What Should You Do If Your Bank Account Is Hacked?
Your worst nightmare has come true. A hacker has gained access to your online banking account and completely wiped out your savings. So what can you do?
This scenario sounds unlikely, but it can still happen. Modern identity verification is less secure than you think it is, and even SMS-based two-stage authentication can be overcome. That TAC number your banks sends over SMS isn’t much safer either. It just makes things a little harder for hackers and hopefully deter them enough that they go bother someone else.
So what do you do in the unfortunate event that you fall victim to cybercriminals?
Notify your bank
Naturally, the first thing you need to do is contact your bank and inform them of the situation. Calling customer support and getting your account frozen until things can be sorted out is extremely important in ensuring that you don’t lose even more.
Banks have safeguards against this sort of thing happening and will conduct an internal investigation to sort it out. So there’s nothing to worry about; you will get your money back. Aside from the fact that someone has run off with your hard earned money.
Check for malware
Now that your money is secured, you need to ensure that you change the metaphorical locks and bar the metaphorical windows. Your first step is to figure out how you got hacked in the first place.
Many cybercriminals use social engineering to obtain login information. This is mainly done by anonymously contacting the victim and tricking them into giving up personal information that can be used to gain access to the account. Alternatively, this method is also used to install malware that gives the hacker access to the victim’s computer.
Malware can also be distributed in many other ways. These include trapped email attachments, hacked files (usually pirated movies, songs, games, software), and occasionally display ads.
In the case of being tricked to give information; there’s nothing much that can be done aside from learning a valuable lesson about trusting strangers. But if you’ve been tricked into installing malware, you need to ensure that you remove it from your computer. Otherwise you’re just going to fall victim again and again.
Ask your tech savvy friends if you’re not sure how to go about this. Malware removal could get complicated if the people who hacked you know what they’re doing.
Now, it may not be your fault that your online banking account was hacked. After all, the hackers could have gone after the bank instead of just taking advantage of individuals. It’s more profitable to hack banks or the SWIFT payment system.
Still it’s better to cover all your bases at this point.
Change your password
Now that you’re sure your money isn’t completely lost to the void, you can start locking things down. Changing your password is the bare minimum that needs to be done. Even if you never find out how the hackers broke into your account.
There are more than a few stories about how to go about making a secure password. For the most part, a longer password is better than a short one. The best advice we’ve ever seen is to simply use a phrase that’s easy to remember or refer to this comic.
It’s also important that you use a different password for each account. This is to prevent you from being hacked multiple times due to a single security breach.
Two factor authentication – called 2FA – is a system that sends you an additional randomised security code (often called a one time password or OTP) before you are able to log into your account. SMS is the most commonly used these days, but some companies like Google prefer app based verification.
The idea here is that while a hacker may steal your password, they are unlikely to also get ahold of your phone at the same time. Ideally, this forms a secure identification system. It’s not perfect, but it strikes a decent balance between security and convenience.
Most banks also use 2FA as an additional layer of security for making online transactions. This precautionary measure keeps you aware of any attempts at unauthorised access to your account.
Check credit/debit card statements
It’s unlikely that someone has stolen both your online banking account and credit/debit card information. Banks are usually very good at detecting suspicious activity and alerting you, but it helps if you’re also paying attention to whatever is going on.
If anything, it helps to ensure that you’re not the victim of two different cyberattacks. Cybercriminals targeting credit card information often have a different approach and you may not even be aware that your card number has been stolen.
Do not panic. Cyberattacks happen and are sometimes completely out of your control.
What you need to do is understand that banks have precautions against this sort of thing happening. You won’t lose your money, although you may be mildly inconvenienced for a few days.
At most, take it as a lesson about practicing good cybersecurity measures and not taking anything for granted.
Update: We’ve removed the reference to PIDM. The body does not directly insure savings. We apologise for any confusion caused.