As we continue to become increasingly reliant on the internet, opportunities for those with sinister intentions are on the rise. A study by online security firm RiskIQ revealed that cyber crime cost the global economy $1.5 trillion (£1.2tn) in 2018 alone, which is double the 2017 figure. Click or scroll through to take a look at the worst online scams and hacks of 2019. 

Also known as digital or web skimming, this scam is basically an evolution of ATM skimming. Criminals steal customers' card details by adding their own code to a company's website, which means they can see the card information as it's being entered. This type of scam has become so popular with cybercriminals over the last year that the FBI issued a warning to the private sector in October 2019. The most notable example of this was the attack on British Airways in 2018, in which the data of around 500,000 customers was stolen while they made transactions via the airline's website. British Airways was fined $230 million (£183m) and it was later reported that the hackers had made nearly $13 million (£10m) by selling the stolen data on the dark web. 

Unfortunately, there isn't much you can do to avoid or detect a formjacking scam. The company's website will appear to be running as normal and, as the malware is added to their site rather than downloaded to your computer, antivirus software is unlikely to notice anything unusual. So make sure you monitor your card statements regularly so you spot any fraudulent activity sooner rather than later.

This is one of the most prevalent online scams today. Criminals persuade victims to make a payment into their account by posing as a real organisation, or promising products that are never delivered. APP fraud in the UK amounted to over $268 million (£208m) during the first six months of 2019, according to UK Finance. That's an increase of $77 million (£60m) from the same period in the previous year. One tragic example reported by the New York Times involved an American woman being duped into transferring $93,000 (£71,000) to a fraudster posing as a US soldier who needed help bringing $12 million (£9.2m) worth of gold from Syria. When the contact failed to meet her at the airport and she realised she'd been duped, the victim took her own life. 

When it comes to avoiding this type of scam, being overly cautious is best. If an offer or deal sounds too unrealistic or too good to be true, it probably is. If someone contacts you claiming to be from a company or organisation, call or email them directly using the details on their official website. You should also keep in mind that just because someone has information about you does not mean they're genuine.

If you've received one of these emails in your spam folder, you're definitely not alone. This scam, in which fraudsters threaten to release compromising photos of you unless you make payment, increased by 242% in 2018, according to data from the FBI. Security software company Cofense analysed seven million of these emails in the first half of 2019 alone, and found that around $1.5 million (£1.1m) in bitcoin payments had been made by victims who believed they were being blackmailed. 

While very few people fall for the scam, FBI special agent Siobhan Johnson revealed that "we really do see people spending $50,000." These emails can seem scary at first glance; they will often contain details such as your password, taken from a previous data breach. However, it's very unlikely that you have actually been recorded. If you receive one of these messages, it's best to just ignore it. Don't open any links or attachments that come with it as they're likely to contain viruses.

In this scam the victim is targeted via phone, email or pop-up ad. The fraudster will ask for remote access to the victim's computer to fix a virus or other issue, then they search the device for the victim's financial details. According to the City of London Police this is currently one of the most common online scams, with more than 2,000 cases reported to UK anti-fraud body Action Fraud each month. Microsoft reported one case where a Dutch victim lost $109,000 (£84k) after falling prey to the scam.

Technology companies are working with police forces globally to crack down on this scam. In December 2018 Indian police raided 16 fake call centres and arrested 39 people who had been posing as tech support staff from companies such as Microsoft, Google and Dell. In the meantime, if you receive this type of call, you should hang up and call the company directly to check if the call was genuine. Don't give anyone control of your computer or hand over your payment details.

Crowdfunding sites such as GoFundMe and Kickstarter are a great way for people to fund all kinds of projects. However, they can also be used with sinister intentions. In 2017 a Nevada woman was sentenced to 12 years in prison after conning people out of donations for her "terminally ill" son. More recently, the US Federal Trade Commission (FTC) launched a legal case against start-up business iBackPack, which was seeking funding to manufacture backpacks, in May 2019 following claims that the company's CEO kept much of the $800,000 (£618k) funds for himself, while no backpacks have materialised.

If you're considering making a contribution to a crowdfunding campaign, make sure you carry out some research first. Does the person or company behind the project seem legitimate? Have they had any previous campaigns? Avoid any projects that seem unrealistic or offer a product or incentive that seems too good to be true.

In a ransomware attack, hackers break into a computer system and prevent the owner from accessing their files. Payment via bitcoin is usually demanded in order to release the files. While this type of scam is less common, with only 1,493 cases reported to the FBI in 2018, they can be very lucrative for criminals. In 2019 the state of Florida paid out a total of more than $1 million (£800k) to hackers after its systems were targeted in two separate attacks.

This type of scam is being increasingly targeted at businesses rather than individuals, with 81% of attacks on companies in 2018, according to Symantec. In either case, there are precautions that can be taken to reduce the damage caused. Make sure your system is regularly backed up, so you can restore it to a previous version if you do fall victim to an attack. Use antivirus software and ensure all of your software is updated whenever an update is released to fix any security blindspots discovered.

This scam became widespread in 2019. Victims receive an automated call telling them that someone has signed up for an Amazon Prime subscription on their account. They're then told to press 1 on their phone keypad to cancel, at which point they're transferred to the scammer, who collects their credit card details. Data from the UK's Action Fraud agency revealed that victims had been conned out of over $517,000 (£400k) between September and November alone while The Guardian reported that one elderly woman in the UK lost $32,000 (£25k) after falling for the scam. 

If you receive a suspicious phone call from someone claiming to be from Amazon, keep in mind what a company spokesperson told North Wales Live: "We will never call a customer for payment outside of our website." Do not provide the person with any of your personal details, instead hang up and call Amazon on the number listed on their website; they'll be able to tell you if you do have a Prime subscription.

BEC scams target an employee, usually in finance or HR, who is sent an email purporting to be from an executive at the company who needs them to make an urgent funds transfer. One of the most shocking cases occurred in September 2019 when an employee at The Toyota Boshoku Corporation, a Toyota parts supplier, was convinced to change account information for an online payment. As a result, the company was defrauded out of $37 million (£28.5m).

Researchers believe that around 75% of businesses are targeted with at least one BEC scam each year. Businesses should make sure they are aware of the risks and have procedures in place to verify that payment requests are legitimate. If you're an employee authorised to make fund transfers, you should double check email addresses to ensure the request has definitely come from someone within the company.

In April 2019 Microsoft discovered that its online development tool Visual Studio had been targeted in what is known as a supply chain attack. Rather than attacking the company's network directly, the hackers implanted malware into the code used by developers who work with the tool. This resulted in three video games being infected and passing malware into the computers of hundreds of thousands of players. The majority of those infected were based in Asia, with notorious hackers Barium considered the likely culprit.

Capital One suffered a huge data breach in July 2019, believed to be one of the largest in banking history. The personal details of 106 million customers were allegedly accessed by a woman called Paige Thompson. Capital One stated that Thompson had used a "configuration vulnerability" to infiltrate the database, but added that no credit card information had been accessed. Thompson is facing up to 25 years in prison if found guilty. The breach is expected to cost Capital One between $100 and $500 million (£77m-£387m) in fines, according to an expert at Morgan Stanley.

Facebook appeared to have suffered yet another customer data breach in 2019 after TechCrunch broke a story in September claiming the phone numbers of over 419 million of its users had been discovered online. It remains unclear who took the data and for what purpose, but it was found in databases on Amazon's cloud computing service by a security research company. A Facebook spokesperson later told Engadget that "the dataset has been taken down and we have seen no evidence that Facebook accounts were compromised." However, it's worth regularly changing your password just in case.

A WhatsApp hack first came to light in May via a report by the Financial Times. It said that a vulnerability in the app allowed hackers to install listening technology when users answered a call through WhatsApp. In October this year WhatsApp launched a lawsuit against Israeli surveillance technology company NSO, who it alleged was behind the attacks. An investigation alongside Citizens Lab had revealed that top government and military officials were among those targeted in the hack. 

In February 2019 a severe vulnerability in Apple's FaceTime app was discovered by 14-year-old Grant Thompson. The bug allowed people to listen in after calling someone via a group chat on the app, even when the call was not answered. Despite multiple warnings to Apple by the Thompson family, the issue went ignored until it went viral on social media. The bug was fixed nine days later via a software update, and Apple later said it would compensate Thompson for identifying the bug.

Australian design tool Canva saw almost 140 million user records breached in May 2019. Hackers stole usernames, email addresses and passwords, although the company stated that as the latter are encrypted they will be unreadable. While Canva said it had acted immediately after the breach, some criticised the company for the way it seemed to use it as a marketing opportunity. In a statement put out following the attack, the company detailed its latest acquisitions before it mentioned the breach. Users of Canva have been urged to change their passwords.

More than 100,000 people found their data breached following a cyber attack on a US Customs and Border Protection (CBP) contractor in June 2019. Hackers managed to access photos of drivers' faces and license plates, as well as budget lists, presentations and passwords from CBP and other government agencies. The subcontractor, later identified as Perceptics, was suspended a month later, amid claims of “lack of business honesty or integrity” but was reinstated after agreeing to change its security processes. Data stolen in the hack was later found being sold online.

Game company Epic Games was forced to warn users of its hugely-popular online video game Fortnite of a cyber attack in August 2019. The hack centred around a third-party cheat tool that had been infected with ransomware. Once downloaded onto a user's device, the ransomware locked files on their system and threatened to delete everything if payment was not made before a specific deadline. An earlier attack in November 2018 allowed hackers to take over players' accounts.

The China-based hacking collective Barium believed to be behind the Microsoft Visual Studio attack allegedly carried out another hack on the Live Update Tool of computer manufacturer ASUS. While the attack began in 2018, it wasn't reported until March 2019, when it was revealed by security company Kaspesky Lab that hackers had placed code into the update tool, delivering it to users via a software update. Interestingly, only a small number of users were targeted.

In January 2019 Chilean Senator Felipe Harboe took to Twitter to criticise ATM software company Redbanc for failing to disclose a data breach that had occurred in December 2018. A strange story then unfolded. After applying for a fake job on LinkedIn, a Redbank employee's computer was hacked when they were asked to download a programme as part of the interview process. With malware downloaded to their work computer, hackers were incredibly able to breach the whole Chilean ATM network. It's believed the group behind the attack was Lazarus, a hacking collective with ties to North Korea that is also thought to have carried out the huge WannaCry ransomware attach in 2017, as well as multiple cryptocurrency hacks at a total cost to individuals and organisations of $571 million (£442m) in 2017 and 2018.

In June 2019 a concerning audit was released by NASA detailing a cyberattack that had taken place in early 2018. It revealed that an unknown hacker had managed to break into the agency's server and steal 23 restricted files from the Jet Propulsion Laboratory. NASA has been tight-lipped in terms of the exact information that was compromised. The hacker reportedly broke into the system via a NASA employee's tiny $30 Raspberry Pi computer, and rather worryingly went undetected for 10 months. 

In September 2019 security company vpnMentor made the shocking discovery that the personal details of almost every Ecuadorian citizen was openly accessible online. The data included names, contact details, family records, government IDs, and account balances for around 20 million people, including children. A senior executive of marketing company Novaestrat, a former contractor for the Ecuadorian government, was arrested for illegal possession of the data. 

EA Sports, the creators of the Fifa video games, suffered a rather embarrassing situation in October 2019 when players' personal data was exposed to other users. New players signing up to massively popular soccer game Fifa 20 Global Series online reported that the form was already filled with other gamers' details, including those of well-known professional gamers. EA Sports apologised for the issue, which affected around 1,600 users, and said it was confident the error had been permanently resolved.

In February 2019 an online security firm discovered customer data from the American Medical Collection Agency for sale on the dark web. The agency, which collected payments on behalf of laboratories such as Quest Diagnostics, had data on almost 20 million people stolen, including dates of birth, social security numbers, and payment information. A high number of fraudulent credit card charges were reported as a result of the breach. The company filed for bankruptcy soon after.

See some incredibly valuable items stolen in 2019

In one of the largest hacks of 2019, around 100 million customer records were stolen from online invitation service Evite back in February. This information included names, email addresses, IP addresses and passwords belonging to the site's users, which were found to be on sale on the dark web. Evite confirmed the hack in June, despite the breach first being flagged by technology website ZDNet in April. The hacker, known online as Gnosticplayers, remains anonymous. 

Discover 19 famous names scammed for their fortunes

VPNMentor came across a worrying data breach by identity company Suprema in August 2019. Personal data, including fingerprints, photographs, names, addresses, and passwords, were found unprotected in the company's database for its BioStar 2 tool. The BioStar platform is used by companies and organisations such as the UK's Metropolitan Police. While the data was made secure a week later, it remains unclear how long it was vulnerable, and whether anyone outside of the company used it. Suprema denied the breach was as large as first reported.

Experts reveal online scammers' tricks and how to spot them