In this blog I will be focusing on the ways to strengthen the possibility of recovering your money in situations where your bank account is hacked or your credit card or debit card details have been stolen and misused. I will not be talking about how to prevent a bank account from getting hacked because we have discussed it at length in various posts. First of all let me tell you that the bitter truth is that most of the victims do not get their money back. But there is prevention and there are ways for a cure. So instead of crying over the spilled milk one needs to find ways to recover or salvage. After going through several case studies I thought of putting these steps together so that a victim knows what should be his/her immediate action when someone steals money from the bank account. In this post I will be referring to only those financial frauds that are done online. I will not be talking about frauds resulting because of physical loss of credit/debit card or ATM cash withdrawals.
If a bank account is hacked and the hacker/cybercriminal starts making online purchases using the stolen card information, bank account user name, password and/or PIN most of the victims expect the banks to repay. The banks however, refuse to help the victim on the grounds that the transaction was done with the actual card and the exact password and PIN was entered. So no matter how hard you try to convince them, it just amounts to a lot of frustration. One should understand the basics here, the bank is right at its place when it is refusing to pay. Since the money is already gone from the account to the merchant as legitimate credentials were given, if the bank agrees to refund it will have to bear the losses. Bank will always try to put the blame for card fraud on you. Usually they will redirect the victim to go to police for further help.
From my opinion police will also not be able to help you much in this case as often such financial frauds happen far away in a different country. It is quite difficult to track down the person or group that has scammed you without the help of law authorities in several different countries that transaction might have routed through. In most of the case studies of such financial fraud that I have seen, the victim often wastes lot of time in going to bank and police back and forth.
When your bank account gets hacked and money gets transferred online one should follow the steps given below to avoid further losses:
- Contact your bank and first block your bank credit/debit card.
- If the bank account is hacked immediately after you have done some online transaction from some PC, then first scan and clean your PC with latest anti-virus scanner. This is to get rid of any rootkit or key logger that may have been installed on the PC and which would have compromised your login details and sent it to the hacker.
- Reset your login password, pin, security questions answers.
- Verify your contact details like address, phone number are not changed by the hacker.
- Report the scam to right authority in the bank.
- Report a fraud to local police station.
What to do to recover lost money from hacked account:
In case of online transactions we have a fair chance of recovering/blocking the transaction if we act within 24 hours from the date and time of the fraudulent transaction. Most of the victims miss out on these important steps and hence are unable to recover any of the money they have lost. When a hacker/cybercriminal hacks the bank account and has access to user’s login name, password and PIN they start making online purchase and money transfers immediately. They try to get the maximum amount out before user blocks the credit/debit card or changes the bank login details. So what one should do along with the above given steps is to observe the fraudulent transaction details carefully. For every transaction the bank provides very limited but important information of the date, time and the merchant id/string on which the transaction was performed. For example in one of the cases that I studied and was able to successfully recover the money for the victim, the fraudulent transaction reported by his bank was as follows:
SC3245244 22/08/2013 VIN/GYMBOREE.CO/2433423432323233/o DR 3894.64
The SC3.. indicates the transaction ID followed by transaction date, then the Merchant ID clubbed with some unique string for transaction. This is followed by type of transaction DR indicating as debit and the amount. The key is to reach out to the fraud handling department/authority of the Merchant in 24 hours giving details of transaction that was fraudulent. No merchant would like to do business with a stolen card. They will readily block the transaction and revert the amount. This will ensure that you get the money back in your account. However, this is possible only if the merchant has not delivered the goods or process the transaction completely. This usually takes more than 24 hours. In the case mentioned above, when I searched the Internet for Gymboree I was able to locate the merchant website. I asked the victim to contact the merchant. When the victim contacted the merchant through their website and gave details of the transaction it was confirmed by them that the transaction had taken place. The victim then convinced them that the transaction was fraudulent. They asked for the card details and when they were convinced they promptly blocked the transaction and reverted the amount which reflected in victim’s bank account in a couple of days.
Every victim may not be lucky as in this case but one can always try to reach out to the merchant through whatever possible way and give them the real picture. The chances of you getting your money back then become stronger. In some cases like money transfer to individual through PayPal or some other benefits it is bit difficult to get back the money. But if the cybercriminal does online purchase of some items/services then there are high changes of blocking the transaction and getting the money back.
To recover money lost in 419 scams
In case of scams like 419, where the victim himself transfers the money to the cybercriminal, the money can be recovered if he/she acts fast. For example if you transfer money to the scammer by say Western Union or MoneyGram and you realize that it was scam in less than 24 hours you have very good chance to get your money back. You just have to reach out to the right person from help desk of the money transferring merchant and in this case Western Union or MoneyGram.
If you ever have faced such situation and have something to share, please do share your experience. This will add to the knowledge of all our readers and make them alert.
(For security news, tips, suggestions, ideas you can follow Sanjay on Twitter @sanjaykatkar)