Action Fraud Warns Public to Enable Additional Security Layers Amid Surge in Social Media and Email Account Hacking

As cybercrime continues to rise, Action Fraud, the UK’s national fraud and cybercrime reporting service, has warned netizens to strengthen the security of their online accounts.

In the past year alone, over 33,600 people reported social media or email account hacking incidents, inflicting combined losses of over £1.4 million. This alarming trend has prompted Action Fraud to launch an awareness campaign during Cyber Security Awareness Month, highlighting the importance of enabling additional layers of security, such as two-step verification or authentication, as a defense against hacks and account takeover attacks.

The Surge in Social Media and Email Account Hacking

According to Action Fraud data, since August 2023, tens of thousands of individuals across the UK have fallen victim to account takeovers, often leading to financial losses and identity theft. Here are some of the predominant tactics hackers use to gain access to the online accounts of users in the UK:

• On-Platform Chain Hacking: This involves cybercriminals taking control of a victim’s account and impersonating them to commit other crimes. The attackers manipulate other users into sharing authentication codes sent via text or email under the guise of a trusted contact or friend. Once in control, the hackers begin promoting scams from the original owner’s account.
• Leaked Passwords and Phishing: Account takeovers or hacking also spike after phishing campaigns or data breaches that expose users’ login information (emails and password combinations). These incidents, paired with poor password hygiene (weak passwords or reusing them on multiple accounts), make it easier for hackers to gain access to numerous online platforms with a single leaked password.

Adam Mercer, Deputy Director of Action Fraud, emphasized that cybercriminals are becoming increasingly sophisticated and opportunistic, often targeting people who do not take basic security precautions.

“Cyberattacks and hacking are carried out by faceless cybercriminals who target unsuspecting victims looking to take advantage of unprotected social media and email accounts,” Mercer said. “With this being the top cybercrime reported last financial year, it’s even more important to take action and ensure you lock down your accounts.”

Mercer encourages everyone to take simple but effective measures to protect their personal information:

“Protect yourself from fraudsters trying to steal or access your valuable information by ensuring your social media and email account passwords are secure. All your passwords should be different and never shared with anyone else. If you have the option, enable 2-Step Verification to ensure you have twice the protection for all your accounts.”

How to Protect Your Online Accounts

Here are some practical steps to safeguard your online accounts and avoid becoming a victim of social media or email hacking:

• How to Protect Your Social Media Accounts from Hackers
• YouTube Account Hacked? How to Recover & Secure Your
• What Is Account Takeover (ATO) And How to Protect Against It

1. Use Strong, Unique Passwords
   It has become crucial for everybody to use strong passwords. Additionally, every online account should have a unique password. This means if one account is compromised, the others remain secure. Using a password manager is the easiest and safest way to ensure you stick to this rule, as it generates, stores, and organizes all of your online passwords.
2. Enable 2-Step Verification (2SV) or 2-Factor Authentication (2FA)
   Turning on 2-Step Verification or 2-Factor Authentication adds an extra layer of security to your accounts. When you log in from a new device or change account settings, you will be asked to verify your identity with a code sent to your phone, email, or other methods such as a link or fingerprint. This means that, if hackers do manage to get their hands on your password through a phishing link or data leak, they won’t be able to access your account unless they also have access to your device or have compromised your device using malware.

You can enable these additional layers on most major platforms, including social media and email providers like Gmail, Outlook, Facebook, Instagram, YouTube, and X.

3. Be Wary of Phishing Scams
   Phishing scams often involve fraudulent emails or messages that appear to be sent from legitimate sources or entities. These messages typically ask for personal information and login data or try to trick you into clicking malicious links. Always double-check the authenticity of emails and never share your passwords or personal information over email or text messages.

Check out our comprehensive guide on Phishing Scams here.

4. Monitor Your Accounts for Suspicious Activity
   Regularly check your accounts for unusual activity, such as login attempts from unfamiliar locations or devices. Many platforms offer security notifications, which will alert you if someone tries to access your account. If you notice anything suspicious, change your passwords immediately and enable 2SV, if you haven’t already.
5. Monitor Your Digital Identity and Stay On Top of Data Breaches
   Services like Bitdefender Digital Identity Protection continuously monitor your personal information across the web, alerting you to any data breaches or leaked information that could leave your accounts vulnerable to hackers. This service provides early warnings so you can take immediate action to protect your accounts.

You can read more about how to protect your social media accounts against hacking attempts in these dedicated articles:

What to Do If You Fall Victim to Cybercrime

If you’re a victim of hacking or fraud, act quickly to limit the potential financial and reputational damage:

• Report : If you live in England, Wales, or Northern Ireland, you can report cybercrime and fraud to Action Fraud by visiting www.actionfraud.police.uk or calling 0300 123 2040. In Scotland, victims should contact Police Scotland on 101.

-    For the US, you can file a report with the FTC and BBB.

• Change Your Passwords: Immediately update your passwords and enable 2-step verification or 2-step authentication on all affected accounts. Ensure you contact the platform’s support team for help recovering hacked accounts.
• Monitor for Further Attacks: Monitor all other online accounts for any unusual or suspicious activity, especially if you used the same password across multiple online platforms.

Simple actions like enabling additional layers of security on your accounts and using unique passwords can really help prevent hackers from accessing your personal information or taking over online accounts.

Take the time today to review your account security settings and protect yourself from cyberattacks.

Are you a Content Creator Who Wants To Be Proactive About Securing Your Livelihood and YouTube Accounts?

For content creators, particularly those on platforms like YouTube, securing your account against hackers is crucial. They often target YouTube accounts to take over channels, promote scams, or steal sensitive information. Bitdefender Security For Creators offers a comprehensive solution to secure your YouTube account against account takeovers and hacking attempts.

With dedicated features designed to protect login data, monitor suspicious activity, and provide real-time alerts, Bitdefender Security for Creators ensures your channel remains safe against hacking and your audience is safe from potential phishing scams or fraudulent content.

Key Features of Bitdefender Security for Creators:

• Account Takeover Prevention to monitor your YouTube account against suspicious login attempts and unauthorized changes, ensuring hackers cannot take over your channel.
• Real-Time Alerts: Receive immediate notifications if your account is at risk, allowing you to take quick action to prevent a breach.
• Comprehensive Account Monitoring: This feature continuously tracks your account activity and security, helping you stay a step ahead of cyber threats.