Am I a Bank Account Fraud Victim? Here’s What You Should Know.

Unfortunately, cyber attacks are becoming increasingly common and some of the statistics are scary. Of course, we recommend protecting your computer and network as the first line of defense against cyber attacks.

However, in the instance that you do notice something suspicious, responding to it quickly is of the utmost importance. Typically, the longer a cyber attack goes undetected, the more damage that can be done.

One particularly damaging type of attack is targeted towards users logging into banks and financial institutions – which could potentially give criminals direct access to your money.  Below are ways to help you and/or your employees identify when they may be the victim of cyber fraud.

Scenarios that should cause you to be suspicious:

If you receive an email alert regarding a wire, ACH, or bill pay transaction you did not initiate.

Even if the email looks legitimate, it’s likely not from your bank. Also note the address that the transaction request is being sent from. Very often hackers will use very “official” looking email addresses with subtle differences (.net instead of .com, using sub-domains, or slight misspellings). If you are sure that the email has come from your bank, reach out to the bank immediately (phone call or in person) rather than responding to the email.

If you receive an email alert regarding a change of password or email address you did not create.

Never, ever click on a link in an email to change your password unless you specifically just requested that email. Also, take a careful look at the email address, as described above, to ensure that it did in fact come from your bank.

If the login screen looks different or has unusual fields or prompts.

If anything looks different than normal about the login screen, leave the page immediately. This is especially true if there are fields that you do not recognize, as they may be phishing for additional information. Upon entering your user ID, most banks now utilize a “security image,” which is an image that you select that is present when you enter your password information. This is for your security to make it more difficult for an unscrupulous person to replicate a page unknowingly. If the image shown is different than the image you have selected, you are either on a site not belonging to your bank, or your bank’s website has been compromised.

If you see unknown transactions or balance inconsistencies on your account.

It is crucial that you regularly check your account balances. We recommend making this a part of your weekly routine. Examine to make sure the balance is what you expect, and that there are no charges that you do not recognize, even if they are smaller amounts. Smaller withdrawals from an unauthorized person could be used to test your account and see if additional activity is monitored, or to bleed out your account over time with a lesser risk of being detected.

Signs that you may have just been hacked

If any of the following scenarios apply to you, it is critical that you contact your financial institution immediately.

• If you receive a message saying online banking is unavailable due to maintenance or another reason after you just logged in.

  While this may just seem like a frustrating website issue with your bank, it is much more likely that you just entered your information into an unauthorized site and your information is compromised. There is simply no need to pass you along to a new screen because you information has been taken, so the fake website instead sends you to a “maintenance” page.

• If you log on to your online banking and are immediately logged off, your account is locked for no apparent reason, or your computer freezes.

  As with the previous scenario, these are often occurrences after you have logged into an unauthorized website. You are not able to subsequently access an actual website, and often times the site intentionally locks your computer to make the user believe this is a personal computer problem, not an internet or hacking issue.

• If you attempt to log on and receive multiple “bad password” errors.

  If you know that you entered the correct password for your account, but your bank will not accept it, and this happens multiple times, it is likely a fake website. And, the more alternate passwords you submit, the more passwords to other accounts you give the hackers.

What to do if you suspect you’ve been hacked…

No one wants to become a victim of cyber fraud, but if it does happen the first step is to contact your financial institution immediately. They will be able to provide you with the next steps according to their protocol.  We also recommend having all of your anti-virus programs up to date at all times.  For small and mid-sized businesses, we also recommend cloud security services for added protection.  Though certain kinds of attacks cannot be prevented (in a similar way that handing someone your car keys makes your alarm system unhelpful), added security can prevent some very problematic attacks from crippling your businesses infrastructure.

If you don’t know if you have the right protection for your business, give us a call.  We would always be happy to talk through your business, systems, and specific needs.

Author: Aaron White, Date: 11th March 2016