UK residents lost as much as £34.6 million to cyber crime between April and September last year, with the hacking of social media and email accounts accounting for £14.8 million in losses, the City of London Police has revealed.
The financial cost of cyber crime in the six-month period was computed on the basis of cyber crimes reported to Action Fraud which stood at 13,357 compared to 12,372 in the previous six months. Despite the small increase in the number of crimes reported to Action Fraud, financial losses in the April-September period were 24 percent higher than those between October 2017 and March 2018 (£28 million).
Out of the 13,357 reports filed with Action Fraud between April and September, 5,225 reports were filed against the hacking of social media and email accounts and these crimes inflicted a total of £14.8 million to UK residents.
In comparison, Brits lost up to £11 million to 4,796 reported instances of hacking of social media and email accounts between October 2017 and March 2018, thereby signifying an increase in both the number and financial impact of such attacks.
"Cyber crime is a growing trend with the total losses increasing by 24%. In particular criminals are targeting social media users and online account holders in a bid to make money and steal personal details. This leaves victims out of pocket and at risk of identity theft," said Commander Karen Baxter of the City of London Police.
Password re-use makes hacking incredibly simple
A major reason why hackers have been so successful in hacking social media and email accounts is that a large number of people use the same passwords for multiple accounts for the sake of convenience. This is perfectly exploited by hackers who carry out credential stuffing attacks using millions of login credentials obtained from hacker forums on the Dark Web.
In February last year, A survey conducted by the UK's Cyber Aware campaign revealed that more than half of youngsters aged 18-25 years used the same passwords for multiple online accounts and also used such accounts to transfer sensitive data like copies of passports and licences to others.
"Your email account is really a treasure trove of information that hackers won't hesitate to exploit. You wouldn't leave your door open for a burglar, so why give criminals an open invitation to your personal information?" said Mick Dodge, the national cyber-protect co-ordinator with the City of London police.
According to the Cyber Aware campaign, rather than reusing passwords or using easy-to-guess ones, youngsters should use strong and separate passwords so that they are difficult to guess. They should also try to use two-factor-authentication wherever possible to secure their online accounts from criminals.
According to Commander Baxter, in order to avoid falling victim, people should "keep a strong, separate password for their email accounts. They should also use the latest software and app updates. Always be suspicious of unsolicited requests for your personal or financial information and never call numbers or follow links provided in unsolicited texts or emails; contact the company directly using a verified and trusted email or phone number."
Focus on preventive techniques to tackle cyber crime
Commenting on the figures released by Action Fraud, Hiwot Mendahun, product manager at Mimecast, said that while these recommendations are a good starting point, they won't significantly reduce the impact of cyber crime and therefore, businesses need to focus on prevention techniques as well.
"With email at the forefront of crime, it’s right that the advice centres on good email security, but multiple strong passwords and the use of DMARC is not the silver bullet to lock criminals out. Strong passwords are no substitute for MFA, and DMARC is only helpful when attackers directly spoof the email domains of trusted and relevant organisations. Today, the reason many impersonation attacks succeed is because criminals can simply use a free email service or register a similar domain to enable them to pass DMARC checks.
"Businesses need to cultivate a culture of cybersecurity across their organisations, so any protective systems or processes in place are supported by targeted user awareness and engagement. Blindly following guidelines without adequately considering the fluctuating nature of risk will only make individuals and businesses think they are secure when they aren’t," he added.