Bots behind 67% of UK Digital Fraud: AI-Driven Attacks Cost Businesses Millions
Cyber attacks on businesses now account for 67% of all UK fraud, with sophisticated bots increasingly targeting online advertising campaigns
Only 14% of frauds are reported to authorities, creating massive blind spots in fraud prevention, with actual bot attacks likely much higher
Criminal groups now using artificial intelligence to enhance fraud sophistication, with one recent attack using deepfakes to steal £20 million
Overview of the Growing Cyber Fraud Threat in the UK
A new analysis by PPC Shield, a company specialized in detection and prevention of PPC clicks frauds, reveals the growing threat that cyber fraud poses to UK businesses’ online activities. The study, examining recent data from the National Crime Agency, shows that fraud against UK businesses has returned to levels not seen since 2019, with automated bot attacks becoming a significant concern for digital advertising campaigns.
Cyber-enabled fraud remains a significant problem for the UK. It is still the most prevalent crime in England and Wales, accounting for an estimated 41% of all crime reflected in the Crime Survey for England and Wales. This statistic is particularly alarming for businesses investing in digital advertising where bot-driven fraud can quickly deplete marketing budgets without delivering results.
The National Crime Agency data shows that 67% of fraud reported in the UK is cyber-enabled, with attacks continuing to be driven by the abuse of online platforms. For businesses running pay-per-click campaigns, this translates to bot networks systematically generating false clicks that drain advertising budgets without producing legitimate leads or sales.
Most concerning is the revelation that only an estimated 14% of frauds against individuals are reported to Action Fraud or the police. The reporting rate for businesses experiencing bot fraud is likely even lower. Many companies never discover they’ve been targeted, while others receive refunds from payment providers and consider it unnecessary to report through law enforcement channels.
Criminal groups have begun adopting generative artificial intelligence to enhance their attacks against businesses. In one striking case from February 2024, criminals used AI to create deepfake recreations of company employees at a virtual meeting, successfully tricking a finance worker into transferring £20 million into a fraudulently controlled account. Similar technologies are now being deployed to create more convincing bot networks that mimic human behavior when interacting with digital ads.
The research also identified areas where the threat landscape shows different patterns that affect how businesses should protect their digital advertising investments.
Despite the rise in sophisticated bot attacks, phishing attacks remain prevalent. Criminals still use this method to gain access to advertising accounts and business systems. Phishing tools are being developed with more technical features to bypass security, including using encrypted messaging protocols such as iMessage instead of SMS to avoid anti-phishing systems.
Top 5 Most Significant Bot Fraud Threats to UK Businesses in 2024
Certain types of fraud, including courier fraud and payment diversion fraud, remain below pre-pandemic levels according to the National Crime Agency data. They’ve shown less growth than digital fraud types, suggesting criminal groups are focusing more resources on online targets including advertising platforms where detection rates are lower.
The tax gap attributed solely to criminal attacks has decreased from £4.1 billion in 2020-2021 to £3.5 billion in 2022-2023. This 15% reduction suggests criminal focus may be shifting toward private sector targets where returns can be higher and detection more difficult. Digital advertising budgets, which now exceed £25 billion annually in the UK, present a lucrative target.
In one respect, the fraud landscape looks different than many expect. While high-value frauds often receive media attention, the majority of unreported incidents are typically high in volume but low in value. This mirrors how bot fraud operates in PPC campaigns – numerous small-value clicks that collectively drain significant budget before patterns become apparent.
The anonymous nature of cyber fraud makes prevention particularly challenging. In the majority of cases, victims have no knowledge of those who target them. Only 9% of adult victims in the year ending March 2023 could provide any information about the offenders. This anonymity is even more pronounced with bot networks, which often operate across multiple jurisdictions.
5 Least Significant Bot Fraud Factors for UK Businesses in 2024
“The data shows a clear picture of the fraud landscape facing UK businesses with online advertising,” said Jacques Zarka of PPC Shield. “With cyber-enabled fraud accounting for 67% of all cases, companies must recognize that their digital marketing budgets are prime targets for automated bot attacks.”
“What’s particularly concerning is how few frauds are actually reported to authorities. With only 14% making their way to official statistics, we’re really just seeing the tip of the iceberg. Many businesses attribute poor campaign performance to market factors rather than recognizing they’ve been victims of systematic bot fraud,” Zarka explained.
He added: “The rise in AI-powered fraud is especially worrying for advertisers. When criminals can create convincing deepfakes that successfully trick employees into transferring millions, imagine how easily they can create bots that mimic human behavior when clicking on ads. Businesses need specialized monitoring systems to protect their advertising spend from increasingly sophisticated threats.”
The research highlighted a recent success in the fight against fraud with the National Crime Agency’s takedown of the “Russian Coms” platform in March 2024. This criminal service, responsible for over 1.3 million scam calls to 500,000 UK phone numbers, allowed fraudsters to hide their identities when contacting victims. Between 2021 and 2024, over 1.3 million calls were made by Russian Coms users to unique UK phone numbers, leading to tens of millions of pounds in losses.
