In Australia, it is generally safe to share your BSB and account number as these details alone are primarily used to deposit funds, not withdraw them. A scammer cannot simply "hack" your account with just this information.
Those with malicious intent could:
Scammers use email or text messages to try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could get access to your email, bank, or other accounts.
Your bank account number alone is not enough for someone to withdraw money from your account. Scammers can use your bank account and routing number to commit ACH fraud, make online purchases, deposit money for illegal activities, and create fraudulent checks.
In short, giving your bank account number is generally safe as long as you do so with trusted entities and through secure channels. Note that there is very little a scammer can do with a bank account number alone.
No, someone cannot directly withdraw money from your account with just your account number. The account number alone doesn't provide enough access for someone to withdraw funds. Additional information, like security codes or personal details, is required to authorize withdrawals.
Credential phishing: Of all methods, this is the most common attack method. Hackers create highly convincing fake login pages of bank account pages—and share links through SMS, email, or social media messages.
Sudden charges, withdrawals, or money transfers that you didn't initiate are clear signs of account compromise. These could be small test transactions or large amounts siphoned off quickly. Tip: Review your transaction history daily and report suspicious activity to your bank immediately.
Generally, a hacker would need a combination of personal data. It includes date of birth, Identity Number, PIN, full name, address, the full card number on the front of the card, its expiry date, and CVV number at the back to make payments fraudulently with your credit or debit cards.
Change Your Password Immediately: Pick a new, strong password. Look at Your Transactions: Check your recent transactions for any signs of theft. Lock Your Card: Ask your bank to freeze your debit or credit card. Keep a Record: Write down what you see and save any strange messages.
Common scammer phrases create urgency, promise rewards, threaten consequences, or build fake intimacy, using language like "Act Now," "You've Won," "Problem with your account," "Soulmate," "If you love me," "Would you kindly," or "Don't tell anyone" to manipulate victims into revealing personal info or sending money. They often use awkward grammar, unusual spelling (like "British English"), and demand secrecy to bypass critical thinking and isolate you.
Contact details like your mobile phone, landline, work number and email address(es). Memorable information used for security and passwords, such as mother's maiden name, schools or university attended, pet names, car makes and names of family members. Your bank account number, sort code and card details.
Check your credit reports from all three bureaus (Experian, Equifax, and TransUnion) for unfamiliar banking inquiries. You can get free credit reports weekly at AnnualCreditReport.com. Look specifically for inquiries from banks, credit unions, or financial institutions you don't recognize.
Can I run a test to see if my phone is hacked? Yes, running an antivirus scan using a mobile security app like Norton 360 Deluxe can help you identify malware infections that could be granting hackers access to your device or data.
When do you need your BSB number?
Opt for secure payment methods like bank transfers or cash, preferably for in-person transactions. Remember, legitimate buyers only require your account number for bank transfers, not additional banking details.
To keep your information safe, we suggest only providing your BSB and account number to people you know and trust (such as family, friends or your employer etc.)
To access your bank account, a scammer usually needs your bank account number and credentials (username and password). They might also need your SSN or date of birth to bypass security questions or 2FA.
Contact your bank immediately.
Generally, if you report unauthorized bank transactions within 48 hours, your liability will be limited to $50. However, if you wait months to report fraudulent activity, you may not be able to recover any of your funds.
Here are a few indications you've been hacked:
How to Protect Your Bank Account From Attacks
Dial codes like *#21# or *#62# help check call forwarding settings, but they can't confirm if your phone is hacked. They're useful for spotting suspicious redirections, but use trusted antivirus apps for reliable threat detection.
Change your login credentials: Create a new password, and make sure multifactor authentication is set up. If you have security questions in place, creating a new set of them could also help keep fraudsters out of the account.
Immediately change all your passwords on any accounts you think might have been affected. If you use the same password across several accounts, make sure they're unique from now on. Regularly changing your passwords is also a good habit to get into.
Fraudsters will often ask you to pay for goods and services by bank transfer. This is because they know that it makes it harder to recover the money. You could be dealing with a scammer if they won't let you pay by card or any other way that protects your money, like PayPal goods and services.