Customers need to be vigilant as thefts and money stolen from personal accounts become more common
AARP | By Christina Ianzito | October 21, 2022 | Money Stolen | Shield Insurance
When Nicole Brandes, 54, did a routine check of her three linked Bank of America accounts online recently, she noticed something alarming: $10,000 was missing.
The Washington, D.C., art teacher looked closer to find that $9,300 from her business account and $700 from her personal checking account had first been transferred to a fourth account in her name that she’d never opened. It was then promptly withdrawn by the cybercriminals.
“I’m worried, I don’t have any explanations,” Brandes said a week before the bank compensated her for the loss. “It’s totally confusing and disorienting.”
Money stolen is all too common.
There was a 90 percent increase in account takeover fraud and a 109 percent increase in new account fraud — when a criminal opens an account in a victim’s name — in 2021, according to a report from Javelin Strategy & Research. Total combined losses for traditional identity fraud and scams related to identity fraud totaled $52 billion and affected 42 million consumers in the United States.
“These kinds of account takeovers have been increasing over the last number of years,” says Mark Solomon, vice president of the International Association of Financial Crimes Investigators, who notes that chip technology has made it more difficult to make counterfeit credit cards, so criminals will “steal the person,” meaning their identity, “instead of the card.” They’ll then use that identity theft to, among other crimes, access or open bank accounts and steal money.
And because they generally have built up more savings than their younger counterparts, older people are often the target.
How criminals can access your account
There’s a reason that choosing smart passwords — and using a different one for each of your accounts — is one of the top rules (if not the top rule) for protecting yourself from identity theft and fraud.
Websites are frequently hacked, compromising sometimes millions of passwords, as occurred with LinkedIn last year in a data breach that compromised the personal information of 700 million users. Once stolen, usernames and passwords are often sold on underground markets to cybercriminals, who can then test them on bank login pages.
Criminals know that many people use the same or similar passwords across dozens of accounts. “Every time I talk to people, I hear the same story when I ask, ‘Is your pet store account password the same as your Citi account, the same as your coffee shop account?’ ” says Mike Steinbach, a former federal law enforcement officer and head of Citi’s fraud prevention unit. “You hear, ‘Well, yeah.’ Or people will say, ‘For the coffee shop I have Fido123, but for Citi I have Fido321.’ Modern tools can hack through that in a matter of seconds.”
Criminals will also send phishing emails — advertising a product, telling you you’ve won a prize, you name it — with a link that, when clicked, can infect your computer with credential-stealing malware, says Laurie Iacono, an associate managing director at the business services and cyber risk firm Kroll. This allows them to harvest all of your saved login credentials. Or they might try to obtain identifying information through a survey or quiz. The more personal information they have, the easier it is for them to impersonate you and access your accounts without the bank flagging their transactions as suspicious.
These criminals are incredibly adept at using the latest technology to achieve their ends — more so than the general public, says Steinbach, “because they’re not constrained by laws or morality, so therefore fraud is occurring at a speed and scale that we’ve never seen before.”
“People will say, ‘For the coffee shop I have Fido123, but for Citi I have Fido321.’ Modern tools can hack through that in a matter of seconds.”
How to prevent account theft
“Unfortunately, there are a lot of different ways to commit fraud,” Solomon says, “and nothing’s 100 percent foolproof to be able to lock down your information and prevent fraud completely.”
— Mike Steinbach, head of Citi’s fraud prevention unit
Although banks have the highest-tech cybersecurity systems, there’s not much they can do to stop a criminal who is able to assume your identity from accessing your account. “I think they do a really awesome job at cybersecurity in general,” Iacono says. “But when someone gets total information or access to a machine, then there is a possibility of them bypassing that.”
As Steinbach puts it: “Fraudsters will go after the weakest link,” and because banks’ security systems are so advanced, “in a large portion of cases,” that weak link is the customer.
The best way to protect your money is to consider yourself in a theft-prevention partnership with your bank, he says.
Here are more ways to lower your risk of becoming the victim of an account takeover:
1. Never reuse passwords. Don’t use the same password on every single site — particularly if you’re one of the many who opt for “123456” and “password” (two of the most commonly used passwords, according to the password management company NordPass). Use unique, long passphrases (think 40-plus characters) for each, and subscribe to a password manager, such as LastPass or Keeper, to store them all. You’ll just need to have a single, very strong and memorable passphrase for the password manager. Choose something that’s “relevant to you but as random as possible,” suggests Neil Grant, AARP’s senior identity and access manager architect.
2. Use a unique username, too. “If you don’t have to use an email address as a username, don’t,” Steinbach says.
3. Set up multifactor authentication (MFA) on your accounts.
Click here for the rest of the article…