Empty Streets, Busy Internet: A Time-Series Analysis of Cybercrime and Fraud Trends During COVID-19

The unprecedented changes in routine activities brought about by COVID-19 and the associated lockdown measures contributed to a reduction in opportunities for predatory crimes in outdoor physical spaces, while people spent more time connected to the internet, and opportunities for cybercrime and fraud increased. This article applies time-series analysis to historical data on cybercrime and fraud reported to Action Fraud in the United Kingdom to examine whether any potential increases are beyond normal crime variability. Furthermore, the discrepancies between fraud types and individual and organizational victims are also analyzed. The results show that while both total cybercrime and total fraud increased beyond predicted levels, the changes in victimization were not homogeneous across fraud types and victims. The implications of these findings on how changes in routine activities during COVID-19 have influenced cybercrime and fraud opportunities are discussed in relation to policy, practice, and academic debate.


Introduction
At the beginning of the COVID-19 pandemic, several sources warned of possible increases in cybercrime and fraud (especially cyber-enabled frauds 1 ). In March 2020, Europol alerted about new ways in which cybercriminals were benefiting from the pandemic and associated lockdown measures (Europol, 2020b), and in October 2020, Europol's (2020a) Internet Organized Crime Threat Assessment stated that "COVID-19 caused an amplification of existing [cybercrime] problems" (p. 6) and noted an increase in fraud against businesses "as a result of the global outbreak of . Similarly, Interpol's (2020) report entitled "Cybercrime: Covid-19 impact," published in August 2020, affirmed that there had been "a sharp increase in cybercriminal activities" (p. 4) related to the virus. As a preventive measure against such threats, U.K. law enforcement agencies used Twitter to raise public awareness, devoting 57.2% of their messages to fraud schemes and 16.9% to cybercrime problems (Nikolovska et al., 2020).
From an opportunity perspective (Newman & Clarke, 2003), it seems obvious to expect an increase in cybercrime and fraud when more people use the internet and converge in cyberspace. However, both these umbrella categories encompass a very diverse range of conducts (e.g., not all frauds are a form of cyber-enabled crime), and it is unlikely that trends are identical for all types of cybercrime and fraud. Furthermore, detected fluctuations may be very short term and may simply bounce back to the initial trend, or they could even be within normal crime variability. In fact, literature on traditional street crime in the United States, such as serious assaults, indicates that the relationship between lockdown measures and crime is not always as expected (Ashby, 2020), while preliminary analysis on cybercrime and COVID-19 in the United Kingdom indicated that individual and organizational victims may not be affected in the same manner (Buil-Gil et al., 2021b).
In this context, the main aim of this article is to provide further understanding of the relationship between the changes in daily activities brought about by the COVID-19 pandemic and cybercrime and fraud in the United Kingdom. To this end, the article begins by describing the changes in routine activities in the United Kingdom and how these may have influenced cybercrime and fraud opportunities. Subsequently, a brief overview of the existing literature on the relationship between crime and COVID-19 is provided. Next, the data and the methods are introduced. A detailed description of the results comprises the penultimate section of the article. Finally, discussion and conclusions are provided with regard to the implications of the findings for policy, practice, and academic debate.

COVID-19 and Routine Activities in the United Kingdom
The unprecedented rapid changes in routine activities brought about by COVID-19 and the associated lockdown measures have been evidenced around the globe. In the United Kingdom, the first national lockdown came into force on March 26, 2020, and most national-level restrictions were lifted on June 23 and eased further on August 14. Local lockdowns were announced for areas with high levels of COVID-19 cases from July 4 onwards (local restrictions were later renamed under a three-tier system from December 2). The second national lockdown took place from November 5 until December 2, and the third national lockdown was announced on January 6, 2021. Figure 1 visualizes the changes in mobility as documented by Google (2020) in their "UK COVID-19 Community Mobility Reports," based on user location data between mid-February and the end of July 2020, which is the period analyzed in this research. In this regard, Figure 1a, 1b, and 1d highlight the notable drop in work, recreation and retail, and transit mobility, respectively, in comparison to baseline measurements of the median value for the corresponding day of the week, during the 5 weeks between January 3 and February 6, 2020. On the contrary, Figure 1c illustrates a clear rise in mobility trends for places of residence. As can be observed in the plots, the most pronounced changes occurred around March 23, which was the date the United Kingdom announced the first strict lockdown measures.
The Office for National Statistics (ONS) provides support for these trends. They found that in April 2020, over 40% of U.K. workers did some work from home as a result of the coronavirus pandemic (ONS, 2020a). They also found that in the period between April and June, the total hours worked in the United Kingdom was approximately 20% less than in the previous 3 years (ONS, 2020b). These findings indicate a reduction in mobility, a rise in teleworking, and an increase in leisure time. Similarly, the ONS highlighted a change in retail activities with many physical retail stores reporting decreased footfall but online sales showing a 46.8% increase between February and April 2020 (ONS, 2020d). This ties in with data on United Kingdom and global internet use. Ofcom (2020) found a notable increase in the time adults spend online in April 2020 in comparison to September 2019. The London Internet Exchange showed a pronounced spike in internet traffic between March 11 and March 28, far greater than any spike in the upward trend of previous years (see original data from https://portal.linx.net/stats/lans). Traffic decreased from April to August 2020 but generally remained above the levels found before coronavirus. Finally, Datavault's Broadband Insights reports for 2020 (OpenVault, 2020) and their COVID-19 Broadband Impact Tracker (available from https://openvault.com/trusted/) detail increases in global broadband use by both individuals and businesses that were above the general rising trend found in previous periods, especially in the months of March and April 2020.

COVID-19, Routine Activities, and Traditional Crime
For several decades, criminologists have studied trends in routine activities and how these can shape criminal opportunities. Cohen and Felson (1979) formulated this as the Routine Activity Approach and stated that crime occurs when likely offenders and suitable targets converge in both space and time in the absence of capable guardians. Employing longitudinal data from the 1950s to the 1970s, these authors identified that changes in household structures and activities after World War II, such as the increasing proportion of females in the workforce or the greater number of single-adult households, reduced people's capacity to serve as capable guardians and correlated positively with homicide, forcible rape, aggravated assault, robbery, and burglary. They postulated, for example, that the increase in ownership of valuable and movable goods combined with the increase in the time homes were unattended during the day increased the opportunities for burglary. In Europe, the Routine Activity Approach, often combined with lifestyle theory (Hindelang et al., 1978), has been used to explain crime trends since the 1990s, putting special emphasis on how the development of the internet led to a shift from offline to online and hybrid crimes (Aebi & Linde, 2010, 2014Caneppele & Aebi, 2019).
Given the huge changes in routine activities in the United Kingdom detailed in the previous section, it was not surprising that criminal opportunities saw marked changes during 2020 (Stickle & Felson, 2020). In this sense, several authors have examined the effects of COVID-19 and related containment measures on traditional crime around the globe using a variety of statistical techniques (e.g., Felson et al., 2020;Gerell et al., 2020;Piquero et al., 2020). Many studies employing time-series analysis techniques, such as Autoregressive Integrated Moving Average (ARIMA) models, have found an overall reduction in crime but notable differences in trends between crime types (e.g., Ashby, 2020;Campedelli & Favarin, 2021;Estévez-Soto, 2020;Hodgkinson & Andresen, 2020;Langton et al., 2021;Mohler et al., 2020;Payne et al., 2020). Even the prison population rates in European countries that introduced lockdowns were affected by a decrease in the number of entries of remand detainees and sentenced prisoners (Aebi & Tiago, 2020).

COVID-19, Routine Activities, and Cybercrime and Fraud
Prior to COVID-19, academic research had already noted how changes in offline and online routine activities are associated with a shift in crime opportunities from physical space to cyberspace (Miró-Llinares & Moneva, 2019;Newman & Clarke, 2003;Pyrooz et al., 2015). The popularization of the internet has changed work and leisure activities meaning criminals may dedicate more time to online crimes, such as certain types of cyber-enabled fraud. Indeed, studies have found that overall increases in fraud are being driven by pronounced upward trends in fraud with a "cyber" element . Given the already existing association between the expansion of the internet and digital platforms and the growth in online criminal opportunities, it seems likely that the boost in online activity since March 2020 is correlated with a similar boost in online crime.
Researchers started exploring this relationship after the first lockdown measures were announced in March 2020. For example, Collier et al. (2020) described an increase in certain cybercrimes such as denial of service attacks and an increase in opportunities for fraud globally. They observed that cybercriminals were mainly adapting already existing attack strategies to exploit psychological effects of the pandemic, for example, higher levels of fear. Similarly, Vu et al. (2020) examined underground cybercrime markets during the pandemic, finding a significant increase in the volume of products involved, but they studied no notable differences in the types of transactions, users, or behaviors in the markets. Payne (2020) used data from the U.S. Federal Trade Commission to identify an overall increase in reported fraud cases in the first 3 months of 2020 in comparison to the same period in 2019. A significant increase in losses from fraud in the same period was also highlighted. However, the growth was not the same across all fraud types or all age groups, with the author noting marked upticks in frauds connected to the internet, such as imposter businesses, fraudulent text messages, online shopping complaints, counterfeit checks, and romance scams. Disparities between crime victims were also found by Buil-Gil et al. (2021b) in their preliminary analysis of reported cybercrime and fraud in the United Kingdom. Despite detailing statistically significant changes between May 2019 and May 2020 in most fraud and cybercrime categories as well as for the total number of reports, they highlighted differences in trends between organizational victims (a slight nonsignificant decrease in cyber-dependent crime and a slight increase in online fraud) and individual victims (an overall significant increase). This may be related to distinct variations in routine activities or reporting practices between these types of victims (see also Department for Digital, Culture, Media and Sport, 2021). Finally, Hawdon et al. (2020) employed online panel surveys to measure cybercrime victimization during the pandemic. Surprisingly, they found little change between the pre-COVID and COVID samples; however, the overlapping question periods between the two samples mean these results should be interpreted with caution.

The Present Research
Despite the existing research primarily indicating an increase in cybercrime and fraud during the pandemic, there is a lack of time-series analysis as found in the literature on COVID-19 and more traditional crime types. This study aims to start filling this gap by applying ARIMA models, which are explained in greater detail in section "Analytic Strategy," to analyze trends in cybercrime and fraud known to the police in the United Kingdom. In the review of the literature set out in section "COVID-19 and Shifts in Crime Opportunities," it was identified that many crime types have been significantly affected by the mobility restrictions associated with COVID-19, and it was noted that cybercrime and fraud are generally believed to have increased during the pandemic. However, pre-COVID literature on fraud has shown that offline variants of fraud appear to be declining in recent years, while cyber-enabled fraud types are increasing Levi, 2017;Tcherni et al., 2016). In addition, law enforcement, government agencies, and academic studies have highlighted that the changes in routine activities during the pandemic have not had identical effects on cybercrime and fraud victimization of individuals and organizations (Buil-Gil et al., 2021b;Department for Digital, Culture, Media and Sport, 2021;Interpol, 2020). Based on these conclusions from prior research, the following hypotheses have been formulated for this study: Hypothesis 1 (H1). Changes in cybercrime and fraud during the first months of the COVID-19 pandemic were greater than expected crime variability. Hypothesis 2 (H2).Traditional offline fraud decreased during the first months of the COVID-19 pandemic while cyber-enabled fraud increased. Hypothesis 3 (H3). Increases in victimization by cybercrime and cyber-enabled fraud during the first months of the COVID-19 pandemic were greater for individuals than for organizations.

Data
Crime data. The data on cybercrime and fraud used in this study were obtained via a freedom of information request to the City of London Police who, alongside the National Fraud Intelligence Bureau, run Action Fraud, the United Kingdom's national reporting center for fraud and cybercrime. Data on individual and organizational victims were received for each month from April 2017 to July 2020. It was not possible to choose another date for the beginning of the analyses because records disaggregated by victim type and month are only available from April 2017. Due to resource limitations and the provisions of the Freedom of Information Act, the City of London Police were unable to provide data for reports for all crime types recorded by Action Fraud, thus, the following six types were obtained: − Total cybercrime: In accordance with the Home Office Counting Rules (Home Office, 2020), this category comprises computer virus/malware/spyware; denial-of-service attacks (with or without extortion); hacking of personal computer; hacking of social media and email; hacking of PBX/dial through; and hacking combined with extortion. − Total fraud: This includes all 46 of the fraud types in accordance with the aforementioned Home Office Counting Rules. − Online shopping and auction fraud: The Home Office defines this category as "fraud attributable to the misrepresentation of a product advertised for sale through an internet auction site or the non-delivery of products purchased through an internet auction site." This fraud was chosen as one of the individual fraud types for two reasons. On one hand, as illustrated by its name, the internet plays an essential role in its commission. On the other hand, it was considered that online shopping and auction fraud is a crime that should affect both individuals and organizations, thereby permitting comparisons between them. − Dating fraud: In this type of fraud "the intended victim is befriended on the internet and eventually convinced to assist their new love financially by sending them money for a variety of emotive reasons." This was also requested because the internet plays an essential role in its commission, especially when the typical physical places for meeting a potential partner, such as pubs or nightclubs, are closed or restricted during lockdown. − Ticket fraud: This category "involves the victim purchasing tickets remotely e.g., over the phone or internet." Data on this fraud were solicited because although often cyber-enabled, the opportunity to commit ticket fraud is created by the desire to carry out activities in the physical world. This crucial link to the physical world allows analysis of the connection between activities in physical space and crime in cyberspace. − Door-to-door sales and bogus tradesmen fraud: This is one of the only crimes in the Action Fraud data that they consider not cyber-enabled and that is committed in relatively large numbers (more than 1,000 cases per year).
Data on crime reports submitted to Action Fraud which contain a valid postcode address in England, Wales, Scotland, or Northern Ireland were received by authors and will be used in this research. 2 Routine activities data. To further explore the influence of COVID-19 on crime opportunities, it was considered relevant to examine whether routine activities that are potentially linked to fraud opportunities followed a similar trend to reported fraud. Although historical data are scarce, some sources were identified that could be analyzed with the same methods as the crime data to show the potential impact of the pandemic on activities potentially related to crime opportunities. First, the ONS (2020c) collects data on retail activities; in particular, data on the value of sales conducted via the internet. Shopping online has been identified as a potential predictor of online fraud victimization (e.g., Leukfeldt & Yar, 2016;Reyns & Henson, 2016). On the contrary, some sources publish information regarding ticket sales, which is likely related to ticket fraud. In this sense, data from the Civil Aviation Authority (2020) show the number of air passengers that pass through U.K. airports, which provides an indication of the effects of COVID-19 on air ticket sales in the United Kingdom. In addition to this evidence of changes in tickets related to mobility, monthly cinema admissions provided by the UK Cinema Association (2020a, 2020b) serve as an indication of changes in leisure activities.

Analytic Strategy
To test the three hypotheses posed at the beginning of section "The Present Research," univariate ARIMA models were applied to the Action Fraud data described in the previous section. ARIMA models are a method for time-series data analysis that employs past observations of one variable to predict its own future values. They are one of the most common approaches to time-series analysis (Hyndman & Athanasopoulos, 2018) and, as described in the review of the literature in section "COVID-19 and Shifts in Crime Opportunities," they have already been used to study the effects of COVID-19 on crime. To apply the ARIMA modeling approach in this article, the values were selected for crime reports each month up until lockdown was introduced in March 2020, that is, April 2017 to March 2020. This allowed computation of 95% prediction intervals for the time period up to March 2020, and subsequently, parameters obtained from ARIMA models were used to forecast 95% prediction intervals for crime from April 2020 to July 2020. This allowed the known values of crime for April to July 2020 to be compared to the 95% prediction intervals to identify whether the known values of crime fall within the 95% prediction intervals given by the parameters from pre-COVID models.
To select the ARIMA model with the best goodness-of-fit for each variable under study (i.e., crime types and types of victims), we followed a variation of the Hyndman-Khandakar algorithm (see Hyndman & Khandakar, 2008) that automates the selection of the components p (i.e., the order of the auto-regressive model), d (i.e., the order of differencing), and q (i.e., the order of the moving average) of each ARIMA model estimated for each variable. This approach uses a stepwise search to select the model with the lowest AICc, a bias-corrected version of the Akaike Information Criterion (AIC) for small sample sizes, in each case. This is done to effectively select the best model for each variable in our data, and in turn improve the forecast accuracy of the ARIMA models. The auto.arima() function from the "forecast" package (Hyndman, 2020) in R (R Core Team, 2020) was used to implement the Hyndman-Khandakar algorithm to estimate a univariate time-series ARIMA model for each of the crime types described above. R codes used in this research can be found in the Supplemental Material. Moreover, an interactive data visualization tool has been created to allow readers to visualize bivariate associations between crimes known to the police and changes in routine activities in the United Kingdom (see: https://asiermoneva.shinyapps.io/trends_app/). Figure 2 plots the 95% prediction interval for total cybercrime and total fraud from the corresponding ARIMA models as well as the actual count of recorded offenses for the period April 2017 to July 2020. As can be observed in Figure 2a, in March, April, and May 2020, total recorded cybercrime was markedly greater than the levels forecast based on the data from the previous 3 years. This 3-month period witnessed a sharp spike in recorded cybercrime that dropped back to within the 95% confidence interval in June and July. Similarly, though with a slight delay in comparison to cybercrime, Figure 2b shows total recorded fraud also increased clearly beyond the bounds of the prediction interval in May and June 2020 and then bounced back to the original trend in July. With regard to H1, based on the application of the ARIMA models to historical data of recorded cybercrime and fraud in the United Kingdom, we can reject the null hypothesis and conclude that the changes in cybercrime and fraud during the first months of the COVID-19 pandemic were greater than the crime variability that would have been expected given historical trends.

Fraud Types
As set out in section "The Present Research," H2 posits that trends for different types of fraud were unlikely to be homogeneous during the first months of the pandemic; in particular, it states that online types are likely to have increased, and offline types are likely to have decreased. Figure 3 visualizes the range of values forecast from the historical series as well as the known count rates for the four individual fraud types analyzed in this research. First, Figure 3a shows a steep increase in recorded online shopping and auction fraud in March, April and May 2020 that is far beyond the values that would be expected 95% of the time in accordance with the ARIMA prediction intervals. The number of recorded offenses then dropped back down in June and July but remained outside the range of predicted values. Figure 3b indicates a similar trend with regard to dating fraud: a pronounced increase immediately subsequent to the introduction of lockdown measures in the United Kingdom. However, in contrast to online shopping fraud, this is followed by what appears to be a return to the less steep historical upward trend in June and July. In Figure 3c, we can discern that the trend for ticket fraud is the inverse of that observed for the previous two fraud types. Ticket fraud appears to have a seasonal pattern, with higher levels of recorded crime in spring and summer than in winter and autumn in the 3 years prior to 2020. However, recorded ticket fraud during the first months of the COVID-19 pandemic was reduced to close to zero. In April, May, June, and July 2020, it was below the prediction interval and far below the numbers recorded in the spring and summer of 2017, 2018, and 2019. Finally, as shown in Figure 3dp, door-to-door frauds were on a downward trend from April 2017. This trend appears to have continued during the pandemic with a notable drop in April 2020; however, the reduction in this fraud type was within the prediction interval forecast by the ARIMA model.
Thus, based on the analysis of these four individual fraud types, the null hypothesis with regard to H2 is not rejected because even though the cyber-enabled online shopping fraud and dating fraud did increase, ticket fraud, which is also cyber-enabled but dependent on events that take place in physical spaces, decreased. As such, it appears not all cyber-enabled frauds have been affected in the same manner by the mobility restrictions associated with the pandemic. Furthermore, the decline in door-to-door sales fraud identified in this study follows the pre-COVID downward trend and the variability during the first months of the pandemic is not beyond the 95% prediction intervals.
Some data sources offer support for routine activities explanations regarding the disparities in the direction of certain fraud trends. For example, as can be identified in Figure 4a, the value of internet retail sales (ONS, 2020c) followed a markedly similar trend to online shopping and auction fraud from March 2020. There was a sharp increase in the value of sales that were conducted online, far beyond the forecast values based on historical data, and sales may have been beginning to return to closer to the original trend in July. Similarly, regarding ticket sales, data from the Civil Aviation Authority (2020) plotted in Figure 4b demonstrate the drastic effects of COVID-19 on air travel as the number of passengers passing through U.K. airports plummeted between March and April. However, since the number of passengers began to drop before lockdown measures were launched in the United Kingdom, ARIMA prediction intervals were able to capture the observed values of air passengers in May, June, and July. This reduction in passengers at U.K. airports before the introduction of lockdown measures in United Kingdom may be due to the fact other regions of the world introduced restrictions before the United Kingdom and/or owing to U.K. passengers reducing air travel as a consequence of the already rising threat of the pandemic. In any case, the air passenger data serve as an indication of changes in tickets sales related to mobility for the period under analysis. In addition, monthly cinema admissions provided by the UK Cinema Association (2020a, 2020b) indicate enormous changes in ticket sales related to leisure activities. Figure 4c shows cinema admissions reached zero for the months with the strictest lockdown measures. In short, both these data sources that are related to ticket sales show very steep declines between March and April 2020, similar to that identified in recorded ticket fraud victimization. The relationship between shifts in routine activities and shifts in crime opportunities is discussed in greater detail in section "Conclusion."

Cybercrime and Fraud Suffered by Individuals and Organizations
To test whether increases in victimization by cybercrime and cyber-enabled fraud during the first months of COVID-19 were greater for individuals than for organizations, as outlined in H3, this article also enquires about potential divergences between individual and organizational victims. In this sense, the Action Fraud data appear to indicate certain contrasts. Figure 5 details the prediction intervals and known counts of reported victimization for total cybercrime, total fraud, as well as online shopping and auction fraud (abbreviated as online shopping fraud in Figure 5e and f). Before proceeding to examine the results, three points should be noted. First, City of London Police stated that disaggregated data for the two victim types are unavailable for October and November 2018. This can be observed by the gap in the time-series plots. Second, the ARIMA models were not applied to dating fraud, ticket fraud, and doorto-door sales fraud because the sample size of organization victims was so small that the ARIMA models could not be correctly estimated. Third, data about crimes suffered by organizations show unusual, very small values in December 2018, and January and February 2019. This is likely to be due to inconsistencies in recording, rather than actual changes in crime, but this does not have a major impact on the ARIMA models' forecast accuracy.
With regard to cybercrime, Figure 5a and b shows a difference in reported offenses between individuals and organizations. The spike found in individual cybercrime victimization is not present in the results for organizational victims, which remain firmly within the 95% prediction intervals for the period after the introduction of lockdown measures. There is a similar discrepancy in relation to total fraud in Figure 5c and d. The post-lockdown jump in fraud reported by individuals is not found for organizational victims in terms of values greater than the forecast prediction intervals. In this sense, while there was an increase in reported fraud in May and July 2020, this did not go beyond the ARIMA prediction intervals. Finally, Figure 5e and f show both a concordance and a divergence with respect to online shopping and auction fraud. On one hand, reported victimization climbs steeply for both individuals and organizations after the onset of the COVID-19 pandemic. On the other hand, the rise in cases reported by individuals took place in April and May 2020 and then dropped back, while reports by organizations rose slowly from April to June and then rocketed in June and July.
As a consequence of the aforementioned results for individual and organizational cybercrime and fraud victims, H3 cannot be rejected and it can be stated that cybercrime and fraud victimization trends for individuals exceeded the upper limits of the expected volume as opposed to victimization trends for organizations, which only exceeded the prediction in the case of online shopping fraud.

Discussion
In his address to the Annual Meeting of the American Society of Criminology 2017, Rosenfeld (2018) advocated research on the impact of exogenous shocks on crime rates with the aim of testing theoretical expectations in criminology. In contemporary times, there has been no event that has affected crime opportunities as greatly in such a short period of time as the COVID-19 pandemic. While its devastating impacts have been felt by millions, criminologists have been presented with an unprecedented situation to study how short-term shocks to society affect crime trends. Changes in mobility are arguably one of the most important variables to explain the convergence of the minimum elements of crime, as stated in the Routine Activity Approach (Cohen & Felson, 1979). However, it is also among the most difficult variables to control for. National lockdowns in response to the pandemic created a natural experiment to capture this variable through time spent at home (Stickle & Felson, 2020). Building on previous research (Aebi & Linde, 2010, 2014Caneppele & Aebi, 2019;Newman & Clarke, 2003;Pyrooz et al., 2015), Miró-Llinares and Moneva (2019) stressed the importance of time spent at home as an explanatory factor in the shift of criminal opportunities from physical space to cyberspace. In that piece, emphasis was placed on the growing adoption of online forms of entertainment, such as online shopping, streaming content, TV series, or computer games, to the detriment of traditional leisure in parks, bars, and streets. Yet the result regarding the convergence of offenders, targets, and guardians is the same as that caused by lockdowns: more time at home and less time on the street. In other words, empty streets and a busy internet.
This article has shown, however, that the opportunity structures for fraud are nuanced and that the reductions in offline routine activities during the pandemic are associated with disparate effects on distinct cyber-enabled fraud types. As we have seen, less offline retail activity appears related to more online activity and, consequently, more online shopping fraud. On the contrary, less ticket-related offline leisure and transport activities led to a decrease in ticket fraud. In this sense, ticket fraud provides an interesting example of online opportunity structures being affected by offline changes in routine activities; it demonstrates how a decline in activities in the physical world can also reduce opportunities for cyber-enabled frauds. Crime science (Clarke, 2010) and problem-oriented policing (Goldstein, 1979) have promoted the benefits of crime specificity for crime analysis since long before the current health crisis (e.g., Andresen & Linning, 2012;O'Connor & Grant, 1998;Read & Tilley, 2000), and recent research has urged the study of particular offenses with respect to crime patterns and the pandemic (Stickle & Felson, 2020). As a consequence of the discrepancies found in this study, a crime-specific approach to fraud and cybercrime research and prevention appears more urgent than ever.
Similarly, reported cybercrime and fraud evolved differently for organizational and individual victims. The reduced activity in the physical world was associated with marked effects on the general trends for the latter but had little effect on the former. This raises at least three pertinent yet distinct possibilities. First, it could be that with many businesses closed, opportunities to attack organizations were in fact reduced rather than increased. It has been widely stated that attacks against organizations have risen during COVID-19 (Europol, 2020a;Interpol, 2020), but it may be that such a general statement is overly simplistic and greater crime, victim, or country, specificity is required when researching trends in cybercrime and fraud against organizations. In fact, academic literature has begun to examine the organizational characteristics related to cybercrime and fraud victimization (Buil-Gil et al., 2021a;Rantala, 2008;Williams et al., 2019) and future research could examine this within the context of COVID-19. Second, it is unclear to what extent the divergences in individual and organizational victimization during the pandemic are the result of differences in reporting. It seems plausible that with many organizations experiencing great changes to their daily functioning, many attacks went undetected and, thus, unreported (Department for Digital, Culture, Media and Sport, 2021). The move to teleworking in many industries may have impeded organizations' ability to detect and respond to cybercrime and fraud events. This would highlight the crucial role of teleworking individuals as "guardians" for their organizations with regard to cybercrime and fraud. In this sense, the peak in online shopping fraud in July 2020 may be due to IT services reporting all undetected offenses from previous months. Or, third, could it be that the difference in victimization rates found in this article is evidence of increased homeworking shifting risk onto the individual and away from the organization (e.g., spam and computer viruses being received in personally owned laptops instead of business computers)? Is a target being placed on under-protected individuals as opposed to organizations with IT support? This seems unlikely, given the potentially greater spoils available to criminals who target organizations, but nevertheless further research is required.
Finally, further discussion is also necessary on the apparent return to longer-term trends identified in many of the general and specific crime types analyzed in this article. This coincides with the Google Mobility Data discussed in section "COVID-19 and Shifts in Crime Opportunities" and the internet retail sales data in "Results" section, which seem to show a slow return to routine activities that are closer to pre-COVID levels. This is an indication of the potentially fundamental role of crime opportunities even in the short-term and compels future research on the criminal actors that are taking advantage of the changes in opportunity structures. Was it already existing offenders who simply increased their offending during spring and early summer 2020 or did new actors enter the market inspired by the new opportunities? Given the partial return to the general trend rather than sustained increases, as well as the prior research that has highlighted adaptations of existing attack vectors to take advantage of the social and psychological turmoil created by COVID-19 Europol, 2020b), it appears that the first option is more likely. Nevertheless, further analysis in this sense could add to wide-ranging theoretical debates on cybercrime, fraud, and opportunity approaches.

Conclusion
This article contributes to the growing body of research on the impact of COVID-19 on crime by showing that, in the United Kingdom, overall counts of reported cybercrime and fraud in the period immediately after the introduction of lockdown measures were notably higher than predicted by the time-series technique applied in this research. However, and importantly for policy and practice, these general trends were not homogeneous throughout all fraud types or when comparing individual and organizational victims. Many spikes in cybercrime and fraud identified at the beginning of the pandemic appear to have later dropped back to the longer-term gentler upward trend. All these conclusions open the door to future research as discussed in the previous section.
In reaching these conclusions, the present research is not without limitations. Notably, the secondary data used are the result of cybercrime and fraud offenses reported to the relevant law enforcement body and collated by Action Fraud. On one hand, the low levels of fraud and cybercrime reporting (Correia, 2019;Kemp, 2020;ONS, 2020c) mean that there may be a significant dark figure that is not accounted for in these figures. On the other hand, the methods for registering crime may vary across time, which could distort historical analysis. Despite these rather typical limitations with the official crime data, the results and conclusions contained herein can help inform future research and practice with regard to changes in routine activities and the consequent shifts in crime opportunities.
between the open data published by Action Fraud and data received via freedom of information request. The average difference between cyber-dependent crimes reported in the open-data portal and cyber-dependent crimes received was −6.07%, while this difference was −8.73% for total fraud and −9.98% for online shopping fraud. Correlation coefficients between the monthly aggregates of crime based on data received and data available from the open-data portal were significant and moderate/large in all three cases (i.e., cyberdependent crime: r p = < . , . 87 001 value ; total fraud: r p = < . , . 51 05 value ; online shopping fraud: r p = < . , . 87 001 value ), showing that monthly aggregates of crime before and after removing reports with invalid addresses are linearly related and defined by a very similar distribution and rank. This was further analyzed using visualizations. The moderate correlation coefficient observed for total fraud is likely to be explained by the small number of months examined in this sensitivity analysis (15 months). Thus, data received allow analysis of trends of crimes reported to Action Fraud.