Most of us keep our money in bank accounts. And thanks to FDIC insurance, it's a safe place to do so. But your bank account is also a major target for cybercriminals, scammers and fraudsters.Â
For the bad guys, business is booming. Global financial fraud exceeded $5 trillion dollars in 2019. And last year, bank fraud led to nearly $500 billion in stolen funds, according to the 2024 NASDAQ Global Financial Crimes Report.Â
Bank accounts are likely to become an even bigger target of cybercrime as consumers demand new and easier ways to access their funds. I've been working in bank security since the 1980s and know some of the best tried and trusted methods to protect your hard-earned cash.
Read more: Is That Text From Your Bank Legit? How to Detect and Avoid SMS Phishing ScamsÂ
What are the most common bank account takeover scams?
Scammers have a long list of ways to get you to cough up your sensitive bank account information or crack the code themselves. The following are some of the most popular:Â
- Phishing attacks: Attackers use email, text messages and even phone calls to try and trick you into revealing your username or password.
- Credential stuffing: Criminals use automated tools to test millions of stolen username and password combinations against thousands of accounts in the hopes that you have reused a password.
- Password spraying: A close cousin of credential stuffing, but rather than using known or stolen username and password combinations, criminals will instead test the most commonly used passwords.
- Social engineering: Criminals trick you into believing that they're someone else, perhaps from your bank. Phishing is often the first step in this type of attack.
- Check fraud: There are lots of different types of check fraud, ranging from stealing and altering checks, to creating entirely new checks using real account information accessed via data breaches.
- Authorized push payments: These are also often referred to, sometimes incorrectly, as Zelle fraud. This is where thieves will try to trick you into making a payment through a payment app like Zelle or Venmo, or into authorizing a payment and providing access to your bank account.
- Wire fraud: Criminals can do this either by accessing your account and initiating the wire transfer, or through scams like tech-support and overpayment scams. Criminals love wire transfers because once initiated they're almost impossible to stop or reverse.
- ATM fraud: Yes, these are still alive and kicking. ATM machines compromised by skimming devices can steal your card and PIN number and can be used to access and drain your accounts.
How to protect your bank account from scammers
Like everything else in security, it can be as simple as ABC: awareness, behavior and choices.
Awareness is not just about recognizing all the different types of scams that are out there. It's also being aware of new and emerging threats so that you can remain one step ahead of criminals.
Behavior is how you react to those threats when they arise. Things like slowing down, recognizing the tell-tale signs of a phishing email, thinking before you click, and being smart with your passwords all go a long way.
Choices allude to those extra layers of protection and security options that you have at your disposal and should use. These include many of the following:
Two-factor or multifactor authentication
Your bank or credit union will send you a unique code to your phone when you try to access your account from a device it doesn't recognize. This might feel a little inconvenient and add a few extra seconds to the login process, but it's well worth it.
Security keys
If you want to go one step further, consider using a security key. This is a small electronic device that you can keep on a key fob or at your desk, and is tied to each of your accounts.
In order for criminals to access any of your protected accounts, they would need not just your password, but also need access to that key.
If you lose the key, many apps will offer other multifactor authentication options for you to confirm your identity. But the best thing to do is to have a backup security key stashed away in a safe place.Â
Get better about password hygiene
You should make every password as long and complex as possible, and ideally as close to 20 random characters as you can. You should also avoid reusing the same password on multiple accounts. Attacks like credential stuffing will catch you out. If you find this cumbersome, sign up for a password manager (CNET recommends Bitwarden).
Most importantly, don't share your important passwords with anyone unless you absolutely have to, and never in response to a communication that you're not expecting. If you ever receive a text, email or other alert that claims to be coming from your bank, don't respond directly. Instead call your bank using the customer service number available on their website to verify that the alert is genuine.
A hacker gained access to my bank account. Now what?
Speed is of the essence here. Chances are as part of the account takeover criminals will change the phone number and email address that you use for verification, so relying on those to prove your identity might not be enough.
Contact the fraud department of your bank or credit union immediately and ask that they pause all payments, withdrawals and transfers.
It might be an inconvenience, and it could also mean that you might not be able to pay your bills on time, but it's a better option than watching your bank account get drained by criminals. The faster you respond, the more likely it is that you'll be reimbursed for any money stolen from your back accounts.
Once everything has been frozen, check the extent of the damage done. Change your email and password you use to log in as well as any multifactor authentication settings and security questions on your account.
It's also smart to check your credit reports to make sure that the attack is not part of a wider attack on your identity.
Read more: How to Check for Bank Accounts You Didn't Sign Up For
Be a vigilant human when scammers come calling
Fraud is everywhere and only being accelerated by the adoption of AI by cybercriminals. The best defense is still HI, or human intelligence. Your bank accounts are already very safe but given how creative and relentless hackers can be, your awareness, behavior and choices are still your best bet for keeping the bad guys out.
I've met many criminals and fraudsters over the years and all have said the same thing: What they most fear, what they struggle the most to bypass, is the vigilant human. The most powerful security technology of all is wedged right between your ears. Use it.
For an additional way to keep your money and data safe, consider signing up for identity theft protection. These services can monitor your credit reports, bank accounts and personal information on the dark web.
Protect your personal data and get peace of mind with CNET's top pick for identity theft software.
