More resources need to be ploughed into tackling an upsurge of sophisticated online business scams targeting Scottish firms, according to the Cyber & Fraud Centre – Scotland.

Serious and organised crime groups are increasingly extorting huge sums from companies – by stealing their credentials and following up with phone and web-based extortion methods.

Jude McCorry, chief executive of Cyber & Fraud Centre – Scotland, said that in the last six months her organisation has helped deal with losses amounting up to £10 million.

Although it has helped recover about £4 million, based on the success of a “triage” unit set up with multiple partners, there is a pressing need for more investment in tackling “cyber-enabled crime”.

She said: “We are increasingly seeing cyber-enabled crime such as business email compromise or cryptocurrency scams affecting companies in Scotland.

“The scammers are becoming more sophisticated in the methods they use, through credentials’ theft and then re-targeting those victims. We know Police Scotland already handles almost 17,000 calls annually, which has risen by 68.2 per cent in the last five years.

“Many people also mistakenly call Action Fraud, which has no jurisdiction in Scotland. So, the problem is likely to be more widespread. 

“The UK Government invested £100 million earlier this year to tackle fraud, but that allocation was for England and Wales. We desperately need more investment in Scotland.”

McCorry – whose organisation hosted its annual CyberScotland Summit on 31 October – said that 95 per cent of all fraud is now online. 

She added: “These kinds of attacks can be absolutely crippling for businesses, particularly smaller ones without the resources, or charities or third sector organisations.”

She credited the banks with setting up the specialist Dedicated Card and Payment Crime Unit, which helped prevent a record £101 million from being stolen in 2021 by scammers.

But she said it is not enough. “We need a more holistic approach. We set up the proof of concept triage hub six months ago with our partners, NatWest/RBS, Lloyds, Metro Bank and Police Scotland. That has been really successful, and collectively it has led to £4 million in funds being either stopped or returned. 

“But we can’t do this properly, and support the victims, without the additional resources, and that requires the necessary funds.”

McCorry said business scams are currently under-reported, and victims who manage to prevent the funds from leaving their accounts – or in the rare case they get reimbursed by their bank – do not follow-up with police.

And the problem is only set to grow. Artificial intelligence (AI) is driving a new wave of fraudulent opportunities for serious and organised crime groups, who can use the technology to forge passports and ID documents, or create “deep fakes” of real people to penetrate security measures. 

As Britain prepared to host the global AI Safety Summit at Bletchley Park, the wartime signals centre in Buckinghamshire, the Social Market Foundation said that we are witnessing a “fraudemic” and urged policymakers to do more to tackle the scale of the problem.

McCorry said: “It needs urgent and joined-up focus from government, police and the agencies that support victims. Cyber-enabled crime and fraud, especially, are increasingly soaking up the time and resources we have to deal effectively with them.

“We work really well across boundaries on ransomware in Scotland, but I do worry we lack the same effectiveness for fraud, which is complex and time-consuming to investigate.”