How To Protect Your Bank Account From Identity Theft [NEW]

Share this:

Todd Jones

Product Manager at Aura

In this article:

    Identity theft and fraud protection for your finances, personal info, and devices.

    See pricing
    Share this:

    Can Someone Steal Your Identity With Your Bank Account Number?

    When David Barnett[*] got a call from Bank of America, the bank employee warned him that someone was trying to withdraw money from his account. Panic-stricken, Barnett followed the caller’s advice and made a large Zelle transfer to another “safe” account. But it was a scam. 

    In this case, Barnett was lucky that real employees at Bank of America were able to help him recover stolen funds. But that's not always the case. Consumers lost $5.8 billion to fraud in 2021[*] — with almost 18 million Americans[*] falling prey to scams using person-to-person payment apps like Zelle.

    This article will explore how to protect your bank account from identity theft. We’ll explain why your bank accounts are vulnerable, who scammers target, and what you can do about it.

    Who Do Scammers Target?

    Fraud can happen to anyone. That said, research indicates certain groups are more likely to become victims. Here are some key findings from The Gen-Z Fraud Report: Young Americans & Fraud[*]:

    Fraud statistics by age
    50 to 59-year-olds lose the most on average to online fraud. Source: SEON

    Young people are vulnerable

    • People aged 18 to 29 are more likely to become victims of identity theft compared to other age groups. 
    • People under 20 years old had collective losses of almost $71 million in 2020. This cohort lost an average of $3,000 per victim.

    Why?

    Because young people, especially those in the Gen Z age group, have grown up as digital natives, they are more comfortable with e-commerce and social media.  They are, therefore, more likely to share personal information online

    Older people lose more

    • While younger people are more likely to become victims, older victims of identity theft lose more money.
    • People aged 50–59 had an average loss of $9,864.
    • The 60+ age group had an average loss of $9,174. 

    Why?

    Older adults tend to have more savings and assets, making them valuable targets for fraud. Also, many older people can be lonely, trusting, and less tech-savvy, which makes them more susceptible to scams.

    Men are more likely to be scammed than women

    • According to Truecaller Insights U.S. Spam & Scam Report[*], 55.6% of phone scam victims in 2022 were men.
    • The survey results indicate younger men are more vulnerable to scams. 
    • 46% of men aged 18–34 lost money to phone scams, compared to just 24% of men aged 45-54.

    Why?

    The Federal Trade Commission (FTC)[*] reported a dramatic surge in romance scams in 2021 — for every age group. This trend was most noticeable for people aged 18–29, where reports of fraud grew tenfold from 2017 figures.

    💯 Pro tip: Protect your entire family against the losses and damages of identity theft and fraud. Every adult member included in an Aura account plan is covered by a $1,000,000 insurance policy for eligible losses due to identity theft. Explore Family Identity Theft Protection

    14 Steps To Protect Your Bank Account From Identity Theft

    1. Use strong, unique passwords
    2. Don’t discount security questions
    3. Enable multi-factor authentication (MFA) across accounts
    4. Practice safe browsing
    5. Beware of phishing and smishing attempts
    6. Always assume public Wi-Fi is not secure
    7. Set up automatic software updates
    8. Install browser security add-ons and plug-ins
    9. Make the most of your bank’s security features
    10. Make diligent peer-to-peer payments
    11. Safeguard your financial records
    12. Know how your bank might reach you
    13. Learn more about credit freezes and fraud alerts
    14. Maintain an emergency contacts list

    1. Use strong, unique passwords

    You may be among the 65%[*] of Americans who use the same password for multiple online accounts. While this might make it easier to remember your passwords, it’s a hasty practice that leaves you exposed to breaches. Instead, you should create strong passwords that are harder to guess.

    LastPass password stats
    Source: The 2021 Password Security Report, LastPass

    How do I do this?

    • Avoid personal information, such as your name, address, or date of birth.
    • Choose longer passwords, opting for phrases rather than single words.
    • Include numbers and special characters, like exclamation marks or asterisks.
    • Use a mix of uppercase and lowercase letters.
    • Avoid common sequences, such as “123.”
    • Change your passwords regularly, like every 3–6 months. 

    One of the best ways to protect your bank accounts from identity theft is to use a password manager to store your passwords safely. Password managers generate and store longer, more complex sequences for each account.

    2. Don’t discount security questions

    Security questions are a common identity authentication step that enables users to set up questions and secret answers to manage access to online accounts. 

    How does this help?

    While this process is often reserved for password recovery services, you can also use security questions to provide an additional security layer on your logins. 

    For example, you can apply this to social media platforms to protect valuable information such as your full name, date of birth, address, and phone number.

    How do I do this?

    Your passwords should tick the following five boxes:

    • Multiplicity: Use an open-ended question that could have multiple possible answers. 
    • Confidentiality: Your answer shouldn't be available online, nor should it be easy for anyone to find out. Use less-obvious answers for security questions, such as your mother's maiden name or the city you were born in. 
    • Memorability: Your answer should be something you can recall without having to write down or look up.
    • Consistency: Avoid answers that change over time (like opinions or favorites). 
    • Simplicity: Avoid answers that are ambiguous or require case sensitivity, as these could be hard to remember over time.

    3. Enable multi-factor authentication (MFA) across accounts

    Multi-factor authentication (MFA) is an electronic authentication method that requests several independent authentication factors before granting users access to an application or website.

    How does this help?

    Sometimes called two-factor authentication (2FA), this security method provides extra protection for your online banking information. After you enter your login details, the app will conduct a second security check. For example:

    • A code is sent to your mobile phone (which you must confirm on the app).
    • An automated call comes through to verify your identity.
    • A visual check is requested in which you must identify the correct image, like with CAPTCHA.

    This added layer makes it harder for an identity thief or hacker to unlock your bank account.

    DataProt 2FA stats
    Source: DataProt

    How do I do this?

    MFA is fast becoming a standard tool in financial services. Mobile push notifications account for 68%[*] of MFA methods, replacing text messages — which are susceptible to SIM swap scams. If you don't see MFA on your banking apps, ask your bank how to set it up.

    4. Practice safe browsing

    Pew Research found that 85%[*] of Americans are online daily — including 31% who claim that they are almost constantly online. 

    However, many people don't take adequate precautions to protect their identity, which exposes them to malware and nefarious hackers. 

    How does this help?

    Safe browsing helps protect against the three most common threats online:

    • Phishing
    • Drive-by malware
    • Harmful downloads

    With greater care in your internet use, you can protect your personally identifiable information (PII) and reduce the chances of identity theft.

    How do I do this?

    • Use a secure virtual private network (VPN) to browse online. This step will encode your information so hackers can’t read it. 
    • Commit to sharing less online. Provide less information on forms, limit access to collaborative folders, and use a throwaway email address for subscriptions.
    • Tighten privacy settings for your online accounts including all social media. 
    • Remove unused third-party connections, including mobile apps and browser extensions. Only download privacy-focused apps that you will actively use.
    • Block search engines from tracking you. Delete your data from each search engine history, and consider using a privacy-focused engine like DuckDuckGo.

    📚 Related: How to Recover a Hacked Instagram Account [Step by Step]

    5. Beware of phishing and smishing attempts

    Phishing emails purport to be from reputable companies and are designed to trick people into sharing sensitive information, like credit card numbers and other personal details. In recent years, this scam has evolved from email to SMS text, known as smishing

    How does this help?

    When a thief obtains your personal information through phishing or smishing scams, you can fall victim to identity theft or financial fraud. 

    It's important to understand the signs of these scams, so that you can protect your PII and stop thieves from accessing your bank accounts.

    Cash App smishing text
    Source: Aura

    How do I do this?

    When you receive an email, SMS text, or WhatsApp message from someone you don’t know, ask yourself the following questions:

    • Is the sender claiming to work for an organization like the IRS or FBI?
    • Is the sender asking for sensitive information like my credit card details?
    • Is the email prompting me to click on a link or download a file?
    • Is the sender using urgent or threatening language to get me to act?
    • Are there any grammatical or spelling errors in the email?

    If you want to respond, look up the company’s official website, and call the correct customer service number directly to discuss the matter.

    6. Always assume public Wi-Fi is not secure

    Public Wi-Fi hotspots make it easy to access the internet just about anywhere, from coffee shops to libraries, and airports to hotels. But these convenient connections have an insecure trapdoor; hackers could be watching.

    How do I do this?

    If you are on public Wi-Fi, take the following steps to protect your information:

    • Use a VPN to encrypt your data as you browse. Aura’s secure VPN and Antivirus software will keep your bank account information safe as you browse online.
    • Ensure that you only visit secure websites displaying “https” in the URL address. You’re generally safer on these websites, although some scam sites can mimic an “https” connection. 
    • Avoid logging into email and online banking accounts. If you must use these services, switch to mobile data instead of using public hotspots. Mobile data is already encrypted, which is a safer choice if you’re entering login details to sensitive accounts.

    7. Set up automatic software updates

    Software vulnerabilities present a chance for hackers to exploit your system and potentially install malware or steal valuable data. If you don't have automatic updates — and delay taking action with manual updates — you could be exposed to a breach. 

    Here’s how to do it:

    • Windows 10: From the Start menu, go to Settings > Update & Security > Windows Update. Ensure that you set up "active hours" so Windows won't reboot in the middle of your work day.
    • Windows 11: Select the Windows icon and navigate to Settings > Windows Update > Advanced options. 
    • macOS: Open System Preferences > Software Update and select the Advanced button. Check all the boxes.
    • Android: Open Settings > System > Advanced > System Update and leave it switched on.
    • iOS: Open Settings > General > Software Update, then turn on Automatic Updates.

    8. Install browser security add-ons and plug-ins

    Browser security extensions protect your device by scanning websites for malicious code, blocking intrusive ads, and protecting your online privacy. 

    These security add-ons or plug-ins are simple additions — whether you use Chrome, Bing, Firefox, or another browser. 

    How do I do this?

    • Research the developer’s website to confirm that it's legitimate. Check the description for questionable practices, such as tracking features or data sharing.
    • Research reviews to see if anyone has complained about data privacy issues.
    • Be selective. Every new extension creates a bigger attack surface. Only select highly-rated extensions that you will use.
    • Use trusted sources to install the extensions, as these are more likely to be safe compared to third-party websites. Review permissions. Make sure the new extension doesn’t request unexplained changes to your access permissions.

    9. Make the most of your bank’s security features

    Banks offer standard security features like spending limits, push notifications, and additional MFA security to prevent unauthorized access.

    Top mobile banking security features list
    The most and least desirable mobile banking features. Source: Business Insider

    How does this help?

    Spending limits stop you from overspending online and prevent hackers from ruthlessly draining your account. Bank alerts notify you about unusual activity or changes to your account status — such as a low balance, large purchase, or profile changes. 

    These real-time updates are available on Android and iOS mobile devices, so you can use your online banking app to stay on top of things. 

    How do I do this?

    • Log in to your account on desktop or mobile.
    • Navigate to your account settings, then select the option for "Alerts" or "Notifications." 
    • Set amount limits for spending, and turn on notifications for email, text, or push.

    If you have any trouble setting your desired security feature, contact your bank by calling the customer service number on the back of your debit card.

    💡 Related: What Is Credit Monitoring (And Do You Really Need It?) -->

    10. Make diligent peer-to-peer payments

    Peer-to-peer (P2P) transactions are electronic money transfers that one person sends to another via an intermediary payment application. Although P2P systems encrypt your financial information, some have been hijacked by scammers.

    How do I do this?

    1. Never send money to someone you haven’t met.
    2. Confirm the phone number or username of the recipient before sending money.
    3. Always use MFA — like facial recognition or a PIN.
    4. Keep your P2P apps updated to have the latest protection and security features. 
    5. Switch on transaction alerts to get instant notifications about any account activity.
    6. Link your credit card to the P2P app instead of to your debit card. 
    7. Never let strangers borrow your phone.

    📚 Related: The 14 Cash App Scams You Didn’t Know About (Until Now) →

    11. Safeguard your financial records

    In the U.S., there are 1.7 million packages stolen every day[*]. Mail theft can occur when someone steals letters and packages directly from your mailbox — but sometimes, the thief obtains information from inside your house.

    Whether it’s a family member, friend, or visitor, a mail thief is typically after personal information that they can use to commit identity theft. Information they steal may include:

    • Name and address
    • Social Security number (SSN)
    • Email addresses
    • Credit card and bank account information
    • Employment history

    How do I do this?

    • Monitor your physical mail, and make sure not to leave mail lying around in the house. 
    • Shred sensitive documents like credit card statements after you read them and grasp all critical information.
    • Store valuable documents like Social Security cards, birth certificates, bills, and business account statements in a locked safe. Protect digital copies with secure passwords and encryption.
    • Watch out for check fraud. Don’t accept checks from someone you don’t know, and never cash a check you weren’t expecting.
    • Look out for suspicious mail that might indicate a thief has applied for credit in your name.

    📚 Related: My Parents Are Using My Social Security Number — Should I Report Them?

    12. Know how your bank might reach you

    The FTC reported that in 2021, over $2.3 billion in losses were due to imposter scams. When you know more about your bank’s procedures for communication, you will be able to tell if someone is scamming you.

    How do I do this?

    • Know that banks rarely call you directly. Instead, they will send you direct mail or text messages.
    • They will never ask you to share personal information, such as debit card numbers or credit card numbers.
    • Banks will never ask you to reveal your online banking password or PIN.
    • They will never ask you to transfer money into a “safe account.”

    13. Learn more about credit freezes and fraud alerts

    Credit freezes and fraud alerts are security measures that help prevent unauthorized access to your credit file:

    • A fraud alert is a real-time notification that lets you know about suspicious credit inquiries, like if someone tried to obtain a credit card or loan in your name.
    • A credit lock blocks all access to your credit history so that nobody can open a new account in your name — not even you. 
    • A credit freeze seals your credit history until you "thaw" your credit or remove the freeze.

    How do I do this?

    • Contact any one of the three credit bureaus — Equifax, Experian, or TransUnion — to request a fraud alert, credit freeze, or credit lock.
    • With a fraud alert, the credit reporting agency you contact must inform the other two bureaus to place a fraud alert on your credit report. 
    • With a credit lock or credit freeze, you need to contact all three bureaus individually.
    • To place a freeze, provide your full name, date of birth, address history for the past two years, and SSN.
    • You’ll have to contact the bureaus again to lift the credit freeze.

    14. Maintain an emergency contacts list

    If a thief steals your wallet or takes over your bank account, you’ll need to act fast to prevent them from racking up debt with fraudulent credit cards and loans. An emergency contact list will help you react quickly to limit the damage to your financial accounts. 

    How do I do this?

    Create a contact list that includes the following information:

    • Your account details, including account numbers
    • Your bank’s address and customer service phone number

    The phone numbers for the three credit reporting bureaus:

    • Equifax: 1-800-525-6285
    • Experian: 1-888-397-3742
    • TransUnion: 1-800-680-7289

    Do Banks Protect Against Identity Theft?

    Many American banks have advanced security features with automation and artificial intelligence (AI) technologies to protect their customers' personal data and finances. 

    Here are some key features that can help protect your bank account:

    • Bank Account validation: This verification feature ensures that only accurate data is captured — such as correct names, addresses, and credit card numbers. With this step, banks can prevent data entry errors and rejections in payment processing.
    • Automated fraud detection systems have predictive analytics and AI at their core, making them effective at monitoring your spending patterns over time. This makes it easier to identify unusual transactions that could be fraudulent.
    • Real-time account checking allows banks to verify that users already have access to the account in question. You must confirm recent or date-specific transactions before employees assist you.
    • Identity document capture enables banks to authenticate a customer's identity documents digitally in real time. 
    • Biometric verification identifies people through unique biological identifiers, such as fingerprints, voices, or faces.

    Were You the Victim of a Bank Scam? Act Now

    Most financial institutions offer fraud assistance up to a certain point, so it's crucial to take action as soon as you realize you’ve been compromised. Here’s what to do:

    • Freeze your accounts. Call your credit card companies to tell them that you believe a scammer has your credit card information. The companies can block the cards and freeze the compromised accounts. Be prepared to provide extra verification to regain control of your accounts.
    • Place a fraud alert and request a free credit report. Notify the bureau immediately if you spot any suspicious activity in your reports, such as account information changes, new credit card applications, or loan requests. 
    • Check your bank statements for unexplained activity. You can flag fraudulent transactions if the thief has already withdrawn funds. On credit card payments, the card issuer should be able to reverse the charges.
    • Report the scam to authorities. Submit a fraud report to the FTC and file a police report with local police. File the FTC report on reportfraud.ftc.gov; and for additional support, contact 1-877-ID-THEFT (1-877-438-4338).
    • Change your online banking passwords. If you believe any online passwords are vulnerable, visit your accounts to create new passwords immediately.
    • Notify other related parties. If the scam was linked to a P2P app, gift card, or digital banking service, report the fraud to the appropriate customer service department.
    🤝 Need more help? Follow the fraud victim's checklist for step-by-step instructions on how to recover from fraud.

    Keep Your Finances and Identity Safe With Aura

    Learning how to protect your bank accounts from identity theft isn't foolproof anymore. Large-scale data breaches like the Flagstar Bank[*] incident could still leave your PII vulnerable despite these precautions.

    Reliable identity theft protection is one way to take back some control. Aura offers an all-in-one digital safety solution for the whole family, with features such as:

    • Credit monitoring: Monitor your bank accounts, credit file, and other accounts for signs of fraud. 
    • Rapid alerts: With near real-time fraud alerts up to 4X faster than any competing product, Aura provides the quickest means to detect and deter scammers.
    • Dark Web monitoring. Get alerts if there's any suspicious activity on your accounts or your information is leaked on the Dark Web.
    • Antivirus with VPN protection. Protect your devices and networks against malware, phishing sites, and hackers using military-grade encryption and powerful antivirus software.
    • Family identity theft protection: Keep your children and elderly relatives safe with Aura’s Family Plans, which include coverage for up to five adults and children.
    • White-glove fraud resolution: Rely on a U.S.-based support team that is available 24/7 to help you handle any incident and recover from financial fraud.
    • A $1,000,000 insurance policy: Cover every adult member on your plan from the aftermath of identity theft with a $1 million insurance policy for eligible losses.

    Related Articles

    bank scams and financial scams to avoid
    Fraud

    2022 Bank Scams: Phishing, Impostors, Free Money

    Scammers will go to any length to get access to your bank account and financial information. Here’s how to stop them and keep your accounts secure.

    Read More
    May 18, 2022
    Identity theft stories and cases
    Identity Theft

    The Most Unbelievable Identity Theft Stories of All Time

    Here are the 15 most unbelievable, audacious, and terrifying scam and identity theft stories that will show you just how bad identity theft really is.

    Read More
    June 21, 2022

    Try Aura—14 Days Free

    Start your free trial today**

    This is some text inside of a div block.

    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

    1. Financial identity theft and fraud
    2. Medical identity theft
    3. Child identity theft
    4. Elder fraud and estate identity theft
    5. “Friendly” or familial identity theft
    6. Employment identity theft
    7. Criminal identity theft
    8. Tax identity theft
    9. Unemployment and government benefits identity theft
    10. Synthetic identity theft
    11. Identity cloning
    12. Account takeovers (social media, email, etc.)
    13. Social Security number identity theft
    14. Biometric ID theft
    15. Crypto account takeovers