Bank accounts are typically hacked through phishing scams, weak/reused passwords, or malicious software that steals login credentials. Common methods include fake emails/texts disguised as your bank, SIM swapping to bypass 2FA, or using compromised public Wi-Fi to intercept data.
Hackers can slip through security measures by using tricks like credential compromise and fake public Wi-Fi, and by sending out phishing emails. The threat is constant and difficult to avoid if you don't know how to protect yourself. That's why you need to know what to do if your bank account gets hacked.
Timeliness Matters: If you report the unauthorized transactions within two business days of discovering them, your liability is limited to $50. If you wait longer but report within 60 days, you could be liable for up to $500. Beyond 60 days, you risk losing all the funds that were stolen.
If a criminal has both your routing number and account number they can potentially steal money from your account through fraudulent ACH transfers and payments.
With the right habits and tools in place, you can make your bank account significantly harder for hackers to access and help prevent identity theft.
To stop someone from accessing your bank account, immediately change your password, enable multi-factor authentication (MFA), set up transaction alerts, and contact your bank's fraud department to freeze your card or account if you suspect unauthorized access, then report the fraud to the Federal Trade Commission (FTC) and consider placing credit freezes.
The breach was attributed to a security vulnerability in the file transfer software MOVEit, which is produced by Progress Software and used by the bank.
If money has been fraudulently taken from your account through an unauthorized withdrawal or transfer, you should file a police report and obtain a copy.
Whether a bank refunds stolen money depends on how the payment was made and how quickly the fraud was reported. In many cases, banks can return funds lost to scams, but the process and your level of protection vary by payment method.
We understand unauthorized or incorrect transactions on your account can be unsettling. While many cases can be resolved quickly, some are more complex and can take up to 90 days. During our investigation, we work with the merchant/business through their bank, which may include exchanging written documents.
The Verdict
Citibank and Bank of America offer the most protection for their customers, each providing three additional dimensions of security. The following are explanations of the additional features card issuers offer.
Yes, banks can refund scammed money, but it depends heavily on the payment method, how quickly you report it, and if the transaction was truly "unauthorized" (someone stole your login) versus you being tricked into sending it (authorized push payment). You're more likely to get a refund for unauthorized card charges or bank transfers if reported fast, but it's harder for Zelle, wire transfers, or gift cards, though filing a formal dispute or complaint with agencies like the Consumer Financial Protection Bureau (CFPB) can help.
In some cases, hackers use scareware and phishing tactics to install illegitimate apps that contain spyware on people's phones. Then, the spyware runs in the background, allowing the hacker to continuously monitor and record the user's activity, including everything they type.
Call or email the fraud department of the companies, banks or credit unions where accounts have been compromised. Explain that someone stole your identity and ask them to close or freeze the compromised account.
Scammers use phrases that create urgency, fear, or excitement, demanding immediate action like "Act now!" or "Don't hang up," and often involve requests for gift cards or Bitcoin, combined with threats of account compromise or promises of huge rewards (e.g., "You've won!") to bypass logic. Key tactics include isolation ("Don't tell anyone"), emotional manipulation (love bombing, family emergencies), and unusual requests to move money in specific ways (Bitcoin ATMs, secret accounts).
Your bank account could have been hacked due to various cyber attacks, including brute force, phishing, SIM swapping, credit card skimming or Man-in-the-Middle (MITM). Regardless of how your bank account got hacked, it is important to act quickly to protect your identity, privacy and finances from further damage.
The code *894# is primarily used in Nigeria for First Bank of Nigeria's USSD banking service, allowing users to perform transactions like airtime top-ups, balance checks, transfers, and bill payments without needing internet or an app, while EDI 894 (a different context) refers to an Electronic Data Interchange transaction set for retailers and suppliers to manage deliveries, acting as advanced invoices or advance shipping notices.