While knowing your name and the name of your bank makes you a potential target for more sophisticated phishing attempts, it is highly unlikely someone can directly "hack" your bank account with only this basic information [1].
Scammers can use your stolen information to open credit cards, bank accounts, or even take out loans in your name — leaving you to pick up the pieces and dispute the debts. In 2023 alone, scammers opened over 381,000 fraudulent credit card accounts [*].
Yes, someone can potentially take money using just your BSB and account number, primarily through setting up unauthorized direct debits (if they get past security checks) or combining them with other personal info for more complex fraud, but it's much harder to withdraw funds like an ATM withdrawal without your PIN or login details; the main risk is setting up recurring payments or using them with other stolen data like your driver's license, so always share details with trusted entities and monitor your statements closely.
Scammers use email or text messages to try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could get access to your email, bank, or other accounts.
If a criminal has both your routing number and account number they can potentially steal money from your account through fraudulent ACH transfers and payments.
Sudden charges, withdrawals, or money transfers that you didn't initiate are clear signs of account compromise. These could be small test transactions or large amounts siphoned off quickly. Tip: Review your transaction history daily and report suspicious activity to your bank immediately.
Change Your Password Immediately: Pick a new, strong password. Look at Your Transactions: Check your recent transactions for any signs of theft. Lock Your Card: Ask your bank to freeze your debit or credit card. Keep a Record: Write down what you see and save any strange messages.
Credential phishing: Of all methods, this is the most common attack method. Hackers create highly convincing fake login pages of bank account pages—and share links through SMS, email, or social media messages.
If scammers know your name and address, they can target you with phishing campaigns, spoofed advertisements, and fake offers. Any information you give them can be used to fully steal your identity.
If someone has your bank account and routing number, they can make fraudulent ACH transfers and payments from your account. Your bank account number alone is not enough for someone to withdraw money from your account.
To check if your phone is hacked, look for signs like rapid battery drain, unexpected data spikes, new apps you didn't install, strange pop-ups, slow performance, or weird noises on calls, then use reputable antivirus software, check your account activity, and dial codes like *#21# to see if calls are being forwarded, taking steps like changing passwords and resetting to factory settings if needed.
Generally, a hacker would need a combination of personal data. It includes date of birth, Identity Number, PIN, full name, address, the full card number on the front of the card, its expiry date, and CVV number at the back to make payments fraudulently with your credit or debit cards.
Use two-factor authentication
In addition to requiring a username and password when logging in, your bank likely has two-factor authentication (2FA), which adds an extra layer of protection to your account. This involves getting a one-time code sent via email or text message to complete the login process.
Yes, someone can potentially take money using just your BSB and account number, primarily through setting up unauthorized direct debits (if they get past security checks) or combining them with other personal info for more complex fraud, but it's much harder to withdraw funds like an ATM withdrawal without your PIN or login details; the main risk is setting up recurring payments or using them with other stolen data like your driver's license, so always share details with trusted entities and monitor your statements closely.
All that is needed is a little information, such as your social security number, birth date, address, phone number, or any other information which can be discovered.
Why It's Called “Brushing” The term comes from e-commerce, where sellers would “brush up” their sales by generating fake orders and reviews. Today, brushing scams are a global issue affecting major online marketplaces.
Common scammer phrases create urgency, promise rewards, threaten consequences, or build fake intimacy, using language like "Act Now," "You've Won," "Problem with your account," "Soulmate," "If you love me," "Would you kindly," or "Don't tell anyone" to manipulate victims into revealing personal info or sending money. They often use awkward grammar, unusual spelling (like "British English"), and demand secrecy to bypass critical thinking and isolate you.
Banks may refund scammed money, but it heavily depends on whether the transaction was authorized or unauthorized, how quickly you report it, and the specific circumstances, with refunds more likely for unauthorized fraud (hacks) than for authorized payments where you were tricked into sending money (like romance scams or investment scams), though credit card chargebacks and consumer protections offer avenues for recovery. Your best chance for a refund involves immediate reporting, especially for unauthorized transfers, using credit cards for payments, and providing documentation to your bank.
Consider these seven ways to help you outsmart scammers:
Be familiar with signs of a compromise.
Check your account for any unauthorized transactions, including withdrawals and scheduled or recent transfers. You should also be on the lookout for address changes, failed login attempts, or password resets.
Fraudsters will often ask you to pay for goods and services by bank transfer. This is because they know that it makes it harder to recover the money. You could be dealing with a scammer if they won't let you pay by card or any other way that protects your money, like PayPal goods and services.
Charges for things you didn't buy could be a sign of identity theft. So could a new bill you didn't expect. Check your bank account statement. Withdrawals you didn't make could be a sign of identity theft.
Dial *901*911# on any phone and follow these easy steps: Dial *901*911# Select Option 2 (Block Account) Select 'Self' or 'Third party' for others.
Check your credit reports from all three bureaus (Experian, Equifax, and TransUnion) for unfamiliar banking inquiries. You can get free credit reports weekly at AnnualCreditReport.com. Look specifically for inquiries from banks, credit unions, or financial institutions you don't recognize.