The nightmare begins when you wake up and realize someone has gained access to your bank accounts and drained them overnight. It may sound like a fantasy, but bank account takeover is a real problem for many Americans, and in 2017, U.S. citizens lost more than $5.1 billion to this type of scheme.
What is Bank Account Fraud?
Bank account fraud is when an identity thief gains access to a bank account that is not their own. They use stolen credentials to access the account(s) and initiate unauthorized transactions. The scariest part about this is when the hackers gain access, they change the login information and security questions, so the rightful owner is essentially locked out of their own bank accounts. When they call the bank to find out what is going on, they appear to be the ones pulling a fast one.
How Does Bank Account Fraud Occur
Unlike credit card fraud that is usually discovered and contained within a few days, bank account takeover is much more serious. It can go on for weeks and even months without the user knowing anything has gone wrong. The damage is also more substantial. Some of the ways account fraud occurs are through:
Phishing emails - you receive an email that looks like it came from your bank. It alerts you to some problem and says you have to verify your login credentials. Without thinking, you click the link, and it takes you to what appears to be the normal bank login, you enter your username and password, and nothing happens. You have handed your login over to criminals who faked the email and the website. Now, these fraudsters have control of your bank account and all your money
Data breaches - there have been dozens of data breaches in recent years. Most of us have had at least some of our personal data stolen or compromised in this way. Even the tiny thread of email addresses, usernames, and passwords can lead a cybercriminal on the path to more of your private information. A lot of this stolen data shows up on the dark web for purchase or up for grabs. Hackers could use your breached data in credential stuffing schemes and might get lucky if you used the same username/password combination on multiple websites.
Phone scams - sometimes criminals who have a small amount of information about you will call pretending to be the IRS, Social Security Administration, or some other figure who you might feel comfortable giving information to. They use scare tactics and threats to get you to provide your social security number, credit and debit card numbers, and even banking information to use in identity theft schemes or fraud.
Malware - another very profitable way that fraudsters get ahold of your banking information is through malware which can be through mobile apps or emails. A lot of this could be avoided. Malware gets on your computer when you click a link in an email, download attachments from someone you don’t know, or visit an infected website. It may appear as a free download of software or a Flash update. Once you install it, however, the hacker can gain access to all areas of your computer, including bank account logins. Some of these malicious programs called “key loggers” will copy your keystrokes when you go to log in, and the damage may be unlimited. Sometimes malware will redirect you to other malicious websites instead of your intended destination. A serious threat facing mobile device users is Mobile Banking Trojans via texts, which overlays the mobile device when the bank app is opened, so you essentially enter your credentials into a false front, and now the hackers have it. These programs are so sophisticated they can even intercept wire transfers from your mobile device.
Man-in-the-middle attacks - this type of account takeover is perpetrated by infecting public Wi-Fi spots so that when you connect your mobile device to it, the hacker can spy on your activities and even take over, copying your bank login and accessing your accounts. Basically, he or she stands between you and your financial institution, hence the name “man-in-the-middle.”
How to Prevent Accounts Fraud
Unfortunately, the bad guys keep coming up with inventive new ways to steal your information and get at your money. However, the old adage goes, “An ounce of prevention is worth a pound of cure.” That statement is appropriate with bank account fraud. It’s much easier to prevent it from ever happening than to recover from it after the fact. Some of the ways you can protect yourself are:
- Always use complex, strong passwords for all your accounts, especially bank and credit card logins.
- Never use the same credentials on multiple accounts.
- Change your passwords often.
- Consider using a password vault, which will store all your passwords and create long, hard-to-decode passwords for you.
- Keep all your devices updated with the latest operating system and security patches.
- Install good antivirus software with malware/ransomware protection and run deep scans often.
- Consider using a VPN, especially when connecting to unsecured Wi-Fi hotspots. A VPN can mask your IP and keep your data safe when transmitting between you and your bank.
- Sign up for two-factor authentication whenever you have the option.
- Keep an eye on your bank accounts. Check them frequently and monitor for any suspicious activity.
- Sign up for credit monitoring with a company like IDStrong.com to alert you of data breaches that you may be included in, and your information showing up on the dark web.
Additionally, never trust an email even if it looks legitimate. Fraudsters are very skilled at making emails and websites that look real but are fake. Do not click links or download attachments from inside it. Always open a new browser window and log onto your bank or credit card company from there. Use common sense and if you notice anything out of place, take quick action to secure your accounts safely.