- June 2024
- By: Lisa Hartmann and Yosef Viz
Have you ever received an unexpected alert or call about suspicious activity on your bank account? If so, you might have been the target of an account takeover. Account takeover fraud is one of the most common and costly forms of identity theft, and it can happen in minutes! So, you may be asking yourself, "How do I keep my bank account safe?" It is important to know how to protect yourself from becoming a victim by knowing what to look for and how to respond.
What is an Account Takeover?
An account takeover (ATO) is a form of identity theft where a fraudster gains access to an account and proceeds to steal the victim’s money or information for future scams. ATOs can target any account, including retail, email, or credit card accounts. Here’s what can happen in a bank account takeover:
Once inside the account, a fraudster may change account information and hijack the account by issuing a new debit card or rapidly transferring money out. If added security is in place, they may involve the victim—unknowingly—in helping them access funds and drain the account. That’s why it’s important to follow these tips to protect your account and avoid a scam artist’s trap.
Tips to Keep Your Bank Account Safe
1. Look for Any Data Breach Notice
You’ve probably heard countless media stories about data leaks. These leaks help thieves obtain sensitive information to sell or use themselves. Often, they’ll employ “credential stuffing,” which uses bots to test stolen account credentials on a massive scale—at bank, retail, and other sites—hoping to exploit the fact that people frequently use the same login for multiple websites. If you receive notice of a possible breach involving your account, change your password, and review all your accounts just in case.
2. Use Strong and Unique Passwords
We’re all guilty of reusing passwords, but the best way to maintain security is to use unique passwords for every website and account. Use a password manager to create and store complex passwords for each account, and don’t auto-save them to your web browser.
3. Change Passwords Regularly, and Enable Two-Factor Authentication
Chances are that your login credentials are out there with someone. By changing passwords often (we recommend every 90 days) and adding two-step verification, you help keep past security breaches… in the past.
In addition to regularly changing your passwords and enabling Two-Factor Authentication (2FA), it's essential to register your devices to enhance your account security. Registering your device on your Premier America Online Banking allows the system to recognize it for future logins, providing seamless access while adding an extra layer of protection. If you attempt to access your account from an unregistered device, the system will prompt you to verify your identity with a Secure Access Code (SAC). This ensures that even if someone else tries to access your account from an unrecognized device, they will be unable to proceed without the SAC, keeping your information, and by default, safe.
Should you choose not to register your device, you will need to verify your identity with an SAC each time you log in. This process helps prevent unauthorized access by requiring an additional verification step for unrecognized devices. Remember to only register trusted, private devices to maintain your account's security. For first-time logins or when registering a new device, you will be prompted to receive your SAC via your preferred method and create a new password that meets our security requirements.
4. Ensure a Secure Connection and Device
When checking email or social media from a coffee shop or airport, avoid using public Wi-Fi. Instead, use your phone’s secure data connection or a virtual private network (VPN). This will help protect you from man-in-the-middle attacks, in which a scammer “listens in” on your keystrokes over an unsecured network in the hope of capturing login and other sensitive information. Also, be sure to keep all device security systems up to date.
5. Slow Down and Verify with Your Bank
Even with the best bank security, you are the first line of defense against imposters posing as your bank. An urgent notice may prompt you to click on an email or text link. Doing so might download malware to capture your personal data and take you to a “look-alike” website login screen. Play it safe, and never click on unsolicited links or attachments.
Look out for pressure tactics. If you’re contacted about suspicious account activity, such as a large wire transfer, beware. It might be a fraudster in disguise. They may request information to verify your account, including a code sent to your phone. The culprit is trying to log into your account, triggering a two-factor authentication code. Once you provide it, the criminal can access and withdraw funds in minutes.
Before you engage in any call, email, or text alert, slow down and independently verify it with your financial institution using reliable sources:
Consult your debit card, bank website, or bank statement for a trusted number to call.
Log into Online Banking directly and check your messages from there.
For Premier America, the direct number is (800) 772-4000.
6. Monitor Activity and Set Up Alerts
Review your monthly statements regularly and sign up to receive text alerts of unusual activity on your account. If a cybercriminal obtains your information, they may use it to access multiple accounts, open new lines of credit, or attempt other identity crimes. Also, be sure to review your credit report annually for free at AnnualCreditReport.com. Finally, to find out if your data was breached, run a free scan at IDStrong.com.
What to Do If You’re a Victim
While Online Banking is a safe and secure tool that uses the latest bank security measures, cybercrime is always finding new ways to target consumers. Protecting your account starts with you. If you believe you’ve been a victim of an account takeover, contact your financial institution immediately and take steps to protect yourself and your account.