My son's bank account hacked 😩
 

Our youngest son's bank account was hacked Friday night/ Saturday morning . A fraudulent charge of $1300.00 was made . He immediately contacted his bank , did the lock down exercise and changed passwords . The bank stated they will look into it but said funds may not be recovered .

So what recourse if any does my son have ? I told him to contact his states bank commission . And also call local news channels . Anything else he can do ?

This has happened to me once, and after an investigation by the bank, my funds were reimbursed. Now, my passwords are quite long and complicated….20+ characters and numbers. I would keep pressing the bank…he should get his money back.

Might not be related but it wouldn't hurt to put a freeze on his credit.

Does he know what might have led to the hacking?

Unless his password was Password or silly simple it should be the banks fault. If the password was strong enough to meet the bank’s standards it is on them.

My accounts are a pain to get into with a computer or phone they don’t recognize.

Stay on the bank! My wife’s business account was hacked and they took $50k I pressed the hell out of they because we have many layers of protection. They wouldn’t say but we are sure the bank was socially engineered to change her password. We got the money back.

It could be the banks fault, but this statement is absolutely not true.

Many/most folks these days use passwords that meet the minimum standards set by websites. The BIG problem is that many/most folks also use those same passwords on multiple websites. So if you use the password "DZq4jTw$EHgLS-X!79", but you use that password unchanged on 20 different sites, and one of those sites gets hacked by someone. They can then use that password on the other 19 sites. If your bank is site #17 then it's not your bank's fault that you used the same password all over the place.

Or maybe none of the sites were hacked, but your PC or tablet or smart phone was compromised, and the hackers got the password directly from one of your devices, that's another good and common reason why the fault/responsibility would have NOTHING to do with your bank.

Those 2 items are far more common than a bank getting hacked in a way that the hackers get your login info.

I'm not saying that it might not be the banks fault, but it's not the most likely reason.

Another possibility is that the password was written down near the computer and someone visited that found the password and wrote it down (or more likely took a pic with a cell phone). This is probably less likely than the other reasons, but not outside of the realm of possibilities, especially if there was a party or strangers around.

What do you mean by fradaulent charge ... via a debit card #, etc. Banks eat card losses etc. all the time.... stay on them.

I access all of my stuff all the time via my phone .... 2 stage authentication ... tied to my email, or a text to my phone if any of these accounts are accessed from a different device. Nothing is kept on my phone .... passwords are secure enough .... and memorized .... still :D

Now what day is it again... ;)?

Good luck!

Just spoke with my son . So what he thinks happened is what's called " brute force " by the hackers . Apparently several computers searching the world and pushing thousands/millions of combinations of numbers/letters etc to break into accounts .

Apparently the bad guys hit on a combination that got past the banks firewall . Once past the firewall they were able to withdraw or transfer the money out of his checking account . As of today I don't think anyone knows for sure exactly what happened .

My son told me he uses complex passwords. He lives by himself and doesn't have passwords written down . So I don't think this was by anyone he knows . I told him to stay on the bank but be professional and courteous . If the bank doesn't come through then ratchet it up to higher authorities .

Sounds like a tough situation I never want to face. I'm sure this happens frequently enough that $1300 isn't going to make news headlines. That doesn't suggest that your son should keep quiet though. Quite the opposite. IDT your son's bank wants to see this all over X, Tic Tok and Instagram and FB.

@stolenmoney seems about right.

It really pisses me off . Both of our sons are fine young men . They have good jobs , are hard working and honest . They are a positive influence for society vs a negative . Neither has ever been in trouble .

I immediately sent him $$$ to replace what was taken . A 1300 dollar hit is hard for him and I am in a position to help . He admitted it was hard to ask for it , he has pride and integrity .

I am hopeful that the bank will investigate and do the right thing . Only time will tell .

Question...does he use a debit card? They have none of the protections of a credit card. Just locking the barn door after the horses got out...

If it was a "brute force" thing like you mentioned, 100% it should be on the bank because it was their security that was breached.

Perhaps a visit to the state consumer protection agency?

He does not use a debit card to my knowledge . He specifically told me he never uses an ATM .

You all are acting like this is earth shaking news. It is not. Going to authorities and news outlets is ho hum to them. The bank is the problem and that's where the focus goes. AFA debit cards and online transactions go, this is not a CC with CC protection. Regional banks don't even have their own CC, they have an affiliation with Visa, MC, etc.

I don't know what many in the banking and financial business here on PPOT know and don't pretend to. But I do know that the number of facts and times are important. I had an airline ticket purchased with my Discover. It took 5 months for the money to be credited but in the meantime they did not charge interest. All I needed to show them was that I was not in FL but in CA where I live when the FL purchase was made. That was easy enough when I dug into it.

A simple history of any personal computer and phone that matches the IP of the account owner should show that they were not the IP used no matter how many firewalls and projected IP's are involved. I think it's all in the effort put forth by the account owner to dispute the charge that counts. Don't just stand by and think it will automictically go away.

Now waiting for KC and the many others to chime in.

Just FWIW, I use my debit card exclusively and I've never had $$ leave my acct. But I digress ... I am quite aware of the "real risks"...

This sounds like an internal "systems breach" .... shhhhh...

Let'$ eat thi$ one ... "golden gee$e egg$ ;)

I'll bet you get reimbursed. They probably have to say there is risk of loss per their policy.

This .... every single day!

I had this happen to a Trust account at TD Bank. I reported it as soon as it showed up, and they gave me a provisional credit and cleared it up quickly.
The bank debit card number that was hacked has been in my file cabinet since the day it was issued, and had never been used.

Super weird. That's exactly why many places will "lock" and account if you try the wrong password more than X number of times. Either they'll then make you wait for some period of time before trying again, or make you contact them. I'd also think that most banks would have some form of "intrusion detection" that would alert if someone was trying a brute force attack. But maybe this is a smaller bank. Probably unlikely in a bigger bank unless something else weird occurred.

I'm glad that it was "only" $1300 and that he's got you to help him out.

Sucks for sure regardless of how/why it occurred.

Actually, it's not, at least not the bank that I work for.

1 Banks HATE bad press, at least mine does. I think bad press is as bad or worse than #2
2 depending upon the issue there can be big fines levied by the govt. Banks hate to give away money.

I have no idea on how refunds and things are handled. I've been a member of a credit union since before I could drive, and that's my primary "bank" where my deposits go, my credit card comes from, and all the bills get paid out of. They are shockingly good about blocking fraudulent charges usually before they are allowed.

The only advice I can offer is this. I keep the minimum necessary in checking and my savings account is not linked or electronically accessible.