The two most frequent methods of hacking found by Action Fraud were ‘on-platform chain hacking’ and leaked passwords.
On-platform chain hacking involves a fraudster gaining control of a social media account and then convincing the victim’s contacts to send over an authentication code sent to them by text.
Once the authentication code is received through impersonating the hacked phone’s owner, the fraudster can make money through sending bulk messages to people selling fake tickets to events or other scam promotions.
The other prevalent practice was the use of phishing scams to garner leaked passwords and data.
Phishing attacks are messages sent over email, text or dodgy online adverts that tempt recipients to a website to enter sensitive data including payment details, passwords and personal information.
How life insurance can benefit your health and wellbeing over the decades
Sponsored by Post Office
Those websites included in the phishing scams vary, ranging from delivery companies and online shopping services to UK Government departments like the DVLA or HMRC.
If successful, the scammers will then have their victim’s payment details or password to log into banking apps or pay for goods online.
New regulation will be introduced on 7 October that enforces payment service providers and banks to reimburse victims of scams automatically, unless they were deemed to be “extremely careless”.
The maximum a person can claim from that date will be £85,000, after initial plans from the Payment Systems Regulator (PSR) revealed it would be up to £415,000.
While the amount covers 99% of the cases, according to the PSR, there has been criticism from consumer groups that “the watered down amount” is not enough to cover the most extreme fraud incidents.
‘Lock down your accounts’
Adam Mercer, deputy director of Action Fraud, said: “Cyberattacks and hacking are carried out by faceless cybercriminals who target unsuspecting victims looking to take advantage of unprotected social media and email accounts. With this being the top cybercrime reported last financial year, it’s even more important to take action and ensure you lock down your accounts.”
Mercer added: “Protect yourself from fraudsters trying to steal or access your valuable information by ensuring your social media and email account passwords are secure. All your passwords should be different and never shared with anyone else. If you have the option, enable two-step verification to ensure you have twice the protection for all your accounts.”
The national fraud and cyber crime reporting service noted the two best ways to tackle the two most regular hacking methods are through keeping strong passwords and turning on two-step verification for all of your emails and social media accounts.
For passwords, it recommends you make them up of three random words you can easily remember.
Two-step verification means that when you sign in on a new device, a second piece of information will be requested to confirm it is you logging into the account. Some accounts will have this added automatically, like Google, whereas others will require you to set up this process.
