ID theft and stolen accounts were big in 2025 – here's how to stay safe in 2026

Fraud cases surged to unprecedented highs in 2025, with generative Artificial Intelligence (AI) making it quicker and easier than ever for criminals to steal our cash and personal data.

Fraud prevention database Cifas recorded almost 445,000 cases in 2025 – an increase of 6% from 2024. 

More than half (54%) of cases were identity fraud, in which an innocent person's personal details are used to obtain services such as a bank account, mobile phone contract, credit or insurance.

Here, we look at what the data tells us about fraud threats and what you can do to stay safe in 2026. 

Fraud trends in 2025

Identity fraud has dominated the Cifas database for many years, but there are signs that it's beginning to decline – cases dipped by 3% last year.

However, this isn't necessarily good news. Fraudsters are instead pivoting to something called account takeover, in which they seize control of previously genuine accounts. This rose by 6% compared with 2024 and now makes up 18% of all reports.

The most popular targets were mobile phone contracts, followed by online retail accounts and credit cards. The value of such accounts is clear: to obtain high-value electronics (like the iPhone in your Amazon basket scam that we've previously warned about) or to max out a credit limit at their victim's expense. Cifas warns that criminals are even altering notification settings to avoid detection.

But the biggest surge of all (43%) was seen in misuse of facility, in which criminals obtain a financial product for abusive purposes, such as receiving fraudulent funds or obtaining credit with no intention to repay it.

Cifas has warned that sophisticated fraud will continue to be 'supercharged' by AI, such as deepfake videos and fake identity documents. 

How to keep your data safe

Account takeover and identity fraudsters need your personal data in order to carry out their crimes. 

Follow these steps to reduce your chance of being targeted:

1. Be suspicious by default: any unsolicited email, text, instant message or phone call should be treated with caution – even if it appears to come from an organisation you know. If you're being asked to enter your info, it's safest to break off contact and call the number on your card or statement (bank customers can also call 159 to speak to their bank directly).
2. Check your credit report: regularly monitor your credit report for any new searches (including soft searches) or accounts opened in your name. 
3. Check statements: account takeover fraudsters can change your settings to make fraud harder to spot. Regularly check your account statements, and contact your provider immediately if you find yourself locked out.
4. Do an age check: before giving a website your personal or payment information, type the address into Who.is to learn when it was created. Newly created websites are a red flag for scams.
5. Spot deepfake videos: look out for subtle oddities like mismatched lip-syncing, monotonous voices, and unnatural expressions. But remember, the absence of these does not guarantee content is genuine.
6. Report fraud: if you experience a scam, report it to the police using Report Fraud (or by calling 101 in Scotland). Let us know about it too by sharing the scam details through our scam sharer tool.