Scams are rife, especially online: in 2017 hackers stole $172 billion (£130.7bn) from 978 million people across 20 different countries, according to Norton. In fact, these days you're far more likely to be robbed online than mugged in the street. We take a look at 2018's most notorious scams and online attacks. 

"Number spoofing" scams are when fraudsters are able to hide behind the mask of your bank's number, making it seem like they are genuinely your bank. The result of bank data leaks means it's been catching quite a few people out in 2018.

Read: 20 secrets banks don't want you to know about

In June 2018, British newspaper The Sun reported the case of Joan Wilson, 61, who lost $52,897 (£40k) in a "number spoofing" scam. Thinking that she was on the phone to her bank she was tricked into giving the scammers a code generated by her home card reader, and enabled them to get hold of her money. In January 2018, loveMONEY reported on a similar bank text scandal that was sending texts supposedly from HSBC.

If your bank calls or texts you, don't trust it and definitely don't give out any of your details. If in doubt, contact your bank yourself so that you can be sure you are actually communicating with it.

The Fake Microsoft Warning browser hijack is an internet virus that can be hard to spot. The first symptoms may be an unexpected change in your default browser or homepage search engine, but you'll know you are infected when pop-up banners bombard your screen, becoming almost impossible not to click. What's the motivation for these hackers? Well, the more ads you click on the more money they make.

But it's not impossible to get rid of – installing virus detection software should help.

What animal are you? Which Harry Potter house would you be in? Social media quizzes are undeniably fun. But sometimes things that seem very innocent aren't. Some quizzes are designed to steal your data in an outright scam. By hiding embedded links in the quizzes hackers can steal information from your social media account, and in some instances that of your 'friends'.

So be careful what you click on when you're trying to find out which Star Wars character you are most like...

Read: 36 fast facts you probably didn't know about Facebook

Money-flipping on Instagram isn't new to 2018, but the practise is still catching people out. Scammers are using the photo-sharing platform to convince users to give them small amounts of money, which they promise they will 'flip' or double. It's a very tempting offer, doing nothing but seeing your money grow.

IT security firm and social media specialist ZeroFOX reports that the Instagram hackers look to target military personnel by using military-specific hashtags. Why? Those in the military are used to making overseas transfers, and have bank accounts that offer faster transactions and can withdraw larger sums of money. But sadly it's just not real.

In May 2018 the authorities warned about a Russian malware called VPNFilter. The hacking campaign affected over half a million routers in 54 countries worldwide, creating a massive botnet and directly spying on and manipulating web activity.

Thankfully the FBI seized the key domain that was used to infect the routers after a month. It traced the work to a hacking group called Sofacy – which also goes by the names of Fancy Bear, Sednit and Pawn Storm – a network which is no stranger to hacking scandals: it was behind the 2016 hack of the Democratic National Committee.

Read about The secrets hackers know to steal your money

The Dridex banking trojan has been around for a couple of years now but it continues to infect computers, mainly in the UK and US, as the latest version Dridex 4.8 was released in December 2017. The trojan, which gathers sensitive financial information for fraudulent purposes, conceals itself in a seemingly harmless Word or Excel attachment which, when downloaded, activates a macro to infect the system.

This trojan targets individuals and businesses alike – and the attachments are getting more sophisticated, with some being sent as scanned documents from office printers and copiers. You know the drill, always think twice about opening or downloading anything you're not 100% sure about, and if you are infected there are tools that you can download in order to rid your system of the bug.

Read these 16 common email scams and how to spot them

At the end of February 2018 Under Armour's MyFitnessPal app was hacked, so that usernames, email addresses and passwords for the app's 150 million users were at risk. Under Armour discovered the issue in late March and thankfully had a system set up so that even more sensitive information such as location data and credit card numbers were not found.

Under Armour demonstrated incredible levels of transparency by revealing the hack within a week, and describing how it had used a password hashing process – bycrpt – to convert the stored passwords into something unintelligible. Sadly though, the company wasn't able to protect all compromised passwords with such a powerful encryption process, instead only using a weaker, and easily hackable SHA-1 service for many. Good work, but still not quite good enough.

For just over two weeks in the summer of 2018 hackers had access to the personal and financial details of BA customers who had booked online. This affected around 380,000 transactions and bookings that took place on ba.com and the airline's app.

British Airways admitted that the hack in August and September 2018 meant that customers' names, email addresses and credit card information, including the three digit CVV code numbers, had been stolen. The airline said that those affected would be reimbursed, and that it would pay for a credit checking service.

Between February and June 2018 hackers accessed the log in data for 40,000 Ticketmaster UK accounts. As a result some of the affected customers were scammed out of money.

The data hack was actually discovered by start-up bank Monzo when 70% of its customers reported fraud on 6 April, the same day on which they had used Ticketmaster. However, Ticketmaster ignored Monzo and denied a breach until months later; it wasn't until June that it finally admitted it had taken place. Ticketmaster users are recommended to change the password that they use to log in to the site.

In June 2018 the email addresses of an undisclosed number of Reddit users were accessed by hackers. Reddit reported the issue to law enforcement and is cooperating with the investigation. Reddit also messaged user accounts if there was a chance the credentials taken reflected the account’s current password. 

Anyone who shopped online at Macy's or Bloomingdales.com between 26 April and 12 June 2018 could have had their personal information or credit card details stolen.

Macy's has not confirmed how many people were affected by the leak, but it is thought that it was a small group of people that Macy's contacted directly.

In June, Adidas' US site became the victim of hackers, with customer data such as email addresses and passwords being leaked. However, the company has said that the hack only affected customers who bought Adidas items from the US site.

One saving grace in Adidas' hacking situation is that the hacked passwords had been stored with encryption, and they would need to be decrypted in order to be used.

Saks Fifth Avenue's parent company Hudson's Bay revealed in April that there had been a data breach on its store's payment system, and the credit and debit card details of its customers were at risk. Thankfully, the hack didn't affect any online shoppers.

Sadly the hack also impacted Lord & Taylor, which Hudson's Bay Co. also owns. It is thought that the hacking group called JokerStash was behind the hack as the group were selling the details from over five million stolen credit and debit cards at the time.

The Marriott Starwood database hack was exposed in November 2018, but began as early as 2014. The records of 500 million customers were revealed to be hacked, of which 327 million had a combination of personal information such as name, address, DOB, passport number and other account information, leaked. In some instances, encrypted card information had also been hacked, and Marriott has since admitted that the key to the encryption may also have been lost.

The brands affected by this large scale data breach are W Hotels, Sheraton, Le Meridien, and Four Points by Sheraton, and could see the Marriott Hotel Group hit by a very hefty GDPR fine once the UK's data regulator has finished its investigation. Marriott has set up a website for affected customers.

Between 3 and 8 November online contact lenses supplier Vision Direct saw its website compromised. During that time anyone who logged into the site to make a purchase had their personal data and payment details, including their card's CVV number, at risk.

One silver lining is that it is only the Vision Direct website that has been affected, and that its existing database of customers has not been compromised. But if you did use the website to make a purchase in early November check your bank statements, and get in touch with Vision Direct's customer services team.

In December 2018, question-and-answer website Quora announced that its data records had been hacked. The names, email addresses and encrypted passwords of over 100 million users – about one third of its active monthly user base – are at risk. Quora has emailed the users who have been affected.

While it took place a few years before, one of the most controversial data breach reveals of 2018 was that data analytics firm Cambridge Analytica had harvested 50 million Facebook profiles, collecting personal information and data on individual's engagement via an app, in order to predict and influence the choices of voters in political elections.