With millions of pounds lost by online fraud victims in Kent every year, it's vital not to become a statistic. We look at how to identify criminals who steal your data or money online

Increasingly elaborate email fraudsters are continuing to trick unsuspecting victims across the county - including an apparently indiscriminate 'sextortion' scam which includes users' real passwords to convince them to part with cash.

Victims of online scamming, in all its forms, lost some £28 million between October 2017 and March 2018, according to Action Fraud, the UK's national reporting centre for fraud and cybercrime.

And in addition to warnings to ensure passwords are regularly changed, we are also advised to take extra care on the information we put on social media, to prevent becoming easy targets for criminals.

But it is the threat coming directly into our in-box which continues to pose problems.

"The cyber criminals of today use incredibly sophisticated methods," explains Dr Jason Nurse, assistant professor in cyber security at the University of Kent.

"They run it like a proper business. The amounts of money they stand to make are incredible.

"They look at any way to capitalise on weaknesses in the situation and exploit people. Then they invest the cash into how to make more money.”

The problem is fuelled by an increasing number of data breaches at major companies - the result of which sends the personal details of millions of us onto the dark web, where databases are bought and sold - often including people's passwords and bank details.

Just two weeks ago, the hotel chain Marriott saw 500 million customer details pinched, while there have been similar breaches with the likes of Ticketmaster, Vision Direct and British Airways in recent months.

Of increasing concern is an email which claims to have taken over users' webcams and accessed social media accounts.

It then claims to have recorded the 'victim' watching pornographic content and threatens to send the footage to all their contacts unless a ransom is paid up in untraceable online currency Bitcoin.

What makes many anxious - even those with nothing to hide in their browsing history - is that it quotes their real password in the threatening email.

An Action Fraud spokesman said: "There have been thousands of reports made to us from concerned victims who have received these scary emails.

"In a new twist we've not seen before, the emails contain the victim’s own password in the subject line.

"Don’t reply to the email, or be pressured into paying: it only highlights that you’re vulnerable and you could be targeted again.

"Perform password resets as soon as possible on any accounts where you’ve used the password mentioned in the email.

"The cyber criminals of today use incredibly sophisticated methods... they run it like a proper business" - Dr Jason Nurse

"If you have received one of these emails and paid the fine, report it to local police."

Adds Jason Nurse: "The Nigerian prince scam which was so prevalent a few years ago, preyed on people's good nature and the thought they could benefit financially.

"But using fear with additional evidence is something else. It's a really big issue if they can get enough people to respond.”

Some reports have suggested it has already yielded £400,000 to crooks.

"As soon as one person pays, the criminals know it is true and then they might go back and tell them they need to pay more,” adds Mr Nurse.

“It's like never negotiating with terrorists. You can't take a bad guy at their word, basically."

According to many, there is no evidence to suggest the threat is real.

Consumer magazine Which? said: "They almost certainly haven’t gone to the trouble of compromising your computer and are trying to scare you into paying up.

"Someone who really did have evidence of you doing something unsavoury would probably send you a screen-grab or similar to convince you and scare you further."

Another recent spate of email scams Action Fraud has been made alert to, show fraudsters sending out fake TV Licence emails regarding refunds and payment issues to people across the UK.

Action Fraud warned the information could lead to fraudsters "draining bank accounts and committing identity fraud".

When a victim clicks on the link, they will be led to a convincing looking TV Licensing website. The website is designed to harvest as much personal and financial information as possible from the victim. It is just a scam.

A TV Licensing spokesman added: “TV Licensing will never email customers, unprompted, to ask for bank details and/or your personal information or tell you that you may be entitled to a refund."

One thing you can be sure of in the new year is a surge in the number of emails being sent claiming to be from the HMRC.

Explains Mel Stride, the financial secretary to the Treasury: "We know that criminals will try and use events like the end of the financial year, the self-assessment deadline, and the issuing of tax refunds to target the public and attempt to get them to reveal their personal data. It is important to be alert to the danger."

Generally, these emails are known as 'phishing' - which at first glance appear to be from reputable organisations but are in fact a clever method of extracting sensitive personal information to exploit.

A scam several years ago claimed to attach a receipt for the Dart Charge - but which was in fact a virus.

The truth is that crooks can make their money by sending millions of emails – but only require a handful of people to be duped to make a small fortune. Make sure you’re not one of them.

Concerns have long been aired over the amount of information we release on social media about ourselves – inadvertently revealing key personal information which crooks can exploit.

Get Safe Online is a public / private sector partnership supported by the government and leading organisations in banking, retail, internet security and other sectors.

Tony Neate, its chief executive officer, explains: “People are increasingly oversharing on social media and apps without thinking about the consequences.

“Seemingly harmless posts, photos and details in your profile could actually leave your privacy exposed.

“An innocent location check-in or a photo of your new driving licence, for example, could be invaluable to criminals, who are expert at putting together snippets about you to build a bigger picture with a view to defrauding you or stealing your identity.

“Think through not just what you’re sharing but who you’re sharing it with.

"For instance, if you have an open social media account, you’re sharing with the whole world, not just with the people in your own groups.

"Even if it’s set to private, you can’t be sure it hasn’t been passed on.

“For your own privacy and safety’s sake, some things are better kept offline or private, so always be aware of what you share."

The Get Safe Online organisation offers the following advice to avoid cybercrime.

• Never reveal personal or financial data including usernames, passwords, PINs, memorable phrases or ID numbers.
• Be aware that sender email addresses can be spoofed to appear as if they’re being sent by an organisation or person you know. Even these spoofed addresses can appear authentic when you mouse over/click them.
• Always have internet security software loaded, switched on and kept updated on your computer. Download security apps on all your mobile devices too, including Apple.
• Be very careful that people or organisations you’re supplying payment card or other confidential information to are genuine, and then never reveal passwords.
• Remember that a genuine bank or other organisation will never ask you for your password via email, text, instant message or phone call.
• Don’t readily click on links in emails, texts or posts/tweets from unknown sources, this could lead to viruses or your confidential information being compromised.
• Don’t open email attachments from unknown sources, as they may cause your device to be infected with ransomware, spyware or other malware.
• Update software and apps when prompted, including operating systems. These often contain security updates that could guard against malware.