WIREDGOV

Action Fraud, the national reporting centre for fraud and cyber crime, received 15,214 reports of email and social media hacking between February 2020 and February 2021 – 88 per cent of which were from individuals who had their personal accounts compromised by criminals.

The City of London Police is urging the public to secure their social media and email accounts, after more than 15,000 accounts were compromised by criminals in the past year.

Action Fraud, the national reporting centre for fraud and cyber crime, received 15,214 reports of email and social media hacking between February 2020 and February 2021 – 88 per cent of which were from individuals who had their personal accounts compromised by criminals.

The City of London Police’s National Fraud Intelligence Bureau (NFIB), which assess the reports received by Action Fraud, says almost a quarter of victims (23%) were aged between 20 and 29.

While organisations, such as limited companies, sole traders and charities, only made 1,741 reports of hacking, they reported losing £3.8 million to these crimes compared to the £283,500 lost by individual victims.

The warning comes as the NFIB’s Cyber Protect team launches a national awareness campaign (Monday 22 March 2021) around the importance of securing your accounts to keep your information out of the hands of criminals.

Superintendent Sanjay Andersen, Head of the City of London Police’s National Fraud Intelligence Bureau, yesterday said:

“Criminals hack people’s email and social media accounts to access a wealth of valuable personal information about the individual, which they can use to commit fraud. This includes passwords for other accounts like online banking. Criminals also use compromised accounts to imitate the victim online and trick their family and friends into sending money.

“One of the most important things that you can do to improve the security of your online accounts is having two-factor authentication enabled. Not only will it prevent hackers accessing your accounts even if they have your password, but it will also keep your valuable information out of the hands of criminals.”

When analysing historic data, the NFIB found that during the financial year 19/20, Facebook, Instagram and Snapchat were the most reported platforms on which people had their social media accounts compromised.

Compromised Facebook accounts were commonly used to facilitate fraud, whereas compromised Instagram accounts were often used to obtain intimate images of the account holder. Similarly, compromised Snapchat accounts were often used for blackmail offences, such as sextortion.

The NFIB say the most common tactic criminals use to facilitate hacking offences is phishing messages, where recipients will be asked to click on a link which is designed to harvest their log in details and passwords. Other phishing messages may include a malicious attachment which can lead to people’s devices becoming infected with malware.   

One victim who had multiple email and social media accounts hacked paid over £2,000 to regain access to them. Another victim reported that their hacked Facebook account was used to trick their friends into sending money to a PayPal account they thought belonged to them.

One organisation had their business account on Instagram hacked. The organisation was extorted for money in order to regain access to the account, but once the organisation had paid the initial demand, the suspect continued to demand more money.

The impact of having social media or email accounts compromised isn’t just financial. Research conducted by the NFIB found that victims said having their account compromised had a significant or severe emotional impact, as intimate photos and private details were exposed.

How to protect yourself and keep your accounts secure

• Use a strong and separate password to protect your email. You should also protect your other important accounts, such as banking or social media.
• Enable two-factor authentication (2FA). It will help to stop hackers from getting into your online accounts, even if they have your password.
• Be cautious of social media messages that ask for your login details or authentication codes, even if the message appears to be from someone you know.
• If you can't access your account, search the company's online support or help pages. You'll find information about how to recover your account.
• You can report suspicious emails you have received but not acted upon, by forwarding the original message to report@phishing.gov.uk. You can report suspicious texts you have received but not acted upon, by forwarding the original message to 7726, which spells SPAM on your keypad.

What to do if your account has been compromised

If you cannot access your account as it has been compromised, follow the NCSC’s guidance on how to recover a compromised account.

If a demand for payment is made, do not pay any money to the suspect in order to regain access to your account. It’s likely the suspect will continue to demand more money instead of giving you control of your account back.

If you have paid any money, contact your bank immediately and report it to Action Fraud online at actionfraud.police.uk or by calling 0300 123 2040 as soon as possible.