Like many cyber-security crimes, bank account hacking is on the rise. A lot of people may think, “Why would I be targeted by a cyber criminal? I barely have any money in my account.” This may be true, but what if they don’t want your money? There are other reasons why a group of hackers may want to get into a small bank account.
Some groups may need a way to transfer large amounts of money without being noticed. According to the Bank Secrecy Act, any wire transfer over $10,000 needs to be reported to the IRS. One way to get around this would be to transfer small amounts of money to many different, compromised accounts and then have those accounts transfer the money to the final destination (or through any number of other stepping stones first).
Even small accounts are great for these types of transactions, and the very best accounts are, unfortunately, owned by very old and terminally ill individuals who may leave their accounts open after they die. Once these people pass away, there may not be anyone to watch these accounts for strange transfers of money. It is also nothing new for threat actors to target the deceased. CNBC reported that “During tax years 2006 to 2011, 66,920 people filed using a Social Security number for someone born before June 16, 1901” So, targeting the dead is nothing new.
That same method can be used to launder money by breaking up the transfers into even smaller amounts and then transferring to a business front to look like normal transactions. Generally, many more accounts are needed, but if a small town bank is compromised, that leaves plenty of accounts to be used. After compromise, all a threat actor needs to do is set up a business in or around the town that the bank is in and start moving money around.
For individuals, protecting ourselves and those around us can feel tedious and time consuming, but effort spent securing accounts through simple methods such as Two-Factor Authentication (2FA) is well advised. Additionally, accounts need to be watched closely for small, unfamiliar transactions. When loved ones pass, it is very important to file death certificates and take control of and close their accounts.
Banks may not be able to monitor for suspicious transactions, but they can take some steps to prevent their systems from being compromised. Regular vulnerability assessments and penetration tests can help immensely with this process by identifying vulnerable systems, and, in some cases, rediscover old, forgotten devices that can pose a threat. Additionally, employees of financial institutions should be properly trained to identify and report phishing emails, which is one of the most common ways threat actors gain access to internal systems.
It’s fine to ask questions about your bank’s history of security assessments and training. These should happen on an annual basis. Together, you and your bank can work to protect your account against malicious attacks.