Bank Account Fraud Is Growing — How to Protect Yourself

In October, we shared the story of the Carleo family, whose bank accounts were cleaned out to the tune of $130,000 after a mysterious phone call. The Carleos got their money back only after a little media attention. Thefts like what happened to them continue to proliferate — so it’s time to take extra precautions to safeguard your accounts.

Bank account fraud has grown so much in recent years that nearly everyone has a story about it. There are victims who received phone calls from imposters pretending to be bankers or legal authorities, tricking them into revealing information enabling money to be moved online. There are scammers convincing people — disproportionately senior citizens, according to the Federal Trade Commission — to withdraw cash from their bank and deposit it into a cryptocurrency ATM. Then there’s the annoyingly persistent crime of “phishing,” where scammers email or text dangerous links; a popular version recently has sent out messages about package delivery.

No one is immune from these scams — including high net-worth and ultra-high-net-worth individuals, even if they have a private office to manage their accounts.

“I believe they are more targeted. They’re typically more well known than the average individual, and there’s the knowledge that there’s probably more money there,” says Kris Marney, director of family office services for accounting firm BPM.

Even professionals hired to manage finances for UHNW families can fall victim. One fraud subgenre, “business email compromise” (BEC), targets offices, including family offices, with official-looking emails trying to obtain passwords or other sensitive information that they can use for fraud.

“This sort of fraud is affecting everybody — rich, very sophisticated consumers and people with very limited means,” says Galen Cheney, an associate with San Francisco law firm Kronenberger Rosenfeld.

Fortunately, there are things that you can do to safeguard your savings, before, during and even after a cyber fraud attack.

Before: Preventing fraud

Many experts agree that banks should be doing more to safeguard customers’ accounts. But if everyone took advantage of protections that are already available, most cyber theft attempts would never get started. Security experts say to start with the basics, like passwords.

“It’s really imperative that you keep your username and password secure,” says Chris Pierson, founder and CEO of cybersecurity firm BlackCloak. “Make sure that you’re using a unique username and password for your financial accounts — every single one.

“Second, make sure dual-factor authentication is turned on,” Pierson says. Dual-factor authentication usually sends a code to your phone or email that you’ll have to enter online before gaining access to your online account. You should be able to find this option in the settings to your online bank account. “Or better than that, because text messages can be intercepted, use a multi-factor authentication app — an app that sits on your phone and delivers you a unique code every 30 seconds.”

Sometimes, when scammers call people, they’re after those dual-factor authentication codes. Here’s how it happens: A scammer gains access to your online account and tries to wire money out. This action triggers the bank to text you a code, which the scammer would need to type in to complete the transaction. So the scammer calls you, pretending to be the bank, and claims that they just sent you a code and you need to read it to them in order to prove your identity.

Incoming scam calls have become such a problem that experts advise you to simply decline all incoming financial contacts. If you pick up the phone and the caller says it’s your bank, Pierson advises, “You should just hang up.”

“Never take any incoming phone calls or incoming emails or incoming texts from your bank. You only call your bank, your financial institution — using the phone number on your last statement or on your credit card or debit card,” Pierson says.

Where you get the number is important, Pierson says, because scammers disseminate fake numbers on fraudulent websites and via emails and texts. “Never, ever call a number that is in an email that’s been sent to you.”

It’s important that people not only implement preventative measures for themselves but make sure things are locked down for older loved ones as well. The Federal Bureau of Investigation warns that fraud victimizing elders increased more than any other type of fraud between 2021 and 2023, “largely because of the rising use of cryptocurrency.” Experts recommend that folks keep an eye out for anything out of the ordinary with seniors’ finances. Unusually large withdrawals, for instance, could be a sign that a senior citizen is being pressured or tricked into “investing” in fraudulent crypto schemes, a long con known as “pig butchering” that often starts with a text from a stranger.

Hacker, IT and person with code on computer, programming and phishing scam with malware or virus. Hacking, system glitch and cloud computing error in dark room, cyber crime and cybersecurity fail
Getty Images

During: Recognizing and responding to a scam in progress

So it happened. You clicked a link without thinking. You shared information on a phone call that you later had a bad feeling about. Or maybe you received an alert from your bank reporting an unexpected transaction.

It may not be too late. The first thing to do is contact your bank — again, make sure you are calling the bank’s real number — and immediately report what happened. You should be able to freeze your account and prevent wires and online transfers.

“It is crucially important and time-sensitive to report unauthorized activity to the financial institutions as soon as possible,” Cheney says. “This is both for practical and legal reasons.”

Second, if the suspected fraud happened on your computer, you need to safeguard that.

“If you did in fact download anything, you’re going to want to make sure that computer is safe,” Pierson advises.

Security firm Cyber Tec recommends you start by disconnecting the computer from the internet. If it’s in the process of downloading malware (any kind of program designed to do bad things to your computer), you may be able to interrupt it. You may want to have the computer checked out by a professional before you connect it to the internet again.

You should also immediately change all your account passwords.

Finally, report the attempted crime to authorities. A good place to start is the FBI’s Internet Crime Complaint Center.

After: Salvaging what you can

But what if you didn’t catch the fraud in time, and money was moved out of your account before you realized what was going on? The first step is still to contact your bank. The fraud team there may still be able to take action, such as initiating a SWIFT recall (basically requesting a reverse of a recent wire) or working with the fraud department of the receiving bank to return or freeze the funds.

Law enforcement may be able to help as well, if contacted quickly enough.

“Time is of the essence,” Pierson says. “If you do it the same day, there’s going to be a higher chance of success.”

If it’s too late to reverse the wire, you can appeal to the bank to reimburse you for the loss. Unfortunately, as fraud losses have increased, more banks are refusing to replace stolen funds. This is what happened to the Carleo family, who was featured in a past Better article.

If this happens, it’s still not the end of the road. You may have a legal case against the bank. The first thing you should do in that case is to let the bank know you dispute their decision. Cheney advises that you make your notice “specific and detailed.”

“Seeking legal counsel is also advised. Don’t try to figure this out on your own,” Cheney says. “Maybe even a free 30-minute call with an attorney that handles these sorts of cases would be beneficial.”

You can check with your local bar association to find an attorney that handles wire fraud cases.

Cheney also advises reporting the fraud to every relevant authority.

“Report to your state regulator, your state attorneys general, the Consumer Financial Protection Bureau, the FTC and the FBI,” he says.

Increasingly, state attorneys general are suing banks on behalf of citizens. For instance, the state of New York is suing Citibank for inadequate fraud protection, and calling on the court to force the bank to pay customers back for their losses.

Victims of fraud may feel angry with themselves. If you made a mistake that led to losing money, you may even feel that you have only yourself to blame. But you shouldn’t beat yourself up. Remember that scammers have honed their schemes to maximize success.

“Very intelligent people have fallen for these scams,” Cheney says.

It’s always worth reporting the crime to authorities — even if you were tricked into participating in the fraud yourself, such as by withdrawing money from your bank and handing it over.

For instance, Massachusetts recently recovered $269,000 in cryptocurrency from a cryptocurrency scam operation and distributed the money to victims. In this case, the victims willingly deposited their money — in some cases, their life savings — in accounts with the fraudulent company, believing they were investing.

Besides legal avenues, victims can try getting help from the media. The Carleo family had tried nearly everything to get back $130,000 that had been stolen from their account. But after getting part of the wires reversed, Chase Bank refused to reimburse them for the remaining $90,000 — until the bank heard that Better was publishing a story about the family’s crisis.

Four days after receiving details of the story to be published, Chase spokesman Peter Kelley told Better by email, “We’ve resolved this issue with our customer.”

The Carleos then found that Chase had replaced their lost money. It was the end of a seven-month nightmare of confusion and dead ends. They never really understood how the theft happened, what they might have done wrong, or how this could happen with a reputable bank.

“You put your money there to be protected,” says Donna Carleo, the family member who received the apparent scam phone call that started the whole thing.

After this incident, the Carleos didn’t feel safe with their Chase account anymore. Even though the bank eventually refunded them, they closed their account and moved their money to a different bank.

It’s worth noting, however, that no one is safe from fraud attempts right now, no matter what bank they use. In addition to Chase, media reports expose similar scams happening to customers of all major banks, including Wells Fargo, Bank of America, and Citi.

Even if customers are made whole in the end — and many are not — bank fraud is never something you want to experience. To protect yourself and loved ones as much as possible, tap into these resources for fraud prevention and recovery:


More From Better


Carrie Kirby spends a lot of time asking people about something they think about but rarely talk about: money. Her work on personal finance, business and technology has appeared in San Francisco Magazine, The San Francisco Chronicle, Wise Bread and more publications. She lives on an island (Alameda) with her husband and three kids, and blogs about family travel and mileage rewards at The Miles Mom.

  Who We Are       NFP Support       Magazine       Programs       Donate    

X