As featured in The Wall Street Journal, Money Magazine, and more!
     

What Happens If Your Bank Account Is Hacked?

This article was written by in Banking, Privacy and Security. 7 comments.


McAfee Labs, a company that deals with internet security from malware and hackers, has announced that a ring of criminals intend to steal money from customers with accounts at major American banks. The operation even has a codename, “Project Blitzkreig,” and is rumored to go into effect this coming spring. The fact that this plan is now out in the open makes it more likely that the cyber attack won’t occur as predicted, but it still engenders public fear and concern that our money is vulnerable when deposited into the bank.

According to CNN Money, the following banks are being targeted: Chase, Fidelity, E*Trade, Charles Schwab, PayPal, Citibank, Wachovia, Wells Fargo, Capital One, Navy Federal Credit Union, and more. There may be many reasons to dissuade a potential customer from doing business with large financial institutions, but the threat of a cyber attack shouldn’t be one. Customers who see the potential for this kind of a crime as a reason for not doing their financial business over the internet are over-reacting, but that’s little comfort in the face of fear.

The banks are liable for any stolen funds as a result of cyber crime. Customers will not lose money. If this particular attack is carried out, despite the public awareness in advance, it would work by using customers’ own computers to access their own accounts to transfer small amounts of money. With millions of zombie computers operating, this adds up to a lot of stolen cash, but any one customer would, in theory, see only a small transaction. It’s riskier for the banks than for any one customer.

Banks are hit by cyber attacks every day, and are becoming more adept at preventing breaches of security. Only the big attacks hit the news. Banks are bombarded by security threats every day, and their systems are improving exponentially for detecting and dealing with these problems.

It’s fairly simple to ensure your account is not vulnerable to this particular attack. When logging into your bank account online, most banks allow you to “remember your computer.” You can then bypass a few security questions when the bank recognizes your computer’s IPv4 address, a unique identifier for each internet connection. Hackers can spoof your IPv4 address or even use malware to hijack your computer so you don’t even know it’s accessing your bank account. It’s best to disable the “remember your computer” feature. It’s a little bit of a pain, but it’s much more secure.

Be aware of social engineering. Email programs have become very adept at filtering out spam most of the time. You may still see emails that look very much like they are official, coming from your bank, asking you to visit the bank’s website and confirm some piece of information. In reality, the bank’s website is actually a hacker’s website, designed to look identical to the official site. Never enter your password or any other identifying information on a website that you’re accessing over an insecure connection.

Internet browsers now even identify the security certificate, so when you’re visiting a secure website that’s supposed to be operated by Chase, you can verify you’re safe. Click the security icon in your browser’s address bar for more information. Here is a screenshot of what that looks like with Chrome. (Click on the image to zoom in.)

You can make your passwords as long and as random as you like, but the complexity of a password is irrelevant if you hand it to a criminal willfully.

Stashing your money under your mattress is much less safe. When you don’t like dealing with banks because you already believe that these corporations are evil, stories like those that create fear are particularly resonant. News of major security threats seem confirm the skeptic’s opinion that money is only safe when it’s cold, hard cash, not bits in a bank’s computer. The threat of your house being robbed and criminals being able to find your hidden bills or walk away with your safe is much more likely than losing money due to cyber crime.

Many people seem to be taking this particular threat lightly, and that’s a good thing. “Let them come take my $1.50.” Perhaps a sign of the economic times, bank customers reacting to the news seem hopeful the criminals will forget their true intent or press the wrong button and deposit cash into these bank accounts.

If attacks like these ever get to the point of being engaged, the banks will know before you do. They could already solve the problem before the media confirms the plan for the attack has been executed. There is no way customers have their money at risk. Federal law requires that banks are liable in the event of a security breach, and there is no bank that wants to be liable for a potentially large amount, so the companies have a very strong incentive to be very proactive and protect their customers.

I may criticize banks often, but security is one area where the needs of the customers, shareholders, employees, and executives are completely aligned.

Does news of this planned cyber attack, Project Blitzkrieg, change the way you feel about banking online?

Photo: Flickr
CNN

Published or updated December 13, 2012. If you enjoyed this article, subscribe to the RSS feed or receive daily emails. Follow @ConsumerismComm on Twitter and visit our Facebook page for more updates.

Email Email Print Print
avatar
Points: ♦127,470
Rank: Platinum
About the author

Luke Landes, also known as Flexo, is the founder of Consumerism Commentary. He has been blogging and writing for the internet since 1995 and has been building online communities since 1991. Find out more about him and follow Luke Landes on Twitter. View all articles by .

{ 7 comments… read them below or add one }

avatar krantcents

Planned or unplanned, it doesn’t matter. The internet is a little like the wild west. I feel vulnerable and I take precautions as much as I can. I constantly update my security program (McAfee), run virus checks and change my password periodically. I feel more susceptable on the internet than I ever did in the real world. It doesn’t stop me from anything, but it makes me pause every so often.

Reply to this comment

avatar Kurt @ Money Counselor

I’m a customer of one of the banks you list, so I’m a bit concerned. As best I know, I’m doing everything I can to protect myself, but I know nothing is foolproof. I have no intention of stopping banking online though. I can’t believe this alleged attack won’t be stopped now that it’s been revealed months in advance.

Reply to this comment

avatar SteveDH

No, the planned attack won’t change the way I bank. I too keep my computer as safe as possible and I’ve never used and e-mail ‘link’. If there is a website to go to I will get there myself if I think I need to. As a bank customer I take security just as seriously as they do and there are a couple of things I do to help out. First I download and review account information daily, including checking and credit card data. Secondly I forward all phishing e-mail to whomever is being represented. It may take a minute or two to review transactions or forward an e-mail but it well worth it if you stop an invalid charge or transaction immediately.

Reply to this comment

avatar Lance @ Money Life and More

I’m not too worried. I keep my bank accounts as secure as I can and that is the best I can do. While I would freak out I’m sure the bank would catch it almost immediately. They have some sophisticated software.

Reply to this comment

avatar javi ♦80 (Newbie)

I am not worried. As you said, banks are attacked all the time. Best thing to do is go straight to the bank’s site, don’t click links from emails, and keep your computer’s security software patched and up to date.

Reply to this comment

avatar wylerassociate ♦162 (Cent)

When you consider how much technology has exploded in the last 20 years along with the good & bad that it brings, there should be some anxiety when you read stories like this but the only thing you can do is due diligence.

Reply to this comment

avatar Tushar @ Everything Finance

Having a bank account hacked would be horrible. I have had my wallet stolen and it felt so vulnerable and creepy, I’m sure having a bank account hacked would feel even worse.

One thing that is good about having an online account hacked is that there is usually some sort of protection with the bank that comes along with it.

Reply to this comment

Leave a Comment

Connect with Facebook

Note: Use your name or a unique handle, not the name of a website or business. No deep links or business URLs are allowed. Spam, including promotional linking to a company website, will be deleted. By submitting your comment you are agreeing to these terms and conditions.

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Previous post:

Next post: