Protect your online accounts from hackers and enable 2SV: Action Fraud issue new warning about social media and email account hacking as new data is revealed. 

This year Action Fraud and Meta are encouraging the public to protect their social media and email accounts as data shows there were more than 35,000 reports made last year. 

Data shows there was a rise of social media and email account hacking reported in 2024, with a total of 35,434 reports made to Action Fraud, compared to 22,530 reports made in 2023.

Action Fraud, the national fraud and cybercrime reporting service, has launched a campaign, supported by Meta, to encourage people to take an extra step of online protection by enabling 2-Step Verification for each online account they have. The warning comes as reporting shows nearly £1 million was lost to hackers last year. 

The most common motives for social media hacking were either investment fraud, ticket fraud or theft of the targeted account, reporting insights revealed.

Adam Mercer, Deputy Director of Action Fraud, said:

“As social media and email account hacking remains the most reported cybercrime this year, this Action Fraud campaign marks a critical issue for everyone who has online accounts. That’s why we’re raising awareness of the ways people can protect themselves online.

“Follow Stop! Think Fraud advice and protect yourself online: enable 2-Step Verification on each online account you have – this will help prove your identity and stop fraudsters trying to steal or access your valuable information. Secure your social media and email accounts by ensuring each password is strong and uses three random words. Remember to never share your passwords with anyone else.”

David Agranovich, Security Policy Director, Meta, said: 

“Scammers are relentless and continuously evolving their tactics to try and evade detection, which is why we’re constantly working on new ways to keep people safe while keeping bad actors out. Two-Factor Authentication (2FA) is one crucial example of how people can add an extra layer of security to their Meta accounts, to help reduce the risk of scammers accessing your accounts. We’ve also started rolling out facial recognition technology to help people get back into compromised or hacked accounts and are always working on new ways to stay ahead of scammers.”

In the reports made to Action Fraud, there were various different methods of hacking highlighted, these include: 

On-platform chain hacking 

This is when a fraudster gains control of an account and begins to impersonate the legitimate owner. The goal is to convince people to reveal authentication codes, including one-time passcodes, that are sent to them via text. Many victims of this type of hacking believe it’s a friend messaging them, however the shared code was associated with their own account and the impersonator can now use it to access their account. Usually when an account is taken over, fraudsters monetise control of the account via the promotion of various fraudulent schemes, like fake tickets or crypto investment schemes, while impersonating the original account owner. 

Leaked passwords and phishing

The other common method of hacking is when account details are gained via phishing scams, or the use of leaked information used from data breaches, such as leaked passwords. This becomes prevalent as people often use the same password for multiple accounts, so a leaked password from one website can leave many of their online accounts vulnerable to hacking. 

What can you do to avoid being a victim?

Report suspicious emails by forwarding it to: report@phishing.gov.uk

Find out how to protect yourself from fraud: https://stopthinkfraud.campaign.gov.uk

If you’ve lost money or provided your financial information to someone, notify your bank immediately and report it to Action Fraud at actionfraud.police.uk or by calling 0300 123 2040. In Scotland, call Police Scotland on 101.