If someone breaks into your online banking account, your money could be gone before you know anything happened. When online thieves discover your username and password, they can access your account and transfer its entire balance to criminal accounts where it cannot be recovered.

There are several ways to compromise a bank account. Cybercriminals might trick you into entering your credentials on a webpage that looks similar to the bank’s site but instead belongs to the attackers. Malware could be installed on your computer just by clicking a link and could capture your name and password as you type them via the use of a keylogger. If you use a weak password, persistent guessing might be enough to discover it. Criminals use software tools to automate the password guessing process and speed up the time it takes to discover your password.

The person stealing from your account is not necessarily the one who obtained your password or account information first. Banking passwords and account numbers are bought and sold on the Dark Web. It has become a business and today’s cybercriminals are organized and have specialties.

How to guard against bank account theft

It is important to protect your account against online theft. Consumer receive protections under Federal Reserve Regulations, that requires banks and credit unions to reimburse for certain fraud losses resulting from unauthorized electronic fund transfers.

There are several measures you can take to make account theft more difficult:
  • Use a strong password. It should be at least twelve characters and not follow any guessable pattern. Include numbers or special characters to make it stronger and more complex. Do not write it down where others can find it. Instead, store all of your passwords in a password safe. If you have multiple accounts, use a different password for each one. The password safe will make it easier to manage and access your passwords when you need them.
  • Enable two-factor authentication. Confirmation of your login through an SMS message or other channel means that your password alone is not enough to get in.This added layer of security could be the differentiating factor from a criminal accessing your account or not.
  • Set up automatic alerts in the case of unusual activity on your account. They can include transfers above a certain amount, addition of new online payees, a large number of consecutive failed logins, transactions that could not be completed, and falling below a certain balance level.
  • Don’t conduct online banking over public Wi-Fi. It has no security, and others can eavesdrop on your activity. If you often access your accounts while traveling, a trustworthy virtual private network (VPN) provides security wherever you are.t.
  • Be wary of phone calls and emails that claim to be from your bank. Never access your online account by clicking on a link in an email message (always use a bookmark or the bank’s mobile application.) If your unsure about the caller, hangup and dial the phone number on the back of your bank credit/debit card. Additionally, your bank will never ask you to provide your Social Security Number, ATM or debit card PIN or any other sensitive information via email.

What to do if your account is hacked

If you receive a transaction alert from your bank that does not make sense to you, log into your account as soon as possible and see if anything looks wrong. If you see suspicious activity, notify your bank immediately. If you cannot log in to your account, that’s a sign that your account may have been compromised and you should alert  your bank to the situation. In addition to the guidance you receive over the phone, please:

  • Change your password and verify that the email address tied to your account has not been changed,
  • Ensure the fraud alerts or account alerts for your bank account are turned on,
  • Run a malware scan on your computer or contact the BlackCloak Team, and
  • Ensure dual factor authentication is turned on.

The faster you act and notify your bank, the better your chances you have of being reimbursed. You will protect yourself from claims that you were careless, as well as help prevent further losses. If you do not notify your bank within 60 days after receiving the bank account statement showing the unauthorized transaction(s), you may forfeit your ability to be reimbursed.