 2023/24, the vast majority (87%) of these cases were fraud.

Estimated number of fraud and computer misuse incidents, 2023/24.

Variables: INCALLFRAUD; INCCOMPUTERMISUSE.

What types of fraud were experienced by adults in Scotland?

As shown in Table 5.1, almost half of fraud and computer misuse crimes experienced in 2023/24 (47%) were bank and credit card fraud with two-fifths being all other types of fraud (40%). When considering fraud in isolation, bank and credit card fraud comprise 54% of all frauds with all other types of fraud making up the other 46%.

A similar proportion of adults experienced a bank or credit card fraud (4.5%) to any other type of fraud (4.2%).

Table 5.1: Around one in ten adults experienced a fraud or computer misuse crime in 2023/24.

Proportion of adults experiencing fraud and computer misuse crime and estimated volumes by crime category, 2023/24.

Crime category	Prevalence (% of adults)	Estimated volume	% of total fraud and computer misuse
All fraud and computer misuse	9.5%	524,000	100%
All fraud	8.3%	456,000	87%
Bank and credit card fraud	4.5%	247,000	47%
All other types of fraud	4.2%	208,000	40%
All computer misuse overall	1.4%	68,000	13%

Variables: (PREV/INC)ALLSCJSCOMPMISSANDFRAUD, (PREV/INC)ALLFRAUD, (PREV/INC)BANKANDCREDITFRAUD, (PREV/INC)COMPUTERMISUSE

How did experiences of fraud and computer misuse vary across the population?

The SCJS finds that the only difference in victimisation rate for demographic groups was for sex, with females more likely to be a victim (11.3%) than males (7.5%). There were no differences detected for any other demographic group or area characteristic such as age, disability, rurality or level of deprivation. This pattern was true for fraud (10.1% for females and 6.3% for males) but not true for computer misuse alone.

For computer misuse, the only difference seen was that those living in the 15% more deprived areas were less likely to be a victim (0.4%) than those living elsewhere in Scotland (1.6%).

What can the SCJS tell us about repeat victimisation of fraud and computer misuse?

As mentioned above, the SCJS finds that the majority of adults were not a victim of either a fraud of computer misuse crime in 2023/24, at 90.5%.

The survey enables us to see what proportion of victims experienced a particular type of crime more than once during the year.[3] This is known as ‘repeat victimisation’.[4]

Focusing on fraud, the results show that just over 1 in 100 (1.2%) of adults were the victim of repeated incidents (i.e. two or more) and their experiences accounted for 29% of all frauds in 2023/24. Victims of fraud overall experienced 1.2 crimes each and repeat victims on average 2.4 crimes each. High frequency repeat victimisation (i.e. five or more incidents) was experienced by an extremely small proportion of the population, at less than one tenth of a percent (<0.1%). Table 5.2 explores the extent of repeat victimisation in more detail.

Table 5.2: Almost three in ten crimes of fraud were experienced by repeat victims in 2023/24.

Proportion of fraud crime experienced by victims, by number of crimes experienced.

Number of crimes experienced	% of population	% of fraud crime volume
None	91.7%	0%
One	7.1%	71%
Two	0.9%	19%
Three	0.1%	3%
Four	0.1%	4%
Five or more	0.1%	4%
Two or more	1.2%	29%

Variables: INCALLFRAUD.

What kind of contact did victims of fraud have with the perpetrator?

The SCJS found that contact between the victim and the perpetrator only happened in a minority of frauds, just over a quarter of cases (28%) in 2023/24.

As shown in Figure 5.2, the most common means of contact was by phone (25%), email (25%) or social media (24%), each representing just under a quarter of such cases. This was followed by in-person at 13% of cases and contact via text message, which was only seen in 6% of cases.

Figure 5.2: In almost three quarters of frauds, the perpetrator made contact with the victim through either telephone, email or social media.

Proportion of methods for contact between victim and perpetrators for incidents of fraud.

Variables: FHOWCONT2.

In terms of why the victim and perpetrator had contact, as shown in Figure 5.3, the most common reasons were:

• buying or selling online (29%)
• delivery of something that the victim had sent or were due to receive (12%)
• urgent request to help get someone out of financial trouble (11%)
• someone selling bogus services (10%)

Figure 5.3: The most common reason for contact between the victim and perpetrator of fraud was for items being bought or sold online.

Proportion of reasons for contact between victim and perpetrators for incidents of fraud.

Variables: FMFRDTYP2_01 – FMFRDTYP2_17.

In only one-in-ten cases (9%) could the victim say anything about the person who committed the crime. Given the small numbers involved it is not currently possible to provide any detailed information on the characteristics of perpetrators of fraud.

How much money or property did victims of fraud lose?

There are a range of ways in which a victim could have experienced loss. Examples include personal information, money including cash or from bank accounts, or some form of property.

In some instances of fraud anything lost by the victim may be refunded. However, even in cases where the total loss was refunded in full, the SCJS still considers these crimes as having a loss associated with it.

Overall, in over two-thirds (69%) of fraud in 2023/24, the victim incurred the loss of money or property. In most cases (97%), the victim said that it was money that was lost. This was followed by 8% who said they lost personal information and 2% who said they lost property.

As shown in Figure 5.4, where money was lost, in just under half of cases (46%), the victim lost less than £100. A further 41% lost between £100 and £999. While the remaining 13% of victims lost more than £1,000 and 2% lost more than £5,000. The median amount lost in 2023/24 due to crimes of fraud was £100.

Figure 5.4: Where some money was lost in a fraud crime, just under half lost £100 or less, with one-in-eight losing more than £1,000.

Financial impact of fraud crimes where money was lost.

Variable: FQLOSS4_2.

Where victims lost money, the SCJS estimates that in the majority of cases (71%) they were refunded in full, and in a further 7% they were partially refunded. In around a fifth (19%) of cases the victim was not refunded at all and in 4%, the cases had not yet been resolved at the time of interview.

What proportion of fraud was reported to the police or another organisation?

In 2023/24, less than one-in-ten (10%) crimes of fraud were reported to the police. This rate was significantly lower than both property (24%) and violent (44%) crimes in the latest year.

When asked why they did not report the incident to the police, the most commonly given reasons were:

• reported incident to other authority (e.g. the bank/financial institution) (37% of cases)
• thought incident would be reported by other authority (e.g. the bank/financial institution) (20%)
• too trivial/not worth reporting (16%)
• the police could have done nothing (14%)

In 2023/24, it was found to be much more common for an incident of fraud to be reported to a bank than the police. Four-fifths (80%) of all fraud crimes were reported to a bank, building society or credit card company.

How does fraud with loss compare to fraud without loss?

As mentioned earlier, in addition to comparing different types of fraud, it is also possible to discuss the characteristics of fraud in terms of the elements that are common to all subgroups. This allows us to ask questions such as whether there is a difference between fraud which involved a loss to the victim and those that didn’t.

In most fraud incidents (67%), the victim experienced some form of loss, such as money or personal information, with the remaining 31% of victims experiencing no loss.

The victimisation rate for frauds that involved loss was higher (5.9%) compared to those without loss (2.7%). This was true for all demographic groups except for those living in the 15% most deprived areas where there was no significant difference.

As with fraud overall, females were more likely to be a victim of a fraud with loss compared to males (7.6% compared to 4.1% respectively). However, males and females were equally likely to experience frauds without loss.

How does cyber-enabled fraud compare to non cyber-enabled fraud?

Around two-fifths (37%) of fraud incidents in 2023/24 were cyber-enabled, with the majority (63%) being not cyber-enabled.

For both cyber-enabled and not cyber-enabled fraud, as with all fraud, females were more likely to be a victim compared to males (6.5% compared to 3.9% and 4.1% compared to 2.4% respectively).

The victimisation rate for frauds that were not cyber-enabled was higher (5.4%) compared to those that were (3.2%). This was true for all demographic groups where a statistically significant difference was found such as:

• males (4.1% compared to 2.4%)
• females (6.5% compared to 3.9%)
• those aged 60 and older (4.9% compared to 2.1%)

What can the SCJS tell us about incidents of computer misuse?

As the number of respondents who disclosed they were a victim of computer misuse was low (less than 100) it is difficult for us to provide a detailed analysis of the nature of these crimes such as victim demographics. What follows is an initial summary of the information collected through these questions. We will continue to review this data in future years to see what additional information can be provided.

Victims of computer misuse only had any form of contact with the person that did it in 3% of cases detected by the SCJS in 2023/24. However, in 14% of incidents the victim was able to say something about the offender that did it.

Three-quarters of victims (75%) believed that what happened to them was a crime, however, only a very small minority of 3% decided to report the matter to the police.

When asked why they did not report it to the police, the most commonly given reasons were:

• too trivial/not worth reporting (36%)
• police could have done nothing (24%)
• dealt with the matter themselves (22%)
• inconvenient/too much trouble (21%)