ActionFraud - National Fraud & Cyber Crime Reporting Centre - Call 0300 123 2040

Action Fraud issues a new warning to stay safe online after £1.3 million lost from hacked email and social media account scams last year

More than 22,500 people had their social media or email accounts hacked last year, new data shows.

Data from Action Fraud, the national fraud and cybercrime reporting service, shows that 22,530 people reported that their online accounts had been hacked in 2023, with victims losing a total of £1.3 million.

Pauline Smith, Head of Action Fraud, said:

“Anyone with a social media or email account can be a target for fraudsters or cyberattacks. It is important to take action to secure your accounts, as fraud becomes even harder to detect with technology on a global scale.

“Protect your information by ensuring your email and social media passwords are secure and different from all your other passwords. You can also set up 2-step verification for a layer of extra security. Remember, prevent the potential for fraud and hacking, never share your password or any 2-step verification code with anyone.”

In the reports made to Action Fraud, there were various different methods of hacking reported, including:

On-platform chain hacking

This is when a fraudster gains control of an account and begins to impersonate the legitimate owner. The goal is to convince people to reveal authentication codes that are sent to them via text. Many victims of this type of hacking believe it’s a friend messaging them, however the shared code was associated with their own account and the impersonator can now use it to access their account. Usually when an account is taken over, fraudsters monetise control of the account via the promotion of various fraudulent schemes, while impersonating the original account owner. 

Leaked passwords and phishing

The other predominant method of hacking reported is leaked information used from data breaches, such as leaked passwords, or account details gained via phishing scams. This becomes prevalent as people often use the same password for multiple accounts, so a leaked password from one website can leave many of their online accounts vulnerable to hacking. 

What can you do to avoid being a victim?

  • Use a strong and different password for your email and social media accounts. Your email and social media passwords should be strong and different from all your other passwords. Combining three random words that each mean something to you is a great way to create a password that is easy to remember but hard to crack.
  • Turn on 2-Step Verification (2SV) for your email and social media accounts. 2-Step Verification (2SV) gives you twice the protection so even if cyber criminals have your password, they can't access your email or social media account. 2SV works by asking for more information to prove your identity. For example, getting a code sent to your phone when you sign in using a new device or change settings such as your password. You won't be asked for this every time you check your email or social media.

If you live in England, Wales and Northern Ireland and have been a victim of fraud or cybercrime, report it at or by calling 0300 123 2040. In Scotland, victims of fraud and cybercrime should report to Police Scotland on 101.

Suspicious emails should also be sent to SERS at [email protected].

Find out how to protect yourself from fraud:

Most shared articles

Related articles