Inside the surge in 'cyber pick-pocketing': Identity of hundreds of thousands of Britons stolen as criminals deploy sinisterly effective new methods

In fact, fraud prevention service Cifa logged more than 118,700 identity-fraud cases in the UK during the first six months of this year - part of a record 217,000 total fraud filings, which works out at about one identity case every two to three minutes.

GB News has spoken to a range of experts who starkly set out the risks to everyone's security - and warn the number of people who have their identity violated is only set to get worse.

While large-scale cyber fraud cases impacting big companies such as M&S and Ford have made national headlines, an increasing number of individuals are falling victim to small-scale online scams.

A tactical shift in the way criminals operate has seen a sharp increase in so-called "cyber pick-pocketing". Criminals are using methods such as opening accounts, making false applications, or taking over an existing online account in order to steal personal information.

"What often goes under-reported is the scams that I would call the low-hanging fruit," Melanie Garson, cyber policy expert and associate professor at University College London, told GB News.

"The big attacks are the ones we hear about because they have a massive impact, but what we don't hear so much about is this sort of cyber pick-pocketing.

"It is easier to pick-pocket than do a bank heist and people are on the frontline of this cyber pick-pocketing every single day through the different frauds and scams."

Between January and June 2025, it is thought there were more than 38,000 cases of banking account takeovers. Almost two thirds of those (68 per cent) were facilitated digitally.

Dr Garson said the criminals behind these scams are "getting increasingly better", aided by AI tools such as Chat GPT which help them to create "very targeted emails" that are more likely to attract victims and persuade them to grant access to accounts.

The cyber expert explained: "What we are seeing increasingly is what Chat GPT has allowed these type of criminals to do is to refine their language.

"At one point it became very clear - it was bad spelling, bad syntax, things like that, [but] now part of that barrier has gone away, so it makes it slightly more difficult.

"At the higher level, with other generative AI products such as voice cloning or video cloning, what we are seeing increasingly is some of those getting more sophisticated.

"But on the most part if we are talking about your average person, they usually are not being exposed to most sophisticated layer of tools, it is still text, email, where they are expecting to find this kind of request.

"That is where it becomes very difficult to tell the difference."

One way in which criminals are targeting businesses, charities and other high-value bank account holders is by posing as legitimate bank teams fighting fraud, so victims unwittingly grant access to their account and funds are drained.

In some cases, the amounts stolen from individual accounts exceed £1million, according to intelligence from the Cyber Defence Alliance.

The Institution of Engineering and Technology (IET) has warned as many as three in four Britons do not feel their data is safe online.

Dr Junade Ali, cyber security and digital forensics expert and Fellow at the IET said: "While awareness of cyber threats is growing, there’s still a gap in confidence and preparedness.

"We must continue to educate and empower the public to take control of their digital safety."

The National Cyber Security Centre advises people to protect their email using a strong password, install the latest software updates to help protect devices and turn on two-step verification.

The tech authority further suggests people make use of password managers to help create passwords, use three random words to help create passwords that are difficult to crack and back up data on an external hard drive or a cloud-based storage system.

VPNs are another method regularly suggested in order to boost privacy and provide Britons with more security online.

VPNs encrypt everything that's transferred over an internet connection and hides its real IP address - the digital equivalent of a post code.

By routing internet traffic through secure remote servers, a VPN effectively disguises a user's location and makes browsing data unreadable, reducing the chances of identity being compromised.

While there is action individuals can take to help protect themselves, some experts fear that with Labour planning to impose digital ID cards, the cybersecurity risk is only set to grow.

Speaking to GB News, former MI6 chief Sir Richard Dearlove, who led the intelligence service from 1999 to 2004, warned the proposed ID system will “immediately become a target for the country's enemies".

"When you aggregate data into one massive base, of course it immediately becomes a target," he explained as he warned that emerging quantum technologies could undermine the Government's security systems.

"However secure you believe the system to be, quantum computing when it arrives could render redundant your defences."

It's a concern shared by many MPs and civil liberties campaigners.

Speaking in a Westminster Hall debate last month, former Cabinet minister David Davis warned: "What will happen when this system comes into effect is that the entire population's entire data will be open to malevolent actors - foreign nations, ransomware criminals, malevolent hackers and even their own personal or political enemies.

"As a result, this will be worse than the Horizon [Post Office] scandal."

Meanwhile, ex-Conservative Party leader Sir Iain Duncan-Smith MP told The People's Channel: "Such a huge collection of personal data will create a massive target for hackers to penetrate and steal.

"There is no argument in favour of digital IDs that outweighs the enormous National Security risk that will be posed to the British public's personal data."

However, despite the concerns, Dr Garson suggested the new digital ID system could - if implemented properly - offer "more security" by preventing companies from holding onto a long list of personal information.

She explained: "The problem with the way the debate evolved in this particular context is it revolved around an issue that it shouldn't have been associated with if you wanted it to have a policy impact.

"Associating it with 'this is going to keep out migrants' as oppose to this is hugely beneficial, time saving, you don't actually have to every five minutes send people three pieces of bills and evidence and bank statements, or whatever.

"If you think about companies you are sharing [data] with, they are holding onto that data probably years longer than they should do and if they get hacked, that data is in their hands.

"Whereas, if all you are providing them with is a number, then people aren't able to connect the dots, so in some ways it offers more security if rolled out correctly."