Note: This article is part of our Basic Banking series, designed to provide new savers with the key skills to save smarter.
Despite an overall decline in fraud, high-impact bank fraud — which includes opening new accounts under a victim's name and taking over a victim's existing account via mobile phone — is on the rise, according to Javelin’s 2019 Identity Fraud Study. Nearly a quarter of fraud victims paid out-of-pocket costs as targets of fraud in 2018, almost three times as many as in 2016.
Here's how you can stay ahead of potential threats and avoid falling victim to bank fraud.
How to recognize bank account fraud
Three common ways fraudsters access your bank information include phishing, malware and scams.
Phishing occurs when someone tricks you into giving them your personal information usually by posing as a business, your place of work, or your bank. Fraudsters may send you personalized emails that come from email addresses that mimic someone in your address book. Fake websites and personalized emails can appear very similar to what you’re used to in order to trick you into entering your personal information.
Examples of common phishing emails include:
- Requests for charitable donations
- Credit card applications
- Online shopping advertisements
- Seemingly important files, such as tax forms, that request your login information in order to download
Malicious software, or malware for short, is a type of virus usually acquired through an email attachment, internet pop-ups or through downloading bad programs to your device. This software is designed to give fraudsters access to a computer without notifying the owner that their device has been compromised.
These viruses are built to bypass normal security features and often have the ability to record your keystrokes — so-called “keyloggers” — and may also crash your computer and phone while allowing another person to monitor your activities online.
Malware can come in a variety of forms, but some examples include:
- Electronic greeting cards or e-cards
- File attachments
- Links to infected webpages
You’re likely familiar with scams and the general concept of how they work. Rather than infect your computer, scams rely on bait that lures the victim into giving up their information willingly. This can come in the form of get-rich-quick schemes, deals that are too good to be true or a service that you feel is necessary, such as debt repair or student loan relief.
The scammer might convince you to complete a wire transfer, send funds through a money transfer service, such as PayPal, Zelle or Venmo, give up your credit card information. When you input your financial information, a fraudster is on the other end waiting to take advantage.
9 tips to avoid bank fraud
- Read email carefully.
- Update your computer and mobile security software
- Avoid suspicious downloads
- Use a credit card or a prepaid card to shop online
- Be skeptical of unsolicited emails, text messages or phone calls
- Keep passwords complex and use two-factor authentication
- Monitor your credit card and bank account.
- Be suspicious of phone calls asking for personal information
- Freeze your credit
To avoid phishing schemes, make sure you’re paying close attention to the details of your emails. While email addresses that impersonate someone you know but are slightly off can be a tip, keep in mind that scammers can hack accounts of known senders. Pay attention to other things like typos, unfamiliar links, attachments and any other awkward or urgent language. Do not click on any links in the email that appear suspicious or enter any of your bank information. If you have a feeling that the email is fraudulent, contact your bank immediately to verify.
Avoiding a phishing scheme can also help you to avoid malware. One of the best things you can do is to install anti-virus software, and keep your computer and mobile phone constantly updated with the latest software versions released by manufacturers. Because hackers are constantly evolving, developers routinely put out new updates with fresh security protections.
Since no method of protection is perfect, you’ll want to double-check the sources and validity of the content and apps that you’re downloading while online, and always avoid suspicious pop-up ads. If you notice unusual behavior on your computer, such as sporadic shutdowns or an increase in pop-up ads, you may be infected.
If this is the case, the University of Texas at Austin Center for Identity recommends the following approach: Stop using the computer for shopping, banking or any other transactions that involve passwords and other personal identification information. If you have security software, make sure it's updated and then run a security scan. Then, consult an IT professional.
Avoiding all online shopping is becoming a more difficult objective. Consider shopping online using a prepaid debit card loaded with enough cash to complete your purchase but nothing more. If someone steals your account info, they won’t actually get access to your bank this way. A credit card is an even better choice than a debit card for online shopping, as it comes with lower liability limits, which means you won’t be on the hook for stolen funds.
Your best defense against scams is skepticism. You should be suspicious of emails, texts or phone calls coming from unknown senders and unfamiliar organizations. This is especially true if the emails contain links, attachments or requests for personal information. Do not give any personal information until you are able to verify the legitimacy of any claims that are made, and never open an attachment from an unknown sender.
Password123 just won’t cut it these days. Create complex passwords that are at least eight characters long and include uppercase and lowercase letters, numbers and symbols. Avoid creating passwords that are related to personal information, such as your birthday or mother's maiden name, and use a different password for each account. Use a password manager tool if you have trouble keeping track of all your passwords.
Always choose two-factor authentication if the services or sites you use online offer it. This security technique means a site will send you a text message or an email to verify your identity before letting you log on.
Sign up for a credit monitoring service, and make sure to check your credit report once a year. Some credit monitoring services even provide a layer of identity theft protection. On top of that, you should be checking your bank accounts regularly to ensure your statements are accurate.
Phone scams are can be tricky. Often, callers will impersonate your bank, a familiar company or a government organization, such as the IRS. They can even mimic a local phone number or a trusted organization on your caller ID, a trick called "spoofing." Don't ever give up personal information like your Social Security number or credit card number to these callers. If you think the call might be legitimate, hang up, look up the organization's official contact information online and call them.
As a last resort, you may also freeze your credit, but this measure will only prevent fraudsters from opening new accounts in your name. It does not prevent criminals from using your current credit cards or prevent identity theft.
How to report bank fraud
If you suspect fraud in your account, you should immediately contact your bank to alert them. Your next step should be changing your passwords, PIN and other login information to prevent further damage. Finally, you can report consumer fraud to the Federal Trade Commission by calling 1-877-FTC-HELP. Identity theft can also be reported online at IdentityTheft.gov.
If you feel your Social Security information was compromised, you may also consider contacting the Social Security Administration Fraud hotline at 1-800-269-0271. You will also want to thoroughly review your credit report. If you find any accounts that you did not open, you can ask the credit bureau to remove it, contact the institution where the account was opened and have it closed.
How do banks investigate unauthorized transactions?
Once a bank transaction is reported as unauthorized, the bank must investigate your claim to verify that the transaction is fraudulent. In the meantime, your account will be frozen and a new debit card will be sent to you.
The bank typically has 10 business days to investigate, although 20 days are allowed if the account is less than 30 days old. If your bank needs more time to investigate, they will offer you a temporary reimbursement of missing funds, although your bank can subtract up to $50 from that reimbursement.
You might be asked to send written confirmation of your claim, and you should do so as quickly as possible to speed up the investigation process. If your bank determines a transaction is fraudulent, they have one business day to return any stolen funds for which you aren't liable.
The bottom line on bank fraud
Many banks have boosted their efforts in preventing potential fraudulent charges by adding credit-monitoring features and protections in recent years; but you will still need to do your part to keep yourself safe. Checking your bank accounts and credit reports regularly as well as avoiding scams and phishing schemes can go a long way.