Scam alert: social media hacking on the rise

Action Fraud has issued a warning about social media hacking after 22,530 people reported that their accounts had been hacked in 2023.
With access to your accounts, fraudsters can con your contacts, sell your info on the dark web and try to steal your identity.
Action Fraud has reported that some victims of email and social media hacking have been extorted by criminals who’ve stolen their private photos and videos.
Read on to discover how fraudsters hack your online accounts and how to recover them.
Sign up for scam alerts
Our emails will alert you to scams doing the rounds, and provide practical advice to keep you one step ahead of fraudsters.
Sign up for scam alerts
How scammers hack accounts
Fraudsters can access your online accounts in a variety of ways. If you find that one of your accounts has been hacked, you may be wondering how they gained access.
Here are some of the main ways a hacker can gain access:
- A data breach: this is when hackers gain access to a system that holds confidential data on people. Fraudsters can then use this data to gain access to accounts.
- Responding to a phishing message: scam messages that impersonate legitimate companies and contain links leading to malicious websites can be used to harvest personal details. Links can download malware to your device that steals your personal data, or cons you into entering your information on a website.
- On-platform chain hacking: a fraudster posts links to dodgy websites in the comment section of social media posts, which then asks the victim to enter their social media account details, thereby giving the fraudster access to these details. The fraudster may also message the victim impersonating one of their contacts to try and get them to share their two-factor authentication code.
- Credential stuffing: this is when hackers use one password they’ve successfully used to access other accounts from the same person.
- Shoulder surfing: this is when a scammer looks over your shoulder and watches you log in to an account.
- Malicious apps: Dodgy apps created by fraudsters that install malware on your device, which is then used to steal login information for your accounts.
Protecting yourself from hacking
Some steps you can take to prevent your accounts from being hacked are:
- Use a unique password for each account – don't use the same password across different accounts.
- Use a reputable password manager – this will look after your passwords securely, so you don’t have to memorise them.
- Create secure passwords – read our guide to understand how to make better passwords.
- Download antivirus software on your devices.
- Update your devices – updates include protection from viruses.
- Set up two-factor authentication (2FA) or two-step verification (2SV). This is when you provide a separate form of identification – such as a code being sent via text – when you log into an account.
Recovering hacked accounts
If your account has been hacked, beware of recovery scammers contacting you on social media telling you that they can get your account back. They can’t, and this is just another scam.
Go to the help page of the account provider and find out who to contact to get assistance with a hacked account. Ensure you change your password and log out of your account on all devices.
Check to see if any new ‘rules’ have been set up on your email account that you haven’t created. These can control where emails about your account are forwarded to.
Let your contacts know that you’ve been hacked and that any messages they receive are not from you.
Make sure you change passwords on other accounts in case fraudsters have also hacked into them, and check your bank statement for unauthorised transactions.
If you notice any unusual behaviour on your bank account, call your bank immediately using the number on the back of your bank card and report it to Action Fraud – or call the police on 101 if you’re in Scotland.