UK social media and email account compromises surged by 57% in 2024, resulting in nearly £1m ($1.3m) in victim losses, according to new figures released by Action Fraud.
The national fraud and cybercrime reporting body revealed it had received 35,434 reports of these hacks in 2024, which compares to 22,530 in 2023.
The most common motives for account compromises were investment fraud, ticket fraud or theft of the targeted account, Action Fraud reported.
One prominent tactic highlighted in the report was ‘on-platform chain hacking.’ This is where a fraudster gains control of an account and impersonates the legitimate owner to conduct follow-on attacks.
The malicious actor messages the account owner’s contacts with the goal of convincing them to reveal authentication codes, including one-time passcodes, that are sent to them via text.
This information allows the fraudster to access those accounts.
Victims are particularly susceptible to this type of hacking because they believe it’s a friend messaging them.
Fraudsters also frequently look to monetize compromised accounts through the promotion of various fraudulent schemes, like fake tickets or crypto investment schemes, while impersonating the original account owner.
Action Fraud emphasized that many account compromises are a result of phishing attacks, in which victims are duped into giving away their log in credentials.
Another common approach is credential stuffing – in which hackers attempt to log into accounts using leaked usernames and passwords from data breaches.
Users Urged to Enhance Authentication
In conjunction with the new research, Action Fraud and social media giant Meta launched a campaign to raise awareness around how people can better protect themselves online.
This includes ensuring that email and social media passwords are different to all other passwords. Users are advised to combine three random words to create a unique password that is long and easy to remember.
Additionally, users should turn on two-factor authentication (2FA) for these accounts to add an extra layer of protection.
David Agranovich, Security Policy Director at Meta, said the company is working on new measures to protect customer accounts in the face of rising compromises.
“2FA is one crucial example of how people can add an extra layer of security to their Meta accounts, to help reduce the risk of scammers accessing your accounts. We’ve also started rolling out facial recognition technology to help people get back into compromised or hacked accounts and are always working on new ways to stay ahead of scammers,” he noted.