Recover from a hacked online bank account

Cyber criminals are typically financially motivated and getting access to an online bank account is the crown jewels for many. If you have noticed suspicious transactions or activity on your online bank account you need to act quickly to limit the damage the perpetrator can do.

We want to better understand the impact of you experiencing this issue, can you share your experience by filling in this online form? This will help us better protect future victims.

Hacked online bank account - Do this first!

  1. Contact your bank immediately - call your bank as soon as you spot the suspicious activity - the number will be on your bank statement, card or the bank’s website. If money has been taken they will protect your account and make sure no more money can be taken. Even if no money has been taken your bank will take action by changing your security details and cancelling your cards.

  2. Change your login details - if you are still able to login to your account then follow the normal procedure to reset your password and other security information. This should lock the criminal out of the account.

  3. Contact the police - report the crime to Action Fraud or Police Scotland. They will log the crime and give you a crime reference number.

Am I going to get my money back?

Your bank should refund any money stolen from you as a result of fraud and identity theft. They should do this as soon as possible - ideally by the end of the next working day after you report the problem.

If the bank thinks you might have acted fraudulently or were negligent, they can delay the refund while they investigate - this shouldn't take more than a few days.

If you were tricked by a criminal into transferring the money into another account then the bank is unlikely to refund your money.

If the bank won't refund your money, you'll only be able to get it back by taking the person who stole it to court.

Approaches to dealing with a hacked online bank account

Once you have spoken to your bank, reported the crime to the police and changed your login details consider these additional steps:

  1. Check your transactions, payees and direct debits - have a good look through your account and look for any changes that have been made. Take a close look at your statement, any new payees created and review your direct debits.

  2. Review security settings and information - many online bank accounts provide a list of latest activity on the account as well as a list of recent logins and connected devices. Review these and make sure this is nothing suspicious since you have taken back control of the account.

  3. Scan your devices for malware - there are a number of ways the perpetrator may have got your login details - from a past breach (you can check known breaches here), guessed it, seen you type it in, tricked you into sharing it online or you may have told them in the past. However, they could also have malicious software on one of your devices that gives them access to what you type into websites. Scan all of the devices you use to access your account with an anti-virus solution and remove any malware.

  4. Monitor - keep a close eye on your account for any suspicious activity and it is worth checking your personal credit report as the criminal may have stolen your identity to take out other financial products. You can check your personal credit report with one of the three credit reference agencies: TransUnion, Equifax and Experian.

How do I avoid my bank account being hacked in future?

There are a number of ways you can reduce the risk of bank fraud:

  • Keep your cards and financial details safe - try and keep your card in sight when making a transaction. Sign new cards as soon as they arrive and destroy old cards by cutting through the magnetic strip and chip. Keep your financial documents safe and use a shredder to destroy them when you don’t need them anymore.

  • Secure your PIN - memorise your PIN and destroy the letter sent to tell you your PIN. Make sure you are the only person who knows your PIN and make sure nobody can see you enter it at ATMs. Set your pin to something random and avoid things like your date of birth.

  • Only visit your online bank account by typing in the address into your web browser - never follow a link in a text or email.

  • Get good at passwords - use strong passwords, use different passwords on each site, never share them and change them regularly. Use a password manager app to help you do this. See some good guidance here.

  • Commit to two-factor authentication - two-factor is a way to improve your security drastically in one easy step. Use it on every site that offers it. You can get more information here.

  • Review account security settings - all social media accounts offer a range of security features such as log in notification, secure browsing and two-factor authentication. Review these settings and turn all security options on.

  • Be careful clicking or downloading - tricking you to share your password by sending you trick emails or texts is a really common way to have your passwords stolen. As is downloading attachments in email that contain malicious software. Be extremely careful when clicking online links or opening/downloading online attachments.

  • Get secure - take time to improve your general online security. Use sites like Get Safe Online and Cyber Aware to understand what good security looks like and make changes.

Donate

To help people like you we rely 100% on donations from people like you.

Without donations we cannot keep our service free and provide help to the most vulnerable victims of cyber crime when they need it most. As a not-for-profit organisation, 100% of your donation goes towards keeping The Cyber Helpline up and running - so 100% goes towards helping people like you. Donate now and help us support victims of cyber crime. 

To help people like you we rely 100% on donations from people like you.