How To Get Your Money Back If Your Bank Account Was Hacked

Do You Think Your Bank Account Was Hacked?

Hackers can compromise your bank accounts in many ways — from data breaches that leak your financial information to scam phone calls and phishing attacks that pilfer your banking app passwords and online account information.

Even the advanced security measures put in place by lenders and financial institutions aren’t always enough to keep your accounts safe. According to the 2023 Dark Web price index [*]:

Hacked online bank account credentials with a minimum balance of $2,000 sell for as little as $60 on the Dark Web. 

Once hackers get access to your account, they can make fraudulent charges, open new accounts, and steal your sensitive information and identity. The scary part is that unless you act quickly, banks may not refund your money. 

In this guide, we’ll explain exactly how to tell if your bank account has been hacked, what to do, and how to recover any lost or stolen funds. 

{{show-toc}}

How To Tell If Your Bank Account Has Been Hacked

The most obvious sign indicating that your bank account has been hacked is if your funds are suddenly missing. However, scammers don’t only target bank accounts to steal funds. Some use hacked accounts to launder money, build fake credit accounts, or take out fraudulent loans — all of which are much harder to spot early on. 

Here are some of the warning signs that your bank account has been hacked:

• You can’t access your online bank account. Once they gain access to your online banking account, hackers may change your password and lock you out. If your password suddenly stops working, this is a major red flag that you’ve been hacked. 
• Strange withdrawals or transfers from your account. If you see unauthorized account activity in your checking account or savings account, you should assume you've been hacked. Get in the habit of reviewing your account statements regularly to find suspicious charges and transactions early. 
• Your balance suddenly drops to $0 (or below). If your account gets hacked, fraudsters can freely withdraw money or transfer your funds to another account. While bank errors do happen, an emptied or overdrawn bank account should never be ignored. 
• Your bank notifies you of suspicious activity. Depending on your bank and your online settings, you may receive notifications about suspicious logins, password resets, or even transactions. These should be treated seriously but with caution, as scammers often use fake bank notifications to con their victims. 
• Your account has been closed without your permission. If your bank notices the signs of identity theft, it may close your account to prevent further fraudulent activity. 
• Your card is suddenly declined. Hackers can break into your account and have a new card issued, which would deactivate your card. Your bank can also cancel your card if account fraud is suspected. 
• Missing communications. Fraudsters can change the contact information on your account, including the phone number and addresses on file. If your communications and bank statements stop showing up, your bank account could be jeopardized.  

What To Do If Your Bank Account Has Been Hacked

1. Contact your bank or card issuer’s fraud department
2. Freeze your credit
3. Check your bank statements
4. File reports with the FTC and your local police
5. Update your online passwords
6. Submit a dispute for stolen or lost funds
7. Correct and dispute any inaccuracies on your credit report
8. Scan your devices for malware
9. Follow up with your bank
10. Update your payment information
11. Consider signing up for identity theft protection 

The unsettling truth about bank account fraud is that hackers can break in by using many different techniques. From debit card and credit card skimmers that steal card data to mobile app and phone hacks, phishing attempts that pry private information, and the purchase of private data on the Dark Web — threats are everywhere. 

If you see signs that your bank account has been hacked, act quickly and follow these steps:

1. Contact your bank or card issuer’s fraud department

The earlier you report fraud, the better chances you have of minimizing the damage and recovering stolen funds. As soon as you see something suspicious, call the number on the back of your bank card and go through the fraud department's recovery process. 

What to do with your bank:

• Cancel your cards and accounts, and ask for new ones. If your accounts have been compromised, the safest thing to do is have your bank’s fraud department close them and issue new ones. This way, scammers can’t continue to use your accounts.  
• Walk through your recent activity. With a bank representative, go through everything that's taken place in your account recently and flag any suspicious or fraudulent transactions and activities. 
• Gather supporting documentation. Collect all communications you’ve have with the scammer, along with any proof of fraudulent transactions. 

💡 Related: What Can Scammers Do With Your Bank Account Number? →

2. Freeze your credit with all three bureaus

Credit freezes seal your credit file from all users — including you, lenders, and fraudsters. Freezes are free and available at any of the major credit bureaus. When you freeze your credit, you'll be asked to verify your personal information, and you'll be provided with a PIN to unfreeze your file in the future. 

Note: You need to freeze your credit individually at all three major credit bureaus (Experian, Equifax, and TransUnion). 

How to freeze your credit:

3. Check your bank statements and credit reports for fraud

Go over your bank statements and credit reports carefully, looking for any discrepancies or unauthorized activity. If a fraudster has committed bank account or credit card fraud, it'll show up on your statements. If they misused your credit, you'll likely see signs of it on your credit report. 

How to check your credit reports for fraud:

• Request a credit report. You're entitled to a free credit report from each of the three major credit bureaus each week at AnnualCreditReport.com. When dealing with a serious credit issue, you should check reports from all three (as they can differ). 
• Review your personal information. Look over your contact information and personal details, as fraudsters can make changes to hide their scams. You’ll also want to examine your listed employers and public records to ensure they're accurate. 
• Check the inquiries and accounts. Make sure that you recognize all inquiries and adverse (and satisfactory) accounts listed. Ensure that the dates of the inquiries and statuses of the accounts are correct. 

💡 Related: How To Read a Credit Report (and Dispute Errors) →

4. File reports with the FTC and your local police

The Federal Trade Commission (FTC) handles complaints related to bank and credit fraud. While the FTC doesn't investigate your claims directly, it passes along the information to the appropriate authorities and may even provide you with an action plan. 

Where to file reports:  

• File a fraud report with the FTC at ReportFraud.ftc.gov.
• File an identity theft report with the FTC at IdentityTheft.gov.
• File a complaint with the FBI through the Internet Crime Complaint Center (IC3).
• File a police report at your local law enforcement office. 

💡 Related: How To File a Police Report For Identity Theft →

5. Update your online passwords

You should change your passwords regularly, but this step is especially critical if you've been hacked. If you're lucky, a password change will remove the hacker's access to your account and limit the damage. But don't stop there. Change the passwords on all of your online accounts, starting with any compromised ones.

How to find compromised accounts:

• Check for account breaches and leaks. Use Aura’s free leaked password scanner and sites like HaveIBeenPwned to learn if your email address was involved in a data breach or leak. 
• Check your Google Password Manager. If you have a Google account, you can use Google's Password Manager and checker to see if and where your passwords are compromised, reused, or weak.
• Check your iCloud Keychain. iPhone and iPad users can see and update their account passwords by clicking on Settings and then Passwords. You can also manage and update passwords across all Apple devices with the iCloud Keychain. 

6. Submit a dispute for stolen or lost funds

You have 60 days to report funds stolen from your account, starting from the time you receive the bank statement that shows the fraudulent transaction [*]. After contacting your bank to explain the situation, you should formally dispute the charges. Some banks have an online process that you can follow, while others require you to send in a letter. 

What to include in your dispute letter:

• Your name and the account number in question.
• The exact amounts and dates of the disputed charges.
• A breakdown of why you're disputing the charge. 
• Any additional proof or explanations that support your case. 

7. Correct and dispute any inaccuracies on your credit report

If you spot a fraudulent debt on your credit report, you should start by disputing it with the information furnisher (the lender or bank that issued the debt). If they can't or won't reverse the charge, you need to submit a formal dispute with the credit bureau. Include all relevant and supporting information, and follow up in about 45 days if you don't hear anything. 

How to dispute credit report errors: 

• File a dispute with Equifax: Submit a formal dispute online or by mail at: Equifax, PO Box 740256, Atlanta, GA 30348.
• File a dispute with TransUnion: Submit a formal dispute online or by mail at: TransUnion LLC, Consumer Dispute Center, PO Box 2000, Chester, PA 19016.‍
• File a dispute with Experian: Submit a formal dispute online or by mail at: Experian, PO Box 4500, Allen, TX 75013.

8. Scan your devices for malware and viruses

If hackers have access to your bank account, they could also have access to your other accounts and/or your devices. If your devices are compromised, hackers will find a way back into your accounts if you don't kick them out first. To do this, you need to clean your devices with effective antivirus software.

How to remove malware from your devices:

• Disconnect hacked devices from the Wi-Fi network. Infected devices can pass malware to other devices on the same network. Avoid this by turning off the Wi-Fi and disconnecting any ethernet cables on the device. 
• Run an antivirus scan. Reputable antivirus software will locate, quarantine, and remove infected files and apps on the device. Run a second scan afterward to ensure that the device is clean. 
• Clean your router. Perform a hard reset on your router with the factory reset button. You'll then be instructed to change the network name and password. You should also disable remote administration to prevent a hacker from controlling your devices remotely.  

9. Follow up with your bank, or file a complaint with the CFPB

Once you file a formal dispute, banks only have a certain amount of time to respond — depending on how the fraudster took the money. When dealing with debit cards and new bank accounts, banks typically have 10–20 days to respond and up to 45 days to investigate. For credit card fraud, the issuer must respond within 30 days and investigate within 60 days [*]. 

If your matter doesn't get resolved, file a complaint with the Consumer Financial Protection Bureau (CFPB).

How to file a complaint with the CFPB:

• Fill out the complaint form at consumerfinance.gov/complaint.
• Include all important information, including key facts, supporting documents, the bank in question, and your contact information.

10. Update your payment information with companies and services

Now that your bank account and credit card information has changed, you need to inform the various companies and services with which you do business. This will prevent any further unauthorized charges and service disruptions if companies try to charge deactivated accounts and cards. 

How to update billing information:

• Get a list of your online bills. If you can't remember all of your automatic payments, go into the bill section of your account's online portal or app to see what needs updating. 
• Contact each provider. Log in to each of your accounts and update the billing method. You can also call the providers directly to make the changes, but ask for confirmation of the change in writing.

💡 Related: The 11 Best Credit Monitoring Services in 2024 →

11. Consider signing up for identity theft and fraud protection

Dealing with hacked bank accounts takes a great deal of time and effort, and it doesn't always pay off. The best way to prevent a future attack is to sign up for an all-in-one digital security service with identity theft and financial fraud protection. 

With Aura, you’ll receive alerts about suspicious transactions and three-bureau credit monitoring with the industry’s fastest fraud alerts³ to warn you if scammers are using your accounts. 

Plus, you’ll get access to award-winning identity theft protection, AI-powered digital security and scam protection tools, 24/7 White Glove Fraud Resolution support, and up to $5 million in insurance coverage for stolen funds and other eligible losses due to identity theft. You can even try Aura free for 14 days to see if it’s right for you.

Will Banks Refund Stolen Money? Here’s What You Need To Know

Unfortunately, there's no definitive answer to this question. If you've been scammed, your bank may refund the money stolen from your account; but it depends on the amount, how long it took to report the fraud, and the way the money was stolen. 

While that may not be comforting, you do have some protections as a victim of fraud, including:

• The Fair Credit Billing Act (FCBA). This 1974 federal law limits consumers’ liability against credit fraud to $50 in most cases, and provides up to 60 days for fraud victims to dispute charges over that amount [*].
• Credit Card Zero Liability Protection Policies. Most major credit cards protect cardholders from any unauthorized purchases. Credit card servicers with this policy will restore any and all stolen funds after an investigation. 
• Bank Account Zero Liability Policies. Some banks offer zero liability protections as well, reversing any unauthorized transactions and returning misappropriated funds after an investigation [*]. 
• Regulation E. Part of the Electronic Fund Transfer Act (EFTA), Regulation E protects people using electronic funds — including ATMs, direct deposits, and gift cards [*]. If consumers report losses within two days, their liability cannot exceed $50. If reported within 60 days, consumer liability cannot exceed $500 [*].

The bottom line: Refund and reimbursement policies vary from bank to bank. There’s no guarantee that your dispute will be accepted. Instead, it’s a good idea to get additional protection and coverage from an identity theft protection service.

What To Do If Your Bank Won’t Refund Stolen Money

Thanks to the consumer protections and policies at most banks, you can often recover money that's been stolen from you, but it's not a guarantee. If your bank denies your initial request for a refund, you can escalate the issue. 

Here are some of the steps you might take in this situation:

• Contact the branch manager. It's possible that your initial complaint was overlooked or incomplete. Speak with a manager and go over the details of the case to find out why your claim was denied. 
• Submit a formal complaint. If you haven't already, send a written complaint through the appropriate channels, such as the bank's fraud department or manager's office. Follow up in 15-30 days if you don't hear anything. 
• File a complaint with the CFPB [*]. Banks have up to 60 days to respond to consumer complaints to the Consumer Financial Protection Bureau (CFPB), though they typically respond within 15 days. The CFPB will also forward your complaint to the necessary state or federal agencies as they see fit.
• File a complaint with the Federal Reserve [*]. The Federal Reserve will send your complaint to the appropriate federal regulator or Reserve Bank for investigation. You will receive an investigation update within 15 days and a result within 60 days. 
• File a complaint with the Office of the Comptroller of the Currency (OCC) [*]. If your issue is with a national bank or federal savings association, the OCC will work with the bank to get a resolution within 60 days. 
• File a complaint with the National Credit Union Administration (NCUA) [*]. If your issue is with a credit union, the NCUA will help you resolve it within 60 days. If your situation extends beyond that timeframe, the NCUA will launch a formal investigation.

How To Protect Your Bank Account From Hackers

Hackers don't need much information to break into your bank account and cause catastrophic damage to your finances and your life. 

Quick and deliberate action can limit the destruction, but it's always better to protect your bank account and yourself from scams than it is to deal with the fallout from fraud and theft.  

Here are some actions you can take to secure your bank account from scammers:

• Keep your information private. You should never give out personal information, including your Social Security number (SSN), or banking-related information, such as account numbers, passwords, PINs, or one-time-use codes. 
• Limit your online accounts. If you cut down on how many online accounts store your information, you can reduce the chances of data breaches affecting you and your family. Consider limiting what you share on your social media and e-commerce accounts.
• Use strong and unique passwords. Each of your online accounts should have a strong password that combines uppercase and lowercase letters, numbers, and symbols. A password manager can help keep track of these unique combinations so that you don’t have to worry about remembering them. 
• Enable two-factor authentication (2FA) on your accounts. Whenever possible, add two-factor or multi-factor authentication to your bank account. Each login attempt will then require a code sent to or generated on another device.  
• Never click on links in unsolicited emails or texts. Scammers use malicious links to direct unsuspecting victims to fake login pages where the information they provide is then stolen. Always verify the sender and the link direction before clicking. 
• Update your bank account privacy settings. Set up notifications and alerts through your bank if it offers them. These can help you flag large transactions or login attempts. 
• Monitor your bank account and credit file. Track your account activity as often as you can, and pay attention to fluctuations in your credit score. 

Even with these precautions, your bank account and identity may still be at risk. 

One of the most effective ways to protect your information and finances is to sign up for Aura’s all-in-one cybersecurity solution. Aura runs constant surveillance on your credit and identity with three-bureau monitoring and Dark Web scanning, while also offering powerful digital security tools, up to $5 million in identity theft insurance coverage, and U.S.-based 24/7 customer support. 

Keep your bank account safe from scammers. Try Aura free for 14 days.