In 2018, hackers broke into the bank accounts of nearly 100,000 Canadians and threatened to release loads of personal data unless they were paid $1 million. Personal data stolen included names, account numbers, passwords, account balances, phone numbers and even Social Insurance Numbers.
What should I do if my bank account is hacked?
If you notice any unusual activity, notify your bank immediately.
Cyber attacks on banks happen all too frequently. Thankfully, most banks are well protected against hackers and have solid first response plans in place to protect customers should they become the victim of an attack.
The threat of a cyber attack shouldn’t deter you from using a financial institution, but it does stand as a reminder to be very cautious when banking. Should your hard-earned money be compromised, however, here’s how to regain control of your account.
Signs your account may have been compromised
- Strange purchases. Seeing activity that’s out of the ordinary may be the first clue that a hacker has infiltrated your account. Watch for transactions made in locations where you haven’t been.
- Unfamiliar transactions. Sometimes you’ll notice small yet unfamiliar purchases. Thieves often do that to test if your card will work before making larger ones.
- Blocked login. If a hacker accesses your account from an unfamiliar location or tries your password too many times, your account may block you from logging in.
- Phone call from your bank. If your account is compromised, your bank may call to notify you of the recent breach. However, it’s essential that you don’t provide the caller with any personal information.
- Closed or emptied account. In more extreme cases, you may find that your bank account has been emptied or closed altogether.
- Denied card. If your account is compromised, your account could be emptied or your card could be frozen by your bank, leading to denied transactions.
Depending on your bank, it will notify you of suspicious activity and automatically cancel fraudulent charges and issue you a new card.
What to do if your bank account is hacked
If you believe your account has been hacked, there are a few important steps you should take:
- View and verify account activity. First, go through your account activity to confirm any fraudulent charges. Some legitimate transactions may seem fraudulent if the company does business under a different name.
- Call your bank. Once you’ve confirmed that your account has been hacked, call your bank to report the fraud. They can help you solve the issue and possibly return funds to your account.
- Freeze your account. If possible, freeze your bank account online, on the app or by speaking with customer service.
- Change your pins and passwords. Change your bank account pin to something entirely different and secure. Also, consider changing the passwords to your online banking account, email and other online accounts — and try not to use the same password.
- Check your credit history. If your bank account is hacked, it’s possible that the hacker tried to open a credit card in your name. Speak with your bank to find out if they can check your credit history for free.
- File a police report. Finally, consider filing a police report. It’s unlikely that you’ll have any information on the person who hacked you, but reports from multiple victims could increase the chances of the thief being caught.
What to do if you don’t agree with your bank’s fraud resolution
In most cases, you won’t be liable for funds lost due to hacking and fraud. However, if you don’t agree with your bank’s fraud resolution, follow the steps below. You can also check out these helpful resources on the Government of Canada’s website.
- Keep a record of all communications with your bank.
- Speak with the fraud department directly.
- Escalate your case to a manager or supervisor.
- If all else fails, look into your bank’s dispute resolution procedures and get in contact with the bank’s ombudsman or third-party reviewer.
- Complain to your provincial financial services regulator or the Financial Consumer Agency of Canada if the preceding steps fail to resolve your problem or if you can’t find information on your bank’s dispute resolution process.
How you can get hacked or defrauded
Knowing the weak spots that hackers look for, and the tricks they use, can go a long way in protecting you from cyber theft:
- Weak passwords. Using simple, easy to guess passwords can put your accounts at risk.
- Fraudulent texts and phone calls. Beware of any emails or phone calls from numbers claiming to be your bank. They might just be looking to steal your information to access your account.
- Phishing links. Watch out for unfamiliar links in emails or while browsing online. While they might look legitimate, these links and websites are designed to look official to trick you into entering your information.
- Malware. This type of virus can be picked up from sketchy websites and emails, infecting your computer and possibly intercepting your information and passwords.
- Leaks. Websites and banks affected by security breaches can allow unauthorized people to access your info. It’s essential that you use different passwords for all of your online accounts. Otherwise, a breach on one website could affect all of your online accounts.
- Public Wi-Fi. Avoid logging into your bank account on public Wi-Fi, as hackers could use the public connection to intercept your information and access your accounts.
- Social engineering. Some hackers will go the extra mile to access your information by calling your bank and impersonating you. And since most banks will use your personal information to verify your identity, it’s important to not give your personal information to strangers.
- Card scanners. These devices — when placed over an existing, legitimate card scanner — will take a picture of your card and could record your pin. When using an ATM in an unfamiliar location, wiggle the card socket to check for a fraudulent card scanner.
How to prevent bank account hacking
Stay safe online
- Check for site security. Most legitimate sites will have privacy and security terms that you can review. Secure URLs start with https — not http.
- Avoid public networks for banking. That means no quick peeks at your finances while you’re out shopping or working. Using public networks can compromise your personal security and put your information at risk.
- Don’t give your contact info to strangers. Confirm who’s calling or writing first before providing any information.
- Run antivirus and anti-malware software. Doing so could prevent computer viruses and the loss of your information.
- Beware of spam. Email software is effective at getting rid of spam most of the time. However, hackers design sites that mimic bank websites, so random emails that ask you to go to the bank’s website to confirm your information are most likely a scam.
Use strong passwords
- Don’t use the same passwords. Avoid using the same passwords for multiple online accounts. Otherwise, a security breach on one website could compromise all of your accounts.
- Keep your passwords and pins safe. That means not giving them out to anyone, including family, friends or anyone soliciting them over email. Also, try not to write them down.
- Strong security questions. The answers to your security questions won’t be verified, so you can choose any answer you’d like. Consider making the questions difficult or the answers harder to guess.
- Two-factor authentication. If possible, sign up for two-factor authentication. This security measure will require you to confirm your identity with your phone or email in addition to providing your usual password, decreasing the chances of unauthorized access.
- Use more characters and symbols in your password. The more characters in your password, the better. A mix of random letters, numbers and special characters will take much longer to crack than a simple word or series of numbers.
- Report suspicious activity. Report any suspicious people or unverifiable companies soliciting your banking information to the Canadian Anti-Fraud Centre.
- Contact your bank.
- Double-check your transactions. Look over your statements for any fraudulent purchases and report anything suspicious right away.
- Keep an eye on your credit history. With your banking information, someone else could sign up for credit cards and other financial products that would affect your credit. Check your credit history if you think your account is at risk. If you’ve been hacked, contact Canada’s two credit bureaus, Equifax and TransUnion, to place a fraud alert on your file so lenders will contact you to confirm your identity before approving any applications for credit.
- Sign up for text alerts. Apps and text alerts can send you a notification whenever your debit card is used. This can help you track spending and immediately know where and when your card is used.
How banks keep your accounts safe from hackers
Banks are liable
If a hacker steals money from a bank, the customer won’t lose money since the bank is liable to refund money for fraudulent debit transactions. Usually, you have around 30 days to dispute an unauthorized transaction using your debit card, but policies can differ between banks. Check with your bank to know exactly what time frame you have to work with when responding to such circumstances.
If you protected your PIN and did not share it with anyone or keep a written record of it near your card, you will most likely not be held responsible for unauthorized use of your card.
By law, you can’t be held responsible for more than $50 if your credit card is used without your authorization. Visa, MasterCard, AMEX and Interac have agreed on their own to protect you from financial loss when your debit or credit credit is without your permission. For more information, check out this article from the Canadian government on resolving unauthorized transactions.
Banks are improving security
Since banks are constantly under attack, they need to ensure every aspect of their security is up to date. This means they generally have the latest software designed to protect you and your money.
Ensure your account is not vulnerable
Most banking websites allow you to activate a feature called “remember your password” when you log in online. This allows you to skip several layers of security the next time you log in since the bank recognizes your computer’s IPv4 address — a unique identifier for each Internet connection.
However, malware is a tool that hackers use to imitate your IPv4 address in order to gain access to your bank account. And since you usually won’t know that they have control over your computer, it’s often best to disable the “remember your computer” feature.
As stressful as having your bank account hacked may be, there’s a chance you could get your money back if you act fast. Banks are generally responsible for any charges due to cybersecurity breaches, but you should still always be prepared.
There are a number of things you can do to reduce the chances of your bank account being hacked, and choosing the right bank is one of them. Compare your options to find a bank and account that meet your needs.