Serious organised crime: communications evidence review

Review of messaging around serious organised crime and toolkit for communicators to reduce demand, victimisation and fear.

2. Threats

In order to decide how best to discuss and present organised crime, we must first understand what it is.

This chapter sets out recent research on those involved in organised crime and their motivations, and summarises the major threats to Scotland from organised criminals in 2017 and beyond.

The categories of crime below are adapted from the serious organised crime priorities for 2013-2017 as set out by Europol, and the Police Scotland Annual Plan for 2016/17. [10] [11]

2.1 Profiling the Organised Criminal

Organised crime groups in recent years have come to be defined less by the traditional vision of local mafias divided along lines of ethnicity or nationality, and more by their capacity to operate on an international basis. Their trading networks are now broad and complex, involving many linked groups operating across borders and dealing in a wide range of commodities. [12]

In Scotland, based on estimates made in 2015, there are 232 operating organised crime groups, made up of around 3,700 individuals. 70% of these are located in the west of Scotland, and almost half are involved in more than one type of crime. The majority of these groups are also linked to 'front' businesses including restaurants, shops, garage repairs, and taxi companies, through which cash can be laundered and money made by operating outwith regulations. [13]

The makeup of these groups is also more complex than stereotypes might have us believe. There are many factors which contribute to the likelihood of an individual being drawn into involvement with organised crime. Those with specialist professional skills, for instance computer expertise or knowledge of accountancy, can find themselves recruited or corrupted into organised crime. Personal experience, such as an established family association with organised criminality or financial difficulties, can also be a driving factor, as can a perception that the criminal lifestyle will provide a sense of belonging or power. [14] A perceived lack of impact of crime can also play a role, with as many as 25% of offenders believing there is no victim of their offence. [15] Evidence suggests that addressing this misperception, and more actively highlighting the harm that their actions cause, may help in dismantling some of the justifications for becoming involved in crime. [16]

Age breakdown of individuals involved in organised crime, Home Office, 2015 [17]
Age breakdown of individuals involved in organised crime, Home Office, 2015

While it generally takes longer for an individual to become involved in organised crime itself than other serious offences, the beginnings of the criminal career which lead to it can begin much earlier. The average age for first offence of any kind, at around 19, is the same for general offenders as it is for those who go on to commit organised crime offences. However, the average age for a first conviction for organised crime itself is 32. In short, organised criminals, while older, do not necessarily begin their criminal lifestyle later, but rather they progress towards organised criminality over time. Over half of those who went on to become organised crime offenders had received some form of criminal sanction before the age of 18.

These averages also to some extent disguise the variety of paths that can lead into organised crime. There is no single picture that can be applied, but research by the Home Office identified several key sub-groups:

  • No sanctions – the largest group (29% of all organised crime offenders) had received no sanctions in the 5 years before the inclusion offence. [18] This group was made up of older offenders, with an average age of 37 years at the inclusion offence.
  • Versatile and very prolific – in contrast, the second largest group (23%) was made up of prolific offenders who had received on average 15 sanctions in the five year period and who offended across a range of offence types. This group was made up of younger offenders, with an average age of 27 years.
  • Mixed prolific – this group had a mix of offences (principally driving offences, but with some sanctions for drugs and breaches). Although they were sanctioned quite frequently, they had one-half the average number of sanctions of the versatile / prolific group (seven) and had a higher average age (30 years). Neither violence nor acquisitive offences featured heavily, and less than one-half had been sanctioned for a drugs offence.
  • Mainly violence – this group was dominated by sanctions for violence offences; four in five had received sanctions for violence offences. Nearly one-third had received a sanction for a drugs offence (31%), while 39 per cent had sanctions for 'other' offences.
  • Two smaller groups were identified, each with quite distinctive profiles in terms of their prior offending in the five years before the inclusion offence. Each was dominated by sanctions for specific crime-types, namely acquisitive and drugs offences. Neither group was especially prolific and the average age of both groups was similar, at around 30 years of age. [19]

The data for this study, however, largely focused on drugs gangs and crucially pre-dated the recent surge in cybercrime, about which more specific work has since been conducted. While all organised crime is motivated by the pursuit of some benefit to the perpetrator, and it is often assumed that this benefit is purely financial, cybercriminals are sometimes inspired by other factors – whether simply by boredom, the desire to control or manipulate others, to achieve recognition of their skills from their peers, or for the amusement of hacking or humiliating others. [20] [21]

Cyber-attacks themselves can come from within a company or from the other side of the world, and the networks in which such criminals operate are generally looser and flatter than the traditional crime groups, with the division of labour carried out according to specific skill sets rather than adhering to a strict pyramidal power structure. [22]

A key commodity common across all organised crime groups, just as with legitimate businesses, is reputation. [23] Before they can become involved in major organised crimes, potential recruits must establish for themselves a reputation for reliability and for whatever other skills they may be required to perform. [24] Perhaps even more so, reputation is of crucial importance to many cybercriminals, and must be accumulated in order to successfully operate on dark markets. As their business is conducted remotely and anonymously, cybercriminals face no, or at least a significantly reduced, threat of a personal attack should promises fail to be kept. As such they must actively accumulate a positive reputation in order to continue to attract business, in many ways mirroring legitimate online marketplaces. [25] One online drug dealer in California even went so far as producing branded merchandise to promote his wares. [26]

2.2 Drugs and New Psychoactive Substances

The trade in illegal drugs continues to constitute a substantial portion of global organised crime. Across Europe, it is estimated that 30% of organised crime groups are involved in drug trafficking, and their networks are often far more complex than the traditional local mafias of the past. [27]

Drug use around the world has, on average, remained at roughly the same level for the past five years, after a growth in users from 2008 to 2011 [28] , while in Scotland the number of users has even begun to decline. [29] However, the number of drugs deaths in Scotland has doubled since 2006, and the growing use of new psychoactive substances ( NPS), or "legal highs", further complicates the picture. The emergence and broadening use of online marketplaces to facilitate the trade in illegal drugs is also of increasing concern.

Among traditional controlled drugs used in Scotland, cannabis remains by far the most popular, with over 5% of the population reporting having taken it in the past year. The next two most widely-used controlled drugs, cocaine and ecstasy, were taken by 1.3% and 1.8% of the population respectively. Heroin was used by 0.2%. [30]

It is perhaps easy to forget that the trade in such drugs is inherently international. While some cannabis can be produced in Scotland, such farms can be manned by individuals trafficked to Scotland from far afield and forced into the criminal trade. [31] Ecstasy production in Europe is predominantly centred around the Netherlands and Belgium, while other drugs must rely on truly intercontinental drug trading networks to reach Scotland, as they cannot be grown in the northern European climate. [32] For example, cocaine most frequently originates in South and Latin America, while heroin is produced in Afghanistan and neighbouring regions. Geopolitical changes in those areas can impact the flow of such drugs into Scotland, and regardless of source, our jurisdiction covers only the very last few miles of their journey from origin to consumer. [33]

NPS is a blanket term which covers a huge variety of synthetic substances, often grouped according to their chemical make-up or by their intended effect on the user. [34] Evidence from national surveys suggests that NPS use in general is low compared to other controlled substances, but that they are disproportionately popular with younger age groups and other distinct sub-sections of the population, including users of other more traditional drugs. They have been known to cause deaths, though most frequently when taken in combination with other controlled substances. [35] Less widely reported are their physical and psychological effects, which can be profound, with the potential to cause a range of serious issues from kidney failure to psychosis. [36]

Many have their own brand names, and most originate from Asia or Europe. [37] In Scotland, NPS could be found being sold openly in headshops and a variety of other retailers across the country until the enforcement of the new Psychoactive Substances Act in the summer of 2016, when a staged tactical approach by Police Scotland rapidly reduced the overt sales outlets operating in Scotland from 90 to zero. [38]

However, it is perhaps too soon to declare a victory. In Ireland and Poland, where NPS were criminalised in 2010, evidence suggests that in the long term the sustained demand has forced a shift in the marketplace, in particular into online trading hubs hidden behind encryption, or to illegal street markets. [39] Sometimes they are sold disguised as more traditional drugs, for instance Valium or ecstasy, and so the user may be unaware that they are consuming an NPS at all. [40] Six years after their ban, Ireland still has the highest level of NPS use in Europe, and in the four years following the Polish ban, the number of NPS-related poisonings trebled. [41] [42] While there is not yet any indication that these trends are being replicated in Scotland, further monitoring will be required before the long-term impact of the recent Act is known.

Just as the internet has come to play a role in the trade of NPS, so too is it influencing the market for other controlled drugs. A recent global survey indicated a dramatic rise in the percentage of users purchasing drugs via the internet, rising from 1.2% in 2000 to 25.3% in 2014. Scotland came 6 th in the countries surveyed, with 11.6% having purchased drugs on the dark net in the past 12 months. [43] This trend is not a gradual one - in the two years from 2012 to 2014 alone, the number of recent drug users accessing the dark web to purchase drugs in the UK almost doubled. [44]

While successful law enforcement operations, such as the joint EU/ US Operation Onymous in 2014, have taken down many of the main marketplaces, this does not appear to have substantially impacted the overall demand. As the most popular marketplace closes, the next most credible simply steps up and absorbs the displaced business. [45] [46]

Though cybercrime is discussed in more detail below, it is important to note that it enables a fundamental change in the relationship between drug users and dealers. Such marketplaces allow for contact between users and sellers far beyond Scottish jurisdiction, and by their very nature afford far more anonymity and personal safety than traditional street deals.

2.3 Cybercrime

We are increasingly dependent on the internet in countless aspects of our lives. The UK's digital economy makes up a higher proportion of our GDP than it does for any other member of the G20, and key elements of our national infrastructure, from the power grid to the benefits and tax systems, are increasingly digitised. [47] [48] The so called 'Internet of Things', an umbrella term for the countless everyday items and structures that now have an inbuilt network connection, creates increasing opportunities for hackers. [49] Both this deepening interconnection and the growing glut of data about ourselves which we place online means that the internet now carries within it, alongside huge opportunities for information sharing and business, a substantial threat. [50]

Accordingly, cybercrime is a topic of increasing importance to law enforcement agencies and governments around the world. Scotland published its Cyber Resilience Strategy in late 2015, setting out several key targets for the coming years. [51] In October 2016, GCHQ launched the National Cyber Security Centre, which will take a more active approach in defending against such attacks than has traditionally been the case, while the following month £1.9 billion of investment was committed to underpin the UK's cyber security. [52]

The term 'cybercrime' in isolation can be so broad as to convey very little about the specifics of an offence; it merely denotes that the internet has been a key aspect of the offending. From one perspective, cybercrime is any crime that involves a computer and a network; on another, it is online crime which uses the computer either as a tool or as target. The former type tends to target individuals in the real world and does not require particular technical expertise, while the latter focuses on electronic data itself and often necessitates a sophistication of knowledge and organisation. [53]

Another possible categorisation of cybercrime is to divide it into three very roughly equal categories: financially-targeted acts, such as computer-related fraud or forgery; content-targeted acts, such as the trade in indecent images of children or intellectual property fraud; and system-targeted acts, including attacks on the confidentiality, integrity and accessibility of computer systems. [54]

'Most common cybercrime acts encountered by national police', United Nations Office on Drugs and Crime, 2013 [55]
'Most common cybercrime acts encountered by national police', United Nations Office on Drugs and Crime, 2013

Many more traditional crimes now also involve a "cyber" element – whether an assailant's movements are proved because of GPS functions on their phone, a stalker communicates primarily via social media, or messages sent online after an incident give away key information. The gathering of this electronic evidence and its effective presentation in court is one aspect of "cyber" law enforcement which is of great and increasing importance. However, this report will focus specifically on organised cybercrime, that is, serious organised crime that is either helped or made possible by the use of the internet. This includes everything from the sexual exploitation of children to identity theft and banking frauds.

2.3.1 The dark net

Those who willingly conduct criminal business online, such as the purchase of controlled drugs or the trade in indecent images of children, increasingly make use of the "dark net". The dark net is a small subsection of the "deep web", though the two terms are often inaccurately conflated. The deep web is a broad term which encompasses all parts of the internet which are not publicly available via search engines, and includes everything from personal online banking pages to databases and academic journals. Some estimates suggest that this deep web constitutes over 90% of the internet. [56]

The dark net is a subsection of this deep web, and stems from the use of services such as The Onion Router ( TOR), a tool initially developed in 2002 by the US Naval Research Laboratory to ensure anonymity online, or the Invisible Internet Project ( I2P), which shares similar goals. [57] TOR remains the more popular of the two, though both may come to be subverted by the use of direct peer-to-peer networks, which do not involve a central website at all and which are already favoured by those who seek to exchange indecent images of children. [58]

The key principle and attraction of such services to cybercriminals is the perceived assurance of anonymity and the potential to evade law enforcement. The marketplaces often make use of cryptocurrencies such as Bitcoin to further evade detection, and trade not only in drugs, indecent images of children and other illegal merchandise but also in viruses, stolen credit card details and programs necessary to conduct further types of cyber-attack. [59] A criminal no longer needs the skills to design viruses themselves, or even have sufficient technical knowledge to do so. They can simply be bought "off the shelf". [60] A 2016 report found that credit card details could be purchased online for $30 USD, remote computer access toolkits for as little as $5 USD, and Distributed Denial-of-Service attacks for $5 USD an hour. [61] Nor does access to the markets themselves require particular technical knowledge, with detailed guides readily available online. [62]

2.3.2 Threats against individuals

The true scale of the personal threat of cybercrime is a matter under active debate. In September 2016, the President of the Association of Scottish Police Superintendents, Gordon Crossan, raised concerns that the ongoing reported fall in crime in Scotland was to some degree masking the impact of an undetected and underreported system of criminal networks operating online. He referred to the internet as "arguably the biggest enabler of crime in the UK." [63]

These concerns are supported by experimental data sets currently being produced by the Office for National Statistics ( ONS). In their surveys of crime in England and Wales, the ONS had not routinely included sufficient questions to capture the full scale of cybercrime, but this changed in 2015 when new questions relating to fraud and computer misuse were added into the survey. [64] Initial results indicate that the scale of cybercrime, and in particular fraud conducted online, is of an unprecedented scale, with 10% of the population having been victims in the past 12 months alone, and with the likelihood of victimisation the same regardless of social class or whether someone lived in a deprived or affluent, urban or rural area. [65]

The figures indicate that fraud is the most prevalent of all crime, eclipsing more traditional theft by ten times, and that the likelihood of being mugged in the street is now far less likely than being robbed online. [66] Across the UK, reports of financially-motivated, cyber-enabled blackmails rose from nine in 2011 to over 850 in 2016. [67]

The impacts of cybercrime are not only financial. In November 2016 it was announced that four men in the UK had committed suicide in the past year after having been targeted by online "sextortion" scams run by international gangs of online blackmailers, and the following month Police Scotland warned that hundreds of men in Scotland were potentially at risk of such schemes. [68]

In January 2017, it was reported that there had been 3,889 victims of so-called 'romance fraud', in which victims are targeted by fake profiles on online dating sites, in the preceding year. The victims had paid out £39m. [69]

"The internet is playing an increasing role in the sexual abuse of younger children in Scotland and across the UK as a whole."

Matt Forde, Head of Service for NSPCC Scotland [70]

Children, too, are increasingly becoming targets for organised criminals operating online. Child sex offenders have been found to initially target social networks, online games and forums used by children, before encouraging the child to continue communication on encrypted platforms that allow the sharing of chat, video and photographs. [71] When the Sexual Offences (Scotland) Act was introduced in 2010, there were 15 offences recorded which related to communicating indecently with a child under 13. In 2013-14 there were 103; the following year there were 165.

The issue has come under increasing scrutiny in recent years – in 2015, Police Scotland launched the specialist National Child Abuse Investigation Unit ( NCAIU); in January 2016 the Education Secretary Angela Constance launched the first TV campaign in the UK focused on child sexual exploitation; and in their strategic plan for 2016/17, the National Crime Agency ( NCA) specified child sexual exploitation and abuse as one of the five national priorities for tackling serious organised crime. [72] [73] [74]

However, the true scale of the problem continues to emerge. A report by the National Society for the Prevention of Cruelty to Children ( NSPCC) in November 2016, extrapolating conclusions made by a recent German study which assessed self-reported sexual interest in children, concluded that as many as 2.4%, or 500,000 males aged 18–89 in the UK, may have at some point viewed child sexual abuse images. [75]

2.3.3 Threats to business

"I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again."

Robert Mueller, Director of the FBI, March 2012 [76]

Two-thirds of large UK businesses were hit by a cyber-attack in 2015-16. However, only a fifth of businesses yet understand key dangers such as the sharing of information with third parties, and many smaller businesses in Scotland do not appreciate the value of the data they hold, whether their own or that of their customers. [77] [78] The true numbers may well be higher, as many companies do not fully disclose the full extent of their data breaches. [79] Key elements of the Scottish Government's recent Cyber-Resilience Strategy seek to urgently rectify the lack of awareness of this threat. [80]

Tactics used against business range from scams which target individual employees, who are deceived into providing information or access, to highly sophisticated cyber-attacks. [81] Recent data suggests that half of worst breaches in company security were caused by inadvertent human error, and that the UK is the most targeted nation for "spear-phishing" scams, which attempt to steal data by scamming employees within the organisation. [82] [83] Ransomware, with which hackers target individuals or companies, encrypt their files, and then demand payment to "unlock" them, led to British people paying over £4.5million to cyber-criminals last year alone. [84]

A shapshot of recent cases illustrates the breadth and frequency of the cyberattacks which businesses and organisations face.

In October 2016, a massive attack affected many of the world's largest websites. Hackers had infected countless networked devices, potentially including baby monitors, internet routers and cameras, with the 'Mirai' worm. [85] These devices had then been deployed simultaneously as a single, co-ordinated network, or 'botnet', to direct a terabit (125,000 megabytes) of data every second at the targeted servers until they could no longer function. Some speculated that access to the tools to carry out such an attack could have been purchased on a dark web marketplace for around $7,500 USD. [86]

The following month, a similar network of devices, also suspected of being infected with the Mirai worm, was used in an attack on Deutsche Telekom, a German internet provider. The attack disrupted internet, broadcast and telephone signals for almost 1 million people. [87] A week later, the same worm was involved in an attack against at least 100,000 customers of the Post Office and Talk Talk in the UK. [88]

Attacks can also disrupt in other ways. In November 2016, San Francisco's Municipal Transportation Agency was hit with a hack that allowed customers to travel for free, with the hackers demanding a ransom of 100 Bitcoin (£56,000) to return the service. [89]

2.3.4 Other threats

"It seems increasingly evident that a major cyberevent is coming. As the 9/11 commission pointed out, the fall of the Twin Towers was not a failure of intelligence – it was a failure of imagination."

Admiral James Stavridis, former NATO Supreme Allied Commander Europe, 2016 [90]

It is worth also touching on the extreme end of cybercrime, where cyberattacks, including cyber-terrorism and state-sponsored hacks, are growing in complexity. As yet, the potential nature and even definitions of cyberterrorism and cyberwarfare remain under debate, but the potential impact of cyber-attacks in some form, regardless of the motivation, has already been demonstrated.

As early as 1999, the 'Midnight Maze' hack stole huge quantities of sensitive and classified data from the US Departments of Defense and Energy, as well as from contractors and universities. [91]

In 2000, an ex-contractor at Maroochy Water Services in Australia used a laptop computer and a radio transmitter to take control of 150 sewage pumping stations and, over a three-month period, released one million litres of untreated sewage into a stormwater drain feeding into local waterways. [92]

In 2007, Estonia found itself under a sustained barrage of distributed denial of service ( DDOS) attacks, with government websites and those of key institutions including banks and the media taken offline. [93] The nation was forced to temporarily suspend its internet connections to the rest of the world in an attempt to regain control of the situation. [94]

In 2010, the discovery of the Stuxnet computer worm in the systems of an Iranian uranium enrichment plant was a further watershed moment, as the code was specifically designed not to steal data or harm the computer systems, but to cause damage to the physical structure of the plant itself. [95]

In December 2015, the Ukrainian power grid was the subject of a highly complex attack which took offline thirty power substations and left 230,000 people without power. [96]

In December 2016, the new head of MI6, Alex Younger, warned that "hybrid warfare", which includes cyber-attacks and the subversion of democracy, was an "increasingly dangerous phenomenon [and] a concern to all those who share democratic values." [97]

While such threats may sometimes seem remote, we must understand these trends and the increasing potential of online attacks to impact both national government and physical infrastructure. Whether or not they impact Scotland directly, the growing complexity of such attacks, their potential links with organised crime, and the increased risk of catastrophic failure in systems as they become more interconnected, mean that this issue is likely to become a permanent feature of the global security landscape. [98]

When discussing organised cybercrime, we should always bear in mind that we are contributing to laying the groundwork both of personal capability around cybersecurity more generally, and confidence in our collective response to all manner of cyberattacks.

2.4 Human Trafficking

The majority of victims of human trafficking in Scotland are women trafficked for sexual exploitation. Others have been found working in hotels, restaurants, farms, construction sites or domestic homes, or forced into criminal enterprises including cannabis cultivation or sham marriages. [99] [100]

The covert nature of human trafficking, as well as the vulnerability of the victims, contributes to its status as an "unseen" crime, though in recent years, and in particular since a wide-ranging report in 2011 by the Equality and Human Rights Commission, major steps are being taken to address the issue.

In particular, the implementation of the Human Trafficking and Exploitation (Scotland) Act 2015 is ongoing, having commenced in May 2016. The Act introduces new offences of human trafficking and of slavery, servitude and forced or compulsory labour, and enshrines the rights of victims to appropriate support.

In October 2014, the then Lord Advocate hosted the first meeting to be attended by all of the heads of the prosecution services for the UK and Ireland specifically to discuss human trafficking, in recognition that the crime is not contained by national borders. [101] In April 2015, as part of the commitments stemming from that meeting, he published his detailed guidance to prosecutors when considering the prosecution of victims of human trafficking. [102]

In May 2017, the Scottish Government published its Trafficking and Exploitation Strategy. [103]

2.5 Counterfeiting

"The massive infiltration of counterfeit and pirated goods drains $1 trillion from the global economy and robs over 2.5 million jobs. Unsafe and ineffective products now pose a risk to millions of consumers, while governments, businesses and society are being robbed of hundreds of billions in tax revenues, income and jobs"

Business Action to Stop Counterfeiting and Piracy, International Chamber of Commerce 2009 [104]

"The evidence shows that an ever-increasing spectrum of everyday goods are being counterfeited, ranging from batteries, chargers, cosmetic and personal care products to electronic goods, household products, pesticides, food and beverages, and even medicines. However, the exact scope and scale of the counterfeiting business is not known and it is probably fair to assume that the reality exceeds all estimates and projections."

Europol, 2015 [105]

The trade in counterfeit goods is an attractive one for organised criminals, as it is perceived both as relatively low-risk and high-reward. Those traditionally involved in other forms of organised crime are therefore becoming increasingly drawn to it, driven in large part by the potential use of the internet, which provides not only apparent anonymity and a huge potential customer base beyond the immediate region of the counterfeiter, but also the ability to mimic legitimate online shops. [106]

Counterfeiting, along with other forms of piracy, is estimated to cost the UK £1.3bn every year. It undermines legitimate businesses of all types, and for the buyers, the counterfeits can be dangerous or defective - though the risk varies depending on the specific product being counterfeited. The Scottish Anti-Illicit Trade Group ( SAITG), consisting of numerous bodies spanning the public, private and third sectors, seeks to strengthen the collective response to the issue in Scotland; though as with so many types of organised crime, international co-operation will be necessary to fully address it. [107]

The threat is far broader than the public consciousness might suggest. In November 2014, a site purporting to sell alcohol, cigarettes and Viagra in the Aberdeen area gained more than 17,000 followers in under a week. Trading Standards officials later discovered the website, which vanished within seven days of its launch, was not based in the local area. [108]

Counterfeiters have also been found to have links with other forms of crime, in particular human trafficking and labour exploitation. [109] The complexity of counterfeits also varies widely, and can range in sophistication from an obviously copied DVD sold at a street stall, to branded products produced in an official factory which a crime gang has bribed to produce more than their licence allows, in order to skim off and sell on the excess. [110] The variety of products and range of potential impacts on the consumer may make communicating consistently on the subject challenging. This issue is discussed further below ( Section 4.2.4).

2.6 Fraud

"No one knows the true cost of fraud in the UK, but it's taking place on an industrial scale and is without question one of the biggest crimes afflicting UK plc today. It is unrelenting and indiscriminate with many organisations estimated to be losing around five per cent of their annual revenue to fraud."

Prof. Mark Button, Director of the Centre for Counter Fraud Studies, University of Portsmouth, 2016 [111]

While much fraud is now conducted online and therefore falls under a dual heading with cybercrime, other types of fraud also provide a major source of income for organised crime groups and can be targeted either at individuals or at businesses.

As with counterfeiting, fraud comes in many different guises.

  • Identity fraud
    Frauds which use methods and techniques to steal and/or use a victim's bank or financial details
  • Fraudulent sales
    Frauds which occur when the victim tries to buy or sell goods or services. Often (although not always) through online auction and selling websites.
  • Mass-marketing fraud
    Frauds which contact with victims via email, letter, phone or advertisements. These frauds exploit mass communication in the hope of reaching as many victims as possible.
  • Fraudulent sales in person
    Frauds occurring primarily when victims buy or sell goods or services in person. Particularly impactful upon small businesses.
  • Abuse of trust
    Frauds involving suspects who specifically play on the trust of a victim and use their authority (either within a company or within society) to take advantage of individuals, systems and processes, for personal or financial gain.
  • Fraudulent applications
    Involves perpetrators who deliberately misrepresent themselves or their situation for personal gain. This includes individuals who lie on application or claim forms, or make use of counterfeit documents.
  • Investment fraud
    Frauds involving the investment or movement of large amounts of money. These frauds often rely on high-pressure sales techniques to persuade victims to make quick and risky decisions. [112]

'Fraud Types'
'Fraud Types'
Copyright The Police Foundation, reproduced from "The Local Impact of Organised Crime", Police Foundation, 2016 [113]

In 2013 the Home Office estimated that around 15% of all fraud was conducted by organised crime groups, with an annual cost to the UK of almost £9bn in direct losses and criminal justice costs alone. [114] A more recent study indicates that this may represent only between half and one third of the true figure. A single fraudster can target hundreds of victims, and so the scale of criminality does not equate to the scale of impact or victimisation. [115]

Action Fraud, a UK-wide fraud and cybercrime reporting centre, receives on average 25,000 reported frauds per month. If we take the scale of organised fraud as between 31% and 45% of total fraud (as estimated by the Police Foundation), and Scotland as 8.3% of the UK population, we can roughly estimate between 650 and 950 reports of organised fraud gangs operating in Scotland every month of every year. [116] [117]

The difficulties in establishing the true scale of fraud, and in turn organised fraud, are clear. The targets, methods and perpetrators vary widely across its many manifestations. Any attempt to combat it must inevitably involve numerous agencies working together to strengthen the potential victims, whether businesses or individuals, against attack; to apprehend those responsible; and to create an environment where fraud is more difficult to successfully execute.

2.7 Firearms and Terrorism

"Suppressing the availability of illegal firearms in the UK has never been a more significant priority for the law enforcement community. Criminal networks, who think nothing about who they sell firearms to, present a significant route by which extremist groups will try to access the sort of weapons used in recent attacks in Europe."

Lynne Owens, Director General, National Crime Agency, October 2016 [118]

Legally-owned guns are perhaps less rare in Scotland than might be assumed - in 2015, Police Scotland estimated that there were 277,000 legal firearms in the country, including over 100,000 shotguns and 90,000 deactivated weapons. [119] As many as one third of organised criminal gangs in Scotland are estimated to have access to a firearm, [120] and yet, despite these factors, gun crime remains low and falling. In 2015-16, there was one murder with a firearm in Scotland, four attempted murders and 25 robberies – all fewer than 2% of the total for their crime type. The total number of recorded crimes involving guns fell by 75% between 2006 and 2016.

While this picture is encouraging, it is in this area that potential links between serious organised crime groups and terrorist networks are most concerning. The structure of an organised crime group and that of a terrorist group can be very similar, though their goals – benefit and political influence respectively - are different. Co-operation between the two can take place when these interests align, in particular through the provision or sharing of smuggling routes, and as such the potential for a firearm owned by an organised crime gang to be supplied to a terrorist group is coming under increased scrutiny. [121] Half of terrorist plots in the UK involve the attempted acquisition of a firearm, and there are growing concerns that such weapons could pass between crime gangs and terrorists planning a Paris-style mass shooting attack. [122]


Email: Jim Hislop,

Phone: 0300 244 4000 – Central Enquiry Unit

The Scottish Government
St Andrew's House
Regent Road

Back to top