You may have heard in the news recently that an Internet crime group, Carbanak, stole up to one billion USD by targeting the institutions themselves rather than individual customers. They transferred funds to controlled accounts and hacked ATMs via SMS messaging over the last two years. Cyber security experts at Symantec have been tracking Carbanak for some time now.
What can cybercriminals do with my data in the event of a banking or financial institution breach?
Cybercriminals are attracted to stealing data that they can make money from, such as credit and debit card numbers, bank account numbers, Social Security numbers, birthdates, full names and addresses. They can commit identity theft with Social Security numbers, sell credit and debit card numbers to other cybercriminals or bleed bank accounts dry using bank account information.
How do I know if I have been involved in a bank breach?
While the Carbanak incident has been ongoing over the last two years, chances are the customers affected by it are already aware of the breach. However, this is neither the first nor the last of these types of breaches we will see. Cybercriminals may not use the stolen data right away, so you may not notice any suspicious activity on your accounts for some time. If you hear about a breach involving an institution you do business with, contact the organization in question to check whether your data has been compromised. You can visit the organization’s website to see if there is a statement about the breach with any instructions about what to do next, or you can call the company’s customer service phone number.
You may not know if you have been affected by a breach, so your best action is to be proactive. You can use the tips below to stay ahead of the bad guys and know what to lookout for.
How can I protect myself in the event of a bank breach?
- Once you’ve confirmed that you have been involved in a bank breach, monitor and follow instructions from the company if they have provided any.
- Routinely monitor all of your financial accounts for suspicious activities, such as transactions that you did not make. If your institution offers account activity alerts via text or email, sign up for them.
- If the information that was leaked in the breach was as a Social Security number or other personally identifiable information, you may want to consider putting a security freeze on your credit report. This will prevent other institutions from accessing your report entirely, which will prevent opening any new credit lines or credit extensions under your name.
- If you do encounter suspicious activity on your account, contact your bank immediately and inform them of the activity as well as the fact that your information was exposed in a breach. Secondly, contact the FBI’s Internet Crime Complaint Center (IC3) and file a report.
- Beware of phishing scams. Phishing emails present themselves as legitimate messages from legitimate organizations. These emails contain a “call to action” usually about an issue with your account and will provide a link in the email. Never click on links in these kinds of emails. They can redirect you to a website that was designed to look just like the website in question in order to steal your login information. If you are worried that there is an issue with your account, open your Internet browser and visit the website directly by typing in the address directly into the browser’s address bar.
Breaches are becoming far too common these days, as the payoff for cybercriminals can be extremely lucrative. Luckily, there are anti-fraud laws in place to protect you. However, it is up to you to be vigilant about monitoring your accounts for suspicious activity and to report it right away.