More than 15,000 reports of email and social media hacking were received by Action Fraud in the last year.
The UK’s fraud and cyber crime authority said almost nine in 10 incidents (88%) brought to its attention between February 2020 and February 2021 were from members of the public whose personal accounts had been compromised, resulting in £283,500 collectively being stolen.
Around a quarter (23%) were from victims aged between 20 and 29 years old.
But businesses, sole traders and charities paid the highest price, recording a loss of £3.8 million, despite only making up 1,741 alerts out of the total 15,214 sent to Action Fraud.
It comes amid a spate of coronavirus-related scams throughout the pandemic.
The City of London Police – which operates Action Fraud and the National Fraud Intelligence Bureau – is warning people and firms to secure accounts as part of a new national awareness campaign.
Use a strong and separate password
Enable two-factor authentication (2FA)
Be cautious of social media messages that ask for your login details or authentication codes, even if the message appears to be from someone you know
If you can't access your account, search the company's online support or help pages for guidance on how to recover your account
Report suspicious emails you have received but not acted upon, by forwarding the original message to email@example.com
If you cannot access your account as it has been compromised, follow National Cyber Security Centre’s guidance
If a demand for payment is made to regain access for your account, do not pay any money, as it is likely the suspect will continue to demand more money instead of giving control of your account back
“Criminals hack people’s email and social media accounts to access a wealth of valuable personal information about the individual, which they can use to commit fraud,” said Superintendent Sanjay Andersen, head of the National Fraud Intelligence Bureau.
“This includes passwords for other accounts like online banking.
“Criminals also use compromised accounts to imitate the victim online and trick their family and friends into sending money.
“One of the most important things that you can do to improve the security of your online accounts is having two-factor authentication enabled.
“Not only will it prevent hackers accessing your accounts even if they have your password, but it will also keep your valuable information out of the hands of criminals.”
Previous data from 2019 to 2020 found that Facebook, Instagram and Snapchat were the most reported platforms on which people had their social media accounts compromised.
The most common tactic criminals use is phishing messages, where recipients are asked to click on a link which is designed to harvest their log in details and passwords.
One victim who had multiple email and social media accounts hacked paid over £2,000 to regain access, while another reported that their hacked Facebook account was used to trick their friends into sending money to a PayPal account they thought belonged to them.