It’s easier than ever to transfer money online, but it’s also important to stay aware of how you can keep your money safe. Being aware of different tactics fraudsters might use is a great first step in doing this. One common tactic is Authorised Push Payment (APP) fraud – in 2023, £459 billion2 was lost across 232,429 recorded cases in the UK.
To help keep your money safe, we’ve put together a guide to all things APP fraud, so you can better understand the risks, the scams, and the steps to take to protect yourself – as well as the action we at Lumon take to protect you.
What is APP fraud?
Authorised Push Payment (APP) fraud is where, an individual or company, is tricked into sending money directly into the fraudster who is posing as a genuine payee. What sets it apart from unauthorised payment fraud – when someone makes a payment from your account without your knowledge – is that the victim makes the transfer willingly.
Although there are consumer protections in place to help victims of APP fraud recover lost funds, these scams don’t only have a financial impact – there’s an emotional impact too.
How common is APP fraud?
APP fraud surged during the pandemic, with losses reaching £583 million1 in the UK in 2021.
But the risk could be bigger than published figures suggest. The National Crime Agency estimates that some 86% of fraud instances go unreported, despite fraud being the most commonly experienced crime in the UK3.
The ease of online fraud makes APP scams a smart option for organised crime groups. Online platforms and social media channels give criminals cheap, effective opportunities to target victims, although financial service providers such as Lumon are making it harder for them. In fact, while £580 was stolen in 2023 through both authorised and unauthorised fraud, banks prevented £651 million in losses4.
Types of APP fraud
One of the most worrying elements of APP fraud is that it can look highly legitimate. Indeed, the prospect of a big payday through an investment scam can make it worthwhile for fraudsters to build a convincing cover story, however long it takes.
Fraudsters may use any of the following common APP strategies:
Fake payment or invoice
The fraudster may target personal account holders by posing as a legitimate business, requesting urgent payment of a service or delivery fee, outstanding balance, or even fine. Common disguises include delivery companies, HMRC, builders, conveyancers, solicitors, utility companies and legal firms. Although these may look like they come from a legitimate person, a closer inspection reveals emails
For businesses, the fraudster sends fake invoices or mandates to a company’s accounts payable or treasury department, usually claiming that their bank details have changed. Since most businesses require multiple authorisations for a payment, the fraudsters might have to gain access to internal documents and account information to pass checks.
Purchase scams
Criminals can easily publish sites or social media accounts that either look legitimate, or closely resemble well-known businesses. They then attract consumers, particularly around peak sales periods, with “impossible to miss” deals on luxury, high-ticket items, from cars and computers to handbags and jewellery. The consumer makes the bank transfer, but the items never materialise, and calls or emails to the vendor are never returned.
This version of APP fraud is rising steadily, increasing 34% from 2020 to 2023 – in fact, purchase scams account for almost two-thirds of all APP cases1.
Romance scams
Whereas many APP fraud cases unfold as an online smash and grab, romance scammers are patient and persistent. Each case generates an average of ten payments1, suggesting that victims are reluctant (and often embarrassed) to acknowledge what happened. Scammers create a convincing online profile and target the elderly or lonely on social media. Having gained their victim’s confidence, they then invent an emergency that requires an urgent transfer, to cover anything from medical bills to airline tickets.
Investment scams
Most common when the economy is booming, these make up nearly a quarter (23%) of APP losses overall. Scammers target their prospect with the offer of limited-availability, market-beating returns on anything from overseas property and cryptocurrency to gold or wine. The initial approach is often made by cold calling or direct mail using an authentic-looking letterhead. Everything about the company offering the investment may look legitimate, but only at the point when the investor tries to remove funds does this type of APP fraud unravel.
Advanced fee scam
Scammers approach their victim by requesting a modest payment to unlock a sizable inheritance, land opportunity, overseas lottery win or similar windfall.
Organised crime groups send out thousands of these every day, commonly by email, knowing that just one success can make their efforts profitable.
Common APP fraud tactics
The types of APP frauds are varied, but there are some common characteristics to all:
Urgency and scarcity
APP fraudsters frequently use conventional sales psychology to trick the target. A victim is most vulnerable when they are hurried into action and convinced that the opportunity is exclusive and likely to disappear soon.
Social engineering and relationship building
Other the other hand, fraudsters also often rely on carefully constructed stories and relationships built over time to win a victim’s trust. This is known as ‘social engineering’ and isn’t always a rushed or high-pressure tactic; some scams unfold slowly, with months of casual communication that feels genuine. By the time a payment request arrives, it can seem like a natural next step rather than a red flag. It’s this emotional manipulation that makes social engineering so effective – and dangerous.
An offer that’s too good to be true
Unfortunately, this red flag often only reveals itself with hindsight. APP fraud hooks the imagination with outlandish or exclusive offers that simply don’t stack up in the cold light of day. In the heat of the moment, however, they can be just credible enough for the victim to engage.
Unsolicited approach via social media or SMS
Although many APP fraud cases appear to come from a familiar source, an out-of-the-blue approach works too, particularly in romance scams where a little flattery can go a long way.
Bank transfer rather than credit card or cheque
APP fraud traditionally focuses on bank transfers, since the funds can quickly be scattered to overseas accounts and – if authorised – are much harder to reverse. That’s why you want to know your money is in safe hands with a trusted currency partner such as Lumon.
How to protect yourself against APP fraud
It’s important to point out that, in most cases, victims of APP fraud do get their money back. According to 2023 figures, 73% of losses were eventually returned1.
Prevention is better than cure, however. You can limit your exposure to APP fraud by taking the following precautions:
- Avoid over-sharing personal information online, from your relationship status and holiday plans to your friend network or private address. Criminals can create a convincing back story from just a few details. Be suspicious of all unsolicited approaches online, by email and via SMS. You can even filter these messages out by default.
- Verify any request from a financial institution or trusted organisation through the official site, email contact or phone number you usually use. If they’re a regulated business, such as a financial services company, you can check their details on the Financial Conduct Authority, or FCA’s, website too.
- Only purchase from sites with the secure payment (padlock) symbol in the URL (in other words the website link), and enable two-factor authentication on your accounts and devices to make them harder to hack. This could be, for example, using a password and then entering a code sent to your phone via text to increase security.
- Familiarise yourself with your bank’s updated policies. All banks will tell you how they will and will not contact you, as well as what forms of address or email sender name they will use. They will also warn you in advance of the kind of information they will never request online.
- Use an accredited financial advisor for significant investments instead of a new acquaintance from social media.
New consumer protections against APP fraud
The Payments System Regulator implemented new rules on 7 October 2024 that enhance consumer protection in the event of APP fraud.
These cover individuals, small businesses and charities for cases that meet the following criteria:
- UK bank transfers only (not international) using Faster Payments or CHAPS.
- Payment made on or after 7 October 2024
- For claims up to £85,000
Claims that meet these criteria should be reimbursed within 5 business days, although longer may be needed for some, more complex cases.
What to do if you think you’re a victim
If you have any doubt about the security of a transfer, it’s important to take action immediately.
Start by contacting your bank. Most will have an emergency fraud hotline number on their site or correspondence so you’re not wasting time waiting to be connected to a regular assistant. Your bank may be able to block the transaction to make further checks.
For UK account holders, contact Action Fraud to report the incident on 0300 123 2040 (Monday to Friday 8am to 8pm) or via https://www.actionfraud.police.uk/
If you are based in Ireland or other European countries, contact your local law enforcement agency.
We’re on your side
Get peace of mind that your funds are in safe hands and speak to one of our currency specialists today.
Sources used:
1. UK Finance | Annual Fraud Report 2024
2. APP scams | Payment Systems Regulator
3. Fraud – National Crime Agency
Sources last checked on: 14.05.25
This publication is provided for general information purposes and does not constitute legal, tax or other professional advice from Lumon or its subsidiaries, and it is not intended as a substitute for obtaining advice from the relevant professional services. We make no representations, warranties or guarantees, whether expressed or implied, that the content in the publication is accurate, complete or up to date.
