Home Page Navigation Contents Contact Sitemap Search

Account hacked! What to do?

Every bank customer’s night­mare: Crim­i­nals gain access to your account and clear it out. If this has already hap­pened, the main thing is damage lim­i­ta­tion – and to learn from this.

What to do in case of unau­tho­rised access to your own bank account:

  • If there are sus­pi­cious trans­ac­tions or errors when log­ging into your e-banking facility, you should imme­di­ately con­tact your finan­cial insti­tu­tion and have them block your e-banking facility, your accounts and cards.
  • Dis­con­nect any devices which could be affected by hacker or mal­ware activ­i­ties from the Internet straight away, switch them off, or set them to flight mode. You should not how­ever reset your devices directly, since the police might request them for forensic analysis.
  • Change your pass­words on a sep­a­rate, non-infected device. Wher­ever pos­sible, acti­vate two-factor authen­ti­ca­tion.
  • In case of actual fraud, report this to the police. Note down as many avail­able details on this fraud or attack as possible.
  • In the future, pro­tect your mobile device against unau­tho­rised access with our “5 steps for your dig­ital secu­rity” and our tips on secure e-banking.

How can a bank account be hacked?

Swiss finan­cial insti­tu­tion e-banking por­tals are very well pro­tected against hacker attacks. This should basi­cally pre­clude any chance of crim­i­nals obtaining direct access to a bank’s com­puter system.

But unwary bank cus­tomers still pose a risk: Should hackers manage to obtain someone’s access data, they can use them to log into an e-banking facility unno­ticed to trigger trans­ac­tions or access con­fi­den­tial infor­ma­tion. Some exam­ples of the methods they use to do so are phishing attacks or spe­cific mal­ware infec­tions. The only option left to vic­tims then is to limit the damage done.

How to react appro­pri­ately in case of loss?

The most impor­tant mea­sure first: React quickly in case of any sus­pi­cion! In case actual fraud occurred, you must imme­di­ately block your e-banking facility and all related accounts involved to pre­vent any fur­ther money disappearing.

In case you sus­pect fraud, for instance if there are sus­pi­cious trans­ac­tions or error mes­sages when e-banking, you should con­tact your finan­cial insti­tu­tion straight away to co-ordi­nate any steps nec­es­sary. If your sus­pi­cion of fraud is con­firmed, you should report this to the police in the first instance.

In case you cannot estab­lish how crim­i­nals were able to obtain access to your account once you have dis­cussed this with your finan­cial insti­tu­tion, you should gen­er­ally assume that for­eigners have obtained your access data, and that your device has been infected by mal­ware, for instance a banking Trojan.

To pre­vent any fur­ther misuse of your poten­tially stolen access data, you should change the pass­word of your e-mail inbox plus those of all your online accounts as a pre­cau­tionary mea­sure. Please make sure though not to do so on the com­puter or mobile device poten­tially infected, but from a dif­ferent device. Your e‑banking access should be blocked first. You should only change your pass­words later, once you have been able to clarify the sit­u­a­tion with your finan­cial institution.

Wher­ever pos­sible, you should set up two-factor authen­tifi­ca­tion – this will pro­vide you with a much higher level of access protection.

You should dis­con­nect your device from the Internet and switch it off, or put it into flight mode. How­ever, please only reset it once any poten­tial police inves­ti­ga­tions have been concluded.

And last but not least, you will want to pro­tect your­self prop­erly against any future attempts at fraud. You should there­fore make sure to follow our “5 steps for your dig­ital secu­rity” and our tips for secure e-banking – because if you take the proper pre­cau­tions, hackers don’t stand a chance!

Urgent mea­sures in case of suspicion:

  • Con­tact your finan­cial insti­tu­tion and have your account blocked immediately
  • Dis­con­nect the Internet
  • Change pass­words
  • Report to the police

Fur­ther infor­ma­tion for those interested

Can banks detect and stop misuse?

Indi­vidual finan­cial insti­tu­tions have a fraud detec­tion system in place, which reports or even auto­mat­i­cally stops sus­pi­cious trans­ac­tions. These sys­tems are becoming ever more effec­tive, but don’t offer a 100% level of pro­tec­tion. And fraud­sters pro­ceed ever more clev­erly and unob­tru­sively to outwit such sys­tems. You should there­fore take per­sonal respon­si­bility and not just rely on your bank being able to pro­tect your accounts against unau­tho­rised access, for instance in case of a phishing attack, at all times.

Who is liable in the event of damage?

It is not pos­sible to pro­vide a gen­eral answer to the ques­tion of lia­bility, since this has to be eval­u­ated on a case-by-case basis. Next to the actual issue of lia­bility, due dili­gence is the deciding factor here. Since attackers gen­er­ally remain unknown and operate from abroad, crim­inal inves­ti­ga­tions often prove to be dif­fi­cult. Fre­quently, unwary mid­dlemen, so-called money mules, are also used to dis­guise such trans­ac­tions. In many cases, the money trans­ferred is lost. Both finan­cial insti­tu­tions and their cus­tomers must cat­e­gor­i­cally exer­cise due dili­gence when oper­ating bank accounts and han­dling the money deposited there. Courts will there­fore check for any poten­tial infringe­ment of due dili­gence, some­thing which a cus­tomer just might be guilty of – for instance, if he or she has dis­closed his or her access data to a third party, whether delib­er­ately or not. You should there­fore pro­tect your account as a pre­ven­ta­tive mea­sure, so that you will not have to deal with any ques­tions of lia­bility in the first place!

What else would you like to learn about security when e-banking?

Reg­ister for a course now
and learn more:

Basic course

Find out about cur­rent Internet threats and some easy pro­tec­tive mea­sures, and how to securely use e-banking.

fur­ther information

Online course mobile banking/payments

Find out about mobile banking, mobile pay­ments and how to securely use these apps.

fur­ther information

Online course for the under-30s

Learn how to use your smart­phone securely. Next to basics, we will show you what you should know about social media, clouds, mobile banking and mobile payments.

fur­ther information

Course for SMEs

Is your organ­i­sa­tion suf­fi­ciently secure? Learn which mea­sures you can take to sig­nif­i­cantly strengthen your organisation’s IT security.

fur­ther information