Thousands of cybercrime reports sent to the UK’s centralized authority have been mistakenly identified as containing malware, meaning they were not investigated, according to a new report.
The report, Cyber: Keep the light on – An inspection of the police response to cyber-dependent crime, was produced by watchdog Her Majesty’s Inspectorate of Constabulary and Fire and Rescue Services (HMICFRS).
It claimed that, although police forces and the National Crime Agency (NCA) are largely effective in tackling cybercrime, there is room for improvement.
It pointed to mistakes in the Know Fraud system, updated in October 2018, which led to a significant number of the reports normally sent to the National Fraud Intelligence Bureau (NFIB) by Action Fraud being held in quarantine.
“In some cases the automated system mistakenly identified reports as containing malicious coding. In April 2019, we were informed that approximately 9,000 reports were being treated in this way – although by July 2019 this had been reduced to approximately 6,500,” the HMICFRS report revealed.
“In these quarantined cases, victims haven’t received confirmation that their report has been received. Nor have they been reviewed for viable lines of enquiry or forwarded to forces for either victim care or investigation.”
The report urged City of London police, which runs Action Fraud, to urgently address the problem, provide the Home Office with an update and work to prevent a re-occurrence.
The report also pointed to a lack of public awareness about Action Fraud and confusion about the reporting process.
“One issue with the online tool is the reliance on victims to correctly identify the type of crime they have been a victim of. Self-reported cases often include incorrectly classified crimes and inaccurate or incomplete information,” it explained.
“The online tool also asks victims to assess how vulnerable they perceive themselves to be. This can lead to inconsistent results, which then need to be reassessed.”
In addition, 40% of calls into the Action Fraud hotline are abandoned before they are answered because of long wait times.
The report also argued that the current UK policing picture is too fragmented, and best practice knowledge isn’t shared effectively enough throughout — with too much variation between how cases are approached, and the effectiveness of local responses.