Can Someone Steal Your Identity With Your Bank Account Number?
When David Barnett got a call from Bank of America, the bank employee warned him that someone was trying to withdraw money from his account [*]. Panic-stricken, Barnett followed the caller’s advice and made a large Zelle transfer to another “safe” account. But it was a scam.
In this case, Barnett was lucky that real employees at Bank of America were able to help him recover stolen funds. But that's not always the case.
According to the latest data from the Federal Trade Commission (FTC) [*]:
Americans lost over $8.8 billion to fraud in 2022 [*] — with bank fraud being the third most-common type of identity theft.
In this guide, we’ll explain how scammers target your bank account, who’s most vulnerable, and how you can safeguard your savings from fraudsters.
{{show-toc}}
Who’s Most at Risk of Bank Fraud and Identity Theft?
Fraud can happen to anyone — but some groups are more vulnerable than others. Here’s who should be the most cautious about bank and identity fraud:
Young people are vulnerable
People aged 18 to 29 are more likely to become victims of identity theft compared to other age groups.
- People under 20 years old had collective losses of almost $71 million in 2020.
- On average, people under 20 lost an average of $3,000 per victim.
Why? Because young people, especially those in the Gen Z age group, have grown up as digital natives, they are more comfortable with e-commerce and social media. They are, therefore, more likely to share personal information online.
Older people lose more
While younger people are more likely to become victims, older victims of identity theft lose more money.
- People aged 50–59 had an average loss of $9,864.
- The 60+ age group had an average loss of $9,174.
Why? Older adults tend to have more savings and assets, making them valuable targets for fraud. Also, many older people can be lonely, trusting, and less tech-savvy, which makes them more susceptible to scams.
Men are more likely to be scammed than women
According to TrueCaller, 55.6% of phone scam victims in 2022 were men [*].
- The survey results indicate younger men are more vulnerable to scams.
- 46% of men aged 18–34 lost money to phone scams, compared to just 24% of men aged 45–54.
Why? The Federal Trade Commission (FTC) reported a dramatic surge in romance scams in 2021 — for every age group [*]. This trend was most noticeable for people aged 18–29, where reports of fraud grew tenfold from 2017 figures.
The bottom line: Identity thieves don’t discriminate. If your banking information is in the wrong hands, you could be a victim. Try Aura’s top-rated identity theft protection solution free for 14 days to start protecting your finances from fraudsters.
🛡
Start protecting your finances today. Aura’s all-in-one identity theft protection solution has the industry’s fastest and most reliable credit fraud alerts. Try Aura
free for 14 days to secure your bank account from identity theft.
14 Steps To Protect Your Bank Account From Identity Theft
Your bank account is a prime target for identity thieves and cybercriminals. Follow these steps to secure your accounts against the latest scams.
- Use strong, unique passwords
- Don’t discount security questions
- Enable multi-factor authentication (MFA)
- Practice safe browsing
- Beware of phishing, smishing attempts
- Always assume public Wi-Fi is not secure
- Set up automatic software updates
- Install browser security add-ons
- Make the most of your bank’s security features
- Make diligent peer-to-peer payments
- Safeguard your financial records
- Know how your bank might reach you
- Learn more about credit freezes, fraud alerts
- Maintain an emergency contacts list
1. Use strong, unique passwords
You may be among the 62%of Americans who use the same password for multiple online accounts [*]. While this might make it easier to remember your passwords, it’s a hasty practice that leaves you exposed to breaches. Instead, you should create strong passwords that are harder to guess.
How do I do this?
- Avoid personal information, such as your name, address, or date of birth.
- Choose longer passwords, opting for phrases rather than single words.
- Include numbers and special characters, like exclamation marks or asterisks.
- Use a mix of uppercase and lowercase letters.
- Avoid common sequences, such as “123.”
- Change your passwords regularly, like every 3–6 months.
One of the best ways to protect your bank accounts from identity theft is to use a password manager to store your passwords safely. Password managers generate and store longer, more complex sequences for each account.
📚 Related: The Best LastPass Alternatives in 2023 (Free & Paid) →
2. Don’t discount security questions
Security questions are a common identity authentication step that enables users to set up questions and secret answers to manage access to online accounts.
How does this help?
While this process is often reserved for password recovery services, you can also use security questions to provide an additional security layer on your logins.
For example, you can apply this to social media platforms to protect valuable information such as your full name, date of birth, address, and phone number.
How do I do this?
Your passwords should tick the following five boxes:
- Multiplicity: Use an open-ended question that could have multiple possible answers.
- Confidentiality: Your answer shouldn't be available online, nor should it be easy for anyone to find out. Use less-obvious answers for security questions, such as your mother's maiden name or the city you were born in.
- Memorability: Your answer should be something you can recall without having to write down or look up.
- Consistency: Avoid answers that change over time (like opinions or favorites).
- Simplicity: Avoid answers that are ambiguous or require case sensitivity, as these could be hard to remember over time.
📚 Related: Bank of America Customer? Beware of These 7 Scams →
3. Enable multi-factor authentication (MFA) across accounts
Multi-factor authentication (MFA) is an electronic authentication method that requests several independent authentication factors before granting users access to an application or website.
How does this help?
Sometimes called two-factor authentication (2FA), this security method provides extra protection for your online banking information. After you enter your login details, the app will conduct a second security check. For example:
- A code is sent to your mobile phone (which you must confirm on the app).
- An automated call comes through to verify your identity.
- A visual check is requested in which you must identify the correct image, like with CAPTCHA.
This added layer makes it harder for an identity thief or hacker to unlock your bank account.
How do I do this?
MFA is fast becoming a standard tool in financial services. Mobile push notifications account for 68% of MFA methods, replacing text messages — which are susceptible to SIM swap scams [*]. If you don't see MFA on your banking apps, ask your bank how to set it up.
📚 Related: Scammed on Zelle? Here's How To Get Your Money Back →
4. Practice safe browsing
There are nearly 300 million internet users in the U.S; 282 million of them are online using mobile internet [*].
However, many people don't take adequate precautions to protect their identity, which exposes them to malware and nefarious hackers.
How does this help?
Safe browsing helps protect against the three most common threats online:
- Phishing
- Drive-by malware
- Harmful downloads
With greater care in your internet use, you can protect your personally identifiable information (PII) and reduce the chances of identity theft.
How do I do this?
- Use a secure virtual private network (VPN) to browse online. This step will encode your information so hackers can’t read it.
- Commit to sharing less online. Provide less information on forms, limit access to collaborative folders, and use a throwaway email address for subscriptions.
- Tighten privacy settings for your online accounts including all social media.
- Remove unused third-party connections, including mobile apps and browser extensions. Only download privacy-focused apps that you will actively use.
- Block search engines from tracking you. Delete your data from each search engine history, and consider using a privacy-focused engine like DuckDuckGo.
📚 Related: How to Recover a Hacked Instagram Account [Step by Step] →
5. Beware of phishing and smishing attempts
Phishing emails purport to be from reputable companies and are designed to trick people into sharing sensitive information, like credit card numbers and other personal details. In recent years, this scam has evolved from email to SMS text, known as smishing.
How does this help?
When a thief obtains your personal information through phishing or smishing scams, you can fall victim to identity theft or financial fraud. It's important to understand the signs of these scams, so that you can protect your PII and stop thieves from accessing your bank accounts.
How do I do this?
When you receive an email, SMS text, or WhatsApp message from someone you don’t know, ask yourself the following questions:
- Is the sender claiming to work for an organization like the IRS or FBI?
- Is the sender asking for sensitive information like my credit card details?
- Is the email prompting me to click on a link or download a file?
- Is the sender using urgent or threatening language to get me to act?
- Are there any grammatical or spelling errors in the email?
If you want to respond, look up the company’s official website, and call the correct customer service number directly to discuss the matter.
⚡️
Act fast to shut down scammers. If fraudsters have your bank account or other sensitive information, they could steal your identity and empty your account. Try Aura’s award-winning identity theft protection
free for 14 days to keep your accounts (and identity) safe.
6. Always assume public Wi-Fi is not secure
Public Wi-Fi hotspots make it easy to access the internet just about anywhere, from coffee shops to libraries, and airports to hotels. But these convenient connections have an insecure trapdoor; hackers could be watching.
How do I do this?
If you are on public Wi-Fi, take the following steps to protect your information:
- Use a VPN to encrypt your data as you browse. Aura’s secure VPN and antivirus software will keep your bank account information safe as you browse online.
- Ensure that you only visit secure websites displaying “https” in the URL address. You’re generally safer on these websites, although some scam sites can mimic an “https” connection.
- Avoid logging into email and online banking accounts. If you must use these services, switch to mobile data instead of using public hotspots. Mobile data is already encrypted, which is a safer choice if you’re entering login details to sensitive accounts.
📚 Related: 10 Dangers of Public and Unsecured Wi-Fi Networks →
7. Set up automatic software updates
Software vulnerabilities present a chance for hackers to exploit your system and potentially install malware or steal valuable data. If you don't have automatic updates — and delay taking action with manual updates — you could be exposed to a breach.
Here’s how to do it:
- Windows 10: From the Start menu, go to Settings > Update & Security > Windows Update. Ensure that you set up "active hours" so Windows won't reboot in the middle of your work day.
- Windows 11: Select the Windows icon and navigate to Settings > Windows Update > Advanced options.
- macOS: Open System Preferences > Software Update and select the Advanced button. Check all the boxes.
- Android: Open Settings > System > Advanced > System Update and leave it switched on.
- iOS: Open Settings > General > Software Update, then turn on Automatic Updates.
8. Install browser security add-ons and plug-ins
Browser security extensions protect your device by scanning websites for malicious code, blocking intrusive ads, and protecting your online privacy.
These security add-ons or plug-ins are simple additions — whether you use Chrome, Bing, Firefox, or another browser.
How do I do this?
- Research the developer’s website to confirm that it's legitimate. Check the description for questionable practices, such as tracking features or data sharing.
- Research reviews to see if anyone has complained about data privacy issues.
- Be selective. Every new extension creates a bigger attack surface. Only select highly-rated extensions that you will use.
- Use trusted sources to install the extensions, as these are more likely to be safe compared to third-party websites. Review permissions. Make sure the new extension doesn’t request unexplained changes to your access permissions.
📚 Related: How To Spot a Bank of America Phishing Email →
9. Make the most of your bank’s security features
Banks offer standard security features like spending limits, push notifications, and additional MFA security to prevent unauthorized access.
How does this help?
Spending limits stop you from overspending online and prevent hackers from ruthlessly draining your account. Bank alerts notify you about unusual activity or changes to your account status — such as a low balance, large purchase, or profile changes.
These real-time updates are available on Android and iOS mobile devices, so you can use your online banking app to stay on top of things.
How do I do this?
- Log in to your account on desktop or mobile.
- Navigate to your account settings, then select the option for "Alerts" or "Notifications."
- Set amount limits for spending, and turn on notifications for email, text, or push.
If you have any trouble setting your desired security feature, contact your bank by calling the customer service number on the back of your debit card.
📚 Related: What Is Credit Monitoring (And Do You Really Need It?) →
10. Make diligent peer-to-peer payments
Peer-to-peer (P2P) transactions are electronic money transfers that one person sends to another via an intermediary payment application. Although P2P systems encrypt your financial information, some have been hijacked by scammers.
How do I do this?
- Never send money to someone you haven’t met.
- Confirm the phone number or username of the recipient before sending money.
- Always use MFA — like facial recognition or a PIN.
- Keep your P2P apps updated to have the latest protection and security features.
- Switch on transaction alerts to get instant notifications about any account activity.
- Link your credit card to the P2P app instead of to your debit card.
- Never let strangers borrow your phone.
📚 Related: Is It Safe To Link Bank Accounts? 7 Risks To Know →
11. Safeguard your financial records
In the U.S., 49 million people have had at least one package stolen in the past 12 months [*]. Mail theft can occur when someone steals letters and packages directly from your mailbox — but sometimes, the thief obtains information from inside your house.
Whether it’s a family member, friend, or visitor, a mail thief is typically after personal information that they can use to commit identity theft. Information they steal may include:
- Name and address
- Social Security number (SSN)
- Email addresses
- Credit card and bank account information
- Employment history
How do I do this?
- Monitor your physical mail, and make sure not to leave mail lying around in the house.
- Shred sensitive documents like credit card statements after you read them and grasp all critical information.
- Store valuable documents like Social Security cards, birth certificates, bills, and business account statements in a locked safe. Protect digital copies with secure passwords and encryption.
- Watch out for check fraud. Don’t accept checks from someone you don’t know, and never cash a check you weren’t expecting.
- Look out for suspicious mail that might indicate a thief has applied for credit in your name.
📚 Related: My Parents Are Using My Social Security Number — Should I Report Them? →
12. Know how your bank might reach you
The FTC reported that in 2021, over $2.3 billion in losses were due to imposter scams. When you know more about your bank’s procedures for communication, you will be able to tell if someone is scamming you.
How do I do this?
- Know that banks rarely call you directly. Instead, they will send you direct mail or text messages.
- They will never ask you to share personal information, such as debit card numbers or credit card numbers.
- Banks will never ask you to reveal your online banking password or PIN.
- They will never ask you to transfer money into a “safe account.”
📚 Related: Do Banks Refund Scammed Money? →
13. Learn more about credit freezes and fraud alerts
Credit freezes and fraud alerts are security measures that help prevent unauthorized access to your credit file:
- A fraud alert is a real-time notification that lets you know about suspicious credit inquiries, like if someone tried to obtain a credit card or loan in your name.
- A credit lock blocks all access to your credit history so that nobody can open a new account in your name — not even you.
- A credit freeze seals your credit history until you "thaw" your credit or remove the freeze.
How do I do this?
- Contact any one of the three credit bureaus — Equifax, Experian, or TransUnion — to request a fraud alert, credit freeze, or credit lock.
- With a fraud alert, the credit reporting agency you contact must inform the other two bureaus to place a fraud alert on your credit report.
- With a credit lock or credit freeze, you need to contact all three bureaus individually.
- To place a freeze, provide your full name, date of birth, address history for the past two years, and SSN.
- You’ll have to contact the bureaus again to lift the credit freeze.
14. Maintain an emergency contacts list
If a thief steals your wallet or takes over your bank account, you’ll need to act fast to prevent them from racking up debt with fraudulent credit cards and loans. An emergency contact list will help you react quickly to limit the damage to your financial accounts.
How do I do this?
Create a contact list that includes the following information:
- Your account details, including account numbers
- Your bank’s address and customer service phone number
The phone numbers for the three credit reporting bureaus:
- Equifax: 1-800-525-6285
- Experian: 1-888-397-3742
- TransUnion: 1-800-680-7289
🥇
Don’t settle for second-best. Aura’s all-in-one identity theft protection solution was rated #1 by
Forbes, Money.com, Tech Radar, and more. Try Aura
free for 14 days.
Do Banks Protect Against Identity Theft?
Many American banks have advanced security features with automation and artificial intelligence (AI) technologies to protect their customers' personal data and finances.
Here are some key features that can help protect your bank account:
- Bank Account validation: This verification feature ensures that only accurate data is captured — such as correct names, addresses, and credit card numbers. With this step, banks can prevent data entry errors and rejections in payment processing.
- Automated fraud detection systems have predictive analytics and AI at their core, making them effective at monitoring your spending patterns over time. This makes it easier to identify unusual transactions that could be fraudulent.
- Real-time account checking allows banks to verify that users already have access to the account in question. You must confirm recent or date-specific transactions before employees assist you.
- Identity document capture enables banks to authenticate a customer's identity documents digitally in real time.
- Biometric verification identifies people through unique biological identifiers, such as fingerprints, voices, or faces.
📚 Related: Wells Fargo Identity Theft Protection: Pros, Cons & Alternatives →
Were You the Victim of a Bank Scam? Act Now
Most financial institutions offer fraud assistance up to a certain point, so it's crucial to take action as soon as you realize your bank account was hacked. Here’s what to do:
- Freeze your accounts. Call your credit card companies to tell them that you believe a scammer has your credit card information. The companies can block the cards and freeze the compromised accounts. Be prepared to provide extra verification to regain control of your accounts.
- Place a fraud alert and request a free credit report. Notify the bureau immediately if you spot any suspicious activity in your reports, such as account information changes, new credit card applications, or loan requests.
- Check your bank statements for unexplained activity. You can flag fraudulent transactions if the thief has already withdrawn funds. On credit card payments, the card issuer should be able to reverse the charges.
- Report the scam to authorities. Submit a fraud report to the FTC and file a police report with local police. File the FTC report on reportfraud.ftc.gov; and for additional support, contact 1-877-ID-THEFT (1-877-438-4338).
- Change your online banking passwords. If you believe any online passwords are vulnerable, visit your accounts to create new passwords immediately.
- Notify other related parties. If the scam was linked to a P2P app, gift card, or digital banking service, report the fraud to the appropriate customer service department.
✅
Take action: Aura’s $1,000,000 identity theft insurance covers lost wages, phone bills, and other expenses due to identity theft.
Try Aura free for 14 days and see if it’s right for you.
Keep Your Finances and Identity Safe With Aura
Learning how to protect your bank accounts from identity theft isn't foolproof anymore. Large-scale data breaches like the Flagstar Bank incident could still leave your PII vulnerable despite these precautions [*].
Reliable identity theft protection is one way to take back some control. Aura offers an all-in-one digital safety solution for the whole family, with features such as:
- Credit monitoring: Monitor your bank accounts, credit file, and other accounts for signs of fraud.
- The industry’s fastest credit fraud alerts: With near real-time fraud alerts up to 250X faster than any competing product, Aura provides the quickest means to detect and deter scammers.
- Dark Web monitoring. Get alerts if there's any suspicious activity on your accounts or your information is leaked on the Dark Web.
- Antivirus with VPN protection. Protect your devices and networks against malware, phishing sites, and hackers using military-grade encryption and powerful antivirus software.
- Family identity theft protection: Keep your children and elderly relatives safe with Aura’s Family Plans, which include coverage for up to five adults and children.
- White Glove Fraud Resolution: Rely on a U.S.-based support team that is available 24/7 to help you handle any incident and recover from financial fraud.
- A $1,000,000 insurance policy: Cover every adult member on your plan from the aftermath of identity theft with a $1 million insurance policy for eligible losses.