As featured in The Wall Street Journal, Money Magazine, and more!

What Happens If Your Bank Account Is Hacked?

This article was written by in Banking, Privacy and Security. 23 comments.

McAfee Labs, a company that deals with internet security from malware and hackers, has announced that a ring of criminals intend to steal money from customers with accounts at major American banks. The operation even has a codename, “Project Blitzkreig,” and is rumored to go into effect this coming spring. The fact that this plan is now out in the open makes it more likely that the cyber attack won’t occur as predicted, but it still engenders public fear and concern that our money is vulnerable when deposited into the bank.

According to CNN Money, the following banks are being targeted: Chase, Fidelity, E*Trade, Charles Schwab, PayPal, Citibank, Wachovia, Wells Fargo, Capital One, Navy Federal Credit Union, and more. There may be many reasons to dissuade a potential customer from doing business with large financial institutions, but the threat of a cyber attack shouldn’t be one. Customers who see the potential for this kind of a crime as a reason for not doing their financial business over the internet are over-reacting, but that’s little comfort in the face of fear.

Banking Deal: Earn 1.30% APY on an FDIC-insured savings account at Synchrony Bank.

The banks are liable for any stolen funds as a result of cyber crime. Customers will not lose money. If this particular attack is carried out, despite the public awareness in advance, it would work by using customers’ own computers to access their own accounts to transfer small amounts of money. With millions of zombie computers operating, this adds up to a lot of stolen cash, but any one customer would, in theory, see only a small transaction. It’s riskier for the banks than for any one customer.

Banks are hit by cyber attacks every day, and are becoming more adept at preventing breaches of security. Only the big attacks hit the news. Banks are bombarded by security threats every day, and their systems are improving exponentially for detecting and dealing with these problems.

It’s fairly simple to ensure your account is not vulnerable to this particular attack. When logging into your bank account online, most banks allow you to “remember your computer.” You can then bypass a few security questions when the bank recognizes your computer’s IPv4 address, a unique identifier for each internet connection. Hackers can spoof your IPv4 address or even use malware to hijack your computer so you don’t even know it’s accessing your bank account. It’s best to disable the “remember your computer” feature. It’s a little bit of a pain, but it’s much more secure.

Be aware of social engineering. Email programs have become very adept at filtering out spam most of the time. You may still see emails that look very much like they are official, coming from your bank, asking you to visit the bank’s website and confirm some piece of information. In reality, the bank’s website is actually a hacker’s website, designed to look identical to the official site. Never enter your password or any other identifying information on a website that you’re accessing over an insecure connection.

Internet browsers now even identify the security certificate, so when you’re visiting a secure website that’s supposed to be operated by Chase, you can verify you’re safe. Click the security icon in your browser’s address bar for more information. Here is a screenshot of what that looks like with Chrome. (Click on the image to zoom in.)

You can make your passwords as long and as random as you like, but the complexity of a password is irrelevant if you hand it to a criminal willfully.

Stashing your money under your mattress is much less safe. When you don’t like dealing with banks because you already believe that these corporations are evil, stories like those that create fear are particularly resonant. News of major security threats seem confirm the skeptic’s opinion that money is only safe when it’s cold, hard cash, not bits in a bank’s computer. The threat of your house being robbed and criminals being able to find your hidden bills or walk away with your safe is much more likely than losing money due to cyber crime.

Many people seem to be taking this particular threat lightly, and that’s a good thing. “Let them come take my $1.50.” Perhaps a sign of the economic times, bank customers reacting to the news seem hopeful the criminals will forget their true intent or press the wrong button and deposit cash into these bank accounts.

If attacks like these ever get to the point of being engaged, the banks will know before you do. They could already solve the problem before the media confirms the plan for the attack has been executed. There is no way customers have their money at risk. Federal law requires that banks are liable in the event of a security breach, and there is no bank that wants to be liable for a potentially large amount, so the companies have a very strong incentive to be very proactive and protect their customers.

I may criticize banks often, but security is one area where the needs of the customers, shareholders, employees, and executives are completely aligned.

Does news of this planned cyber attack, Project Blitzkrieg, change the way you feel about banking online?

Photo: Flickr

Updated September 23, 2015 and originally published December 13, 2012.

Email Email Print Print
About the author

Luke Landes is the founder of Consumerism Commentary. He has been blogging and writing for the internet since 1995 and has been building online communities since 1991. Find out more about Luke Landes and follow him on Twitter. View all articles by .

{ 23 comments… read them below or add one }

avatar 1 Anonymous

Planned or unplanned, it doesn’t matter. The internet is a little like the wild west. I feel vulnerable and I take precautions as much as I can. I constantly update my security program (McAfee), run virus checks and change my password periodically. I feel more susceptable on the internet than I ever did in the real world. It doesn’t stop me from anything, but it makes me pause every so often.

Reply to this comment

avatar 2 Anonymous

NO ONE can prevent a hacker from accessing your account. IF they want to target you they WILL. I have a firewall, a complicated password and important e-mails were deleted.

NOTHING can protect you from a dedicated attack.

Reply to this comment

avatar 3 Anonymous

I’m a customer of one of the banks you list, so I’m a bit concerned. As best I know, I’m doing everything I can to protect myself, but I know nothing is foolproof. I have no intention of stopping banking online though. I can’t believe this alleged attack won’t be stopped now that it’s been revealed months in advance.

Reply to this comment

avatar 4 Anonymous

I got hacked last Wednesday! I check my checking & savings on line every single day. That day I was looking at my e-mails, etc. Turned my computer off and walked out of the room. As I walked down the hall I heard something tell me “You forgot to check you checking accounts”. I believe God is looking out for me, because I went back to my computer and saw a deposit of $7000. First I thought “Oh, I won Publisher’s Clearing House” ha ha, After looking further I saw my savings account was Short $7000 & a check had been cut to a real person. I’ve had my computer hacked 16 times in the last year and I’m pretty sure I know who it is but can’t prove it. This persons name, address & phone number were on my computer but the bank didn’t seem to be the least bit interested in who did it. They just close my old one and gave me a new one. I can’t get the police to help me or the FBI. The bank said they would investigate it! Yeh, in 4 – 5 days. I don’t know what to do. This person has done all kinds of things to me but there is no way to prove it. So be careful . .. .I don’t even know this person and never seen her. She dated my X a couple of times and he told me she had hacking equipment on her computer. Now he’s dead and why I’m still getting it I don’t know they only dated 2 or 3 times.

Reply to this comment

avatar 5 Anonymous

Report the incidents to the police. The police have software detectives and are more than capable in helping you. I’ve been hacked 5 times in 6 years. Every time the police took it very seriously. My PayPal account was hacked and PayPal reimbursed me right away. The other times the bank fought tooth and nail to “not” give me my money, but half the time they ended up doing it. I am very cautious; only use PayPal and Amazon for online purchases. I do pay my Verizon bill online with a checking account (which has never been hacked). It’s only been my debit card that’s been hacked. My Google wallet account was hacked for 3 years before I put two and two together. Little amounts like $2.99, $6.99, etc… They refuse to pay me because they keep putting me off every time I’ve called! Good luck to all :)

Reply to this comment

avatar 6 Anonymous

No, the planned attack won’t change the way I bank. I too keep my computer as safe as possible and I’ve never used and e-mail ‘link’. If there is a website to go to I will get there myself if I think I need to. As a bank customer I take security just as seriously as they do and there are a couple of things I do to help out. First I download and review account information daily, including checking and credit card data. Secondly I forward all phishing e-mail to whomever is being represented. It may take a minute or two to review transactions or forward an e-mail but it well worth it if you stop an invalid charge or transaction immediately.

Reply to this comment

avatar 7 Anonymous

You can’t prevent a dedicated attack. Malware can be sent via text.

Reply to this comment

avatar 8 Anonymous

I’m not too worried. I keep my bank accounts as secure as I can and that is the best I can do. While I would freak out I’m sure the bank would catch it almost immediately. They have some sophisticated software.

Reply to this comment

avatar 9 javi

I am not worried. As you said, banks are attacked all the time. Best thing to do is go straight to the bank’s site, don’t click links from emails, and keep your computer’s security software patched and up to date.

Reply to this comment

avatar 10 Anonymous

Security software does not protect you from a dedicated attack. Security softwre protects from malware that the company provides patches/updates. A crafted malware for a specific individual is not protected by the AV programs.

Reply to this comment

avatar 11 wylerassociate

When you consider how much technology has exploded in the last 20 years along with the good & bad that it brings, there should be some anxiety when you read stories like this but the only thing you can do is due diligence.

Reply to this comment

avatar 12 Anonymous

Having a bank account hacked would be horrible. I have had my wallet stolen and it felt so vulnerable and creepy, I’m sure having a bank account hacked would feel even worse.

One thing that is good about having an online account hacked is that there is usually some sort of protection with the bank that comes along with it.

Reply to this comment

avatar 13 Anonymous

Stores and institutions have been hacked. Personal data hacks is frequently in the news.

Reply to this comment

avatar 14 Anonymous

My neighbor, who owes me some money, claims his bank account (he banks at citizens bank in PA) got hacked and the money in there is currently being held, and he cannot access it, until the investigation is complete. Right before he says he got hacked, he wrote me a few checks that totaled about $600. Each checked bounced, all saying “insufficient funds”. I find it odd that if an account was hacked then the returned checks would say “account closed” and I also find it odd that the bank would deny the account holder access to their own money. If the account was hacked then I would think the account holder would move the remaining funds in another account. Is my neighbor playing a trick, and was there a hacking at Citizens Bank?

Reply to this comment

avatar 15 Anonymous

No it happened to me for 2,000

Reply to this comment

avatar 16 Anonymous

Ransome ware it’s called. they can freeze/block your account. IF the creeps spent their time investigating a cure for Cancer, we would have it.

Reply to this comment

avatar 17 Anonymous

I try to transfer payment to Italy company the e mail hacker ed and I receive the hackers account number and my 43280 euro went to BARCLAY S bank in England and we try aimlessly since 2 month with this bank wish any body lead me to a solution with best regards

Reply to this comment

avatar 18 Anonymous

My refund from the IRS was hacked and I have been unable to get my money back as everyone is denying culpability. My refund was sent to TurboTax who sent it to Santa Barbrbra Tax Products Group who sent it to Chase Bank. TurboTax says they sent it with the correct routing and account umbers and Santa Barbara TPG says they received a different routing and account numbers and sent the money to that Chase account. Chase verifies they received the money. TPG is stating that my computer must have been hacked and they have no culpability and it is too bad and I am out of the money, I have tried everything and everyone is telling me “too bad”. I now assume it is not safe to send anything on direct deposit over the internet. Is there no recourse in this type of situation?

Reply to this comment

avatar 19 Anonymous

Chase’s recent comments about no account information having been compromised is simply false and Chase is lying about it as shown in my own case.
On 16 Sept 15 a Mory Aboubacar Sahno gained access to my Chase Account and made international wire transfers. One of the four transfers went through the Toronto Dominion Bank in Quebec and another through a J.P. Morgan Chase branch in Delaware. I contacted Chase immediately after noticing a wire transfer I did not make, bu they ultimately denied my claim to have the money put back into my account. This Mory Aboubacar even created a profile in my account listing a phone number in Quebec 514-416-4631. That allowed him to get the codes to access my account on line. Chase told me that they recognized my computer from its IP address and that the transfers were made from my computer. After more than 20 minutes of loud conversation and Chase saying they were not allowed to tell me what the IP Address of “my own computer” was, they finally relented and provided me with the IP Address of “my computer” which the customer service representative said was: mozilla/S.O.Windows NT 6.1

After telling them that this was not an IP Address it took me another 10-15 minutes to get the actual IP Address which came from San Jose CA and was not my Internet Service provider at all. The IP used came from EGI Hosting in San Jose (50.117. 78.154) and they told me that the person using it was using a proxy/VPN.

Chase never followed up and has not returned my funds. This is of course a tactic to avoid having to admit that accounts were in fact compromised. They simply say the customer’s claim was fraudulent. I sent a fax to their fraud department and also spoke with customer service, and they are simply incompetent. When I visited the Chase branch in Riverpark/Fresno for assistance, the bank manager there was very helpful but at the same time puzzled and frustrated by the main corporate office she called for an explanation of my claim denial.
I am currently exploring legal action and also intend to publicize the fact that Chase is either negligent/incompetent or intentionally lying to the public. Since this happened to my account it invariably also happened to others.

Reply to this comment

avatar 20 Anonymous

My information was hacked through a government background check. Hackers got in my bank accounts twice. The last a block was put on it so I cannot do online banking. Last week somehow they got it my checking account. My bank has done everything possible to protect my money and it has been replaced each time. What other steps my bank and I can do to stop these hackers from getting in my account? I should I put my money somewhere else? It is very stressful.

Reply to this comment

avatar 21 Anonymous

My aunt account has been hacked yesterday at Sunday … the hacker has stolen more than 3 lakhs .. wat sud I do plzz help

Reply to this comment

avatar 22 Anonymous

People hacking banks should receive the death penalty, period. It would stop tomorrow.

Reply to this comment

avatar 23 Anonymous

My account was negative and then was made positive ledger balance says $3,250 and direct deposit of $761 but account balance says zero. What could have happened?

Reply to this comment

Leave a Comment

Note: Use your name or a unique handle, not the name of a website or business. No deep links or business URLs are allowed. Spam, including promotional linking to a company website, will be deleted. By submitting your comment you are agreeing to these terms and conditions.