Cifas Finds One in Eight UK Workers Admit to Selling Company Logins

_{Photo credit: Andrii Yalanskyi / Shutterstock.com}

One in eight UK workers has either sold their company login details to a former colleague or knows someone who has done so in the past year, according to new research from the UK non-profit fraud prevention service Cifas.

The findings, published in Cifas’ Workplace Fraud Trends report, suggest insider-enabled fraud is being shaped by apathetic workplace attitudes to credential misuse, with “growing complacency” regarding internal controls and the responsibilities of staff members. 

Cifas said a further 13% of respondents also believed selling access to company systems was “justifiable.”

The level of acceptance was higher among senior staff. Almost a third of senior managers surveyed said selling company logins was justifiable, rising to 36% of directors and 43% of C-suite executives.

The organization expressed concern about the normalization of practices like credential sharing that can drastically increase risks of insider fraud and cybercrime.

Rachael Tiffen, Director of Learning at Cifas, said:

These findings show how vital it is for organisations to build fraud-aware cultures, where employees at all levels understand their responsibilities and the consequences of their actions. Counter-fraud training plays a central role in helping staff recognise manipulation, appreciate the risks associated with insider activity, and act with integrity when handling access to systems and data.

To lower the risk of internal fraud, Cifas advises using secure systems with strong access governance and regular staff training.

Cifas earlier warned that fraud in the United Kingdom had reached record levels in 2025, accounting for 45% of all crime in England and Wales.