Warning issued about social media and email account hacking after reports jump
Action Fraud has launched a campaign, supported by Meta, to encourage people to enable two-step verification.
Social media and email account hacking reports jumped last year, according to Action Fraud data.
A total of 35,434 reports were made to the fraud and cybercrime reporting service in 2024, compared with 22,530 reports made in 2023.
Action Fraud has launched a campaign, supported by Meta, to encourage people to take an extra step of online protection by enabling two-step verification for each online account they have.
The most common motives for social media hacking were either investment fraud, ticket fraud or theft of the targeted account, Action Fraud said.
Adam Mercer, deputy director of Action Fraud, said: “As social media and email account hacking remains the most reported cybercrime this year, this Action Fraud campaign marks a critical issue for everyone who has online accounts.”
David Agranovich, security policy director, Meta, said: “Scammers are relentless and continuously evolving their tactics to try to evade detection, which is why we’re constantly working on new ways to keep people safe while keeping bad actors out.
“Two-factor authentication (2FA) is one crucial example of how people can add an extra layer of security to their Meta accounts, to help reduce the risk of scammers accessing your accounts.
“We’ve also started rolling out facial recognition technology to help people get back into compromised or hacked accounts and are always working on new ways to stay ahead of scammers.”
Hacking methods highlighted by Action Fraud included fraudsters gaining control of an account and impersonating the legitimate owner to convince other people to reveal authentication codes.
Many victims of this type of hacking believe they are being messaged by a friend. Often when an account is taken over, fraudsters use it to promote fake tickets or crypto investment schemes, while impersonating the original owner.
Another common fraud happens when account details are gained via phishing scams or data breaches, such as leaked passwords.
People often use the same passwords across their accounts, so a leaked password from one website can leave several online accounts vulnerable to hacking.
