On a shelf between Alexander McQueen shoes, Louis Vuitton handbags and Versace heels in the police evidence room are an 18-inch machete and a serrated zombie knife. Alongside the expensive fashions bought with the proceeds of serious fraud are the tools needed to achieve it, says DCI Paul Curtis.

“These are serious offenders and for whatever reason they felt the need to have these to protect themselves,” he says. Among the other tools are “Sim farms” bought on the dark web, which scammers use to send out numerous text messages at once; stacks of laptops; and mobile phones and payment card readers.

The tools and spoils of crime have come from raids headed by the Dedicated Card and Payment Crime Unit (DCPCU), whose offices the Observer visited this month. Tasked with uncovering payment fraud across the country and charging the perpetrators, this group of officers from the City of London and Metropolitan police forces are at the forefront of the battle against fraud.

Some of their most recent successes involved scammers who pretended to be bank officials and police officers to defraud people, and a Chinese man who drove around the West End of London sending masses of fake text messages from a machine in his car.

The National Crime Agency (NCA) estimates that 40% of crime is fraud-related; it puts the amount lost every year in the billions. Uncovering the criminals behind payment fraud is an uphill struggle.

The problems are numerous: criminals are often based abroad and take advantage of constant advances in technology to dupe victims. But one difficulty is simple and prevalent, which is that people are so embarrassed to have fallen for a scam that they fail to mention it to those around them, let alone report it. “It’s under-reported, and it causes huge harm,” says Curtis. “And that harm isn’t just financial.” Victims can lose their sense of self-confidence and develop problems with mental health, and this can even lead to suicide.

“Getting over people’s own embarrassment and shame is really challenging,” he says. “It’s about telling people and getting comfort from that network around you, like from your family [and] from your social network. And if people have that support, that can be so empowering to them [they can] then make a report and engage with law enforcement.”

The Guardian recently revealed details of the sophisticated and mercenary tactics used by scammers in an elaborate operation based in Tblisi, Georgia, which tricked Britons out of £9m. Many were called again and again by the criminals and persuaded to hand over more and more money.

Curtis says criminals in fraud cases use methods similar to those of sexual predators when grooming their victims. “It works in exactly the same way with fraudsters. They have to build the confidence with the victim. They have to build that trust up. So sometimes this isn’t a quick process to become a victim of fraud,” he says.

Advances in technology present ongoing problems for the DCPCU. Money can now be moved across borders at much greater speed than before, putting it out of the reach of law enforcement, and advertisements for fake investment vehicles often purport to be backed by celebrities, such as happened with MoneySavingExpert’s Martin Lewis.

Developments in generative AI – where artificial intelligence can create text, images or videos using patterns in existing data – give fresh opportunities to criminals, according to Ben Donaldson, managing director of economic crime at UK Finance, the banking body that funds the DCPCU.

“I think it gives [criminals] a range of capabilities that they just didn’t have before and … it’s getting easier and easier for them to use some of this technology,” he says. In the past, emails and messages which claimed to be from a bank could be spotted because of poor grammar or spelling, but this is no longer the case as the technology being used by criminals improves.

“It’s much, much easier to do that [fraud] in a very, very convincing way [as] there’s a whole sort of suite of capabilities available to criminals now which do change the nature of the threat. The bar to entry [with] that type of technology is getting lower all the time,” says Donaldson.

This month, UK Finance and the consumer group Which? wrote a joint letter to the UK government calling for “robust action” to be taken against technology companies to offset the growing cost of fraud.

Donaldson says the vast majority of authorised push payment (APP) fraud, which involves tricking someone into voluntarily sending money from their bank account, emerges from social media accounts. The decision by Facebook to get rid of factcheckers and reduce censorship, announced in January, raises concerns that it will be even easier for criminals to exploit people, he says.

Police have called for more effective user verification so that criminals cannot operate anonymously, as well as for more sharing of information that can identify them.

Meta, the parent company of Facebook, Instagram and WhatsApp, says it has launched its Fraud Intelligence Reciprocal Exchange – through which banks can share information about scams – which has led to the removal of 20,000 accounts. TikTok says each request for data from the police is examined and evaluated before data is disclosed.

So at a time when fraud is ballooning and coming at people in emails, texts, WhatsApp messages and through any number of social media channels, what can people do to stay safe?

Treat your personal information in the same way you treat your house keys, says Donaldson. “You shouldn’t hand over any aspects of your personal information unless you would trust that person with the keys to your front door.”