Last Updated on November 21, 2023
It seems someone has taken either your money or your friend’s money from their bank account. Now, you want to know how this can be possible. First, it is possible to transfer money from someone account without the person knowing. Secondly, I will show you the possible methods the person might have used so that you know how best to protect your account from a reoccurrence.
If you have found yourself in this situation, my first guess is that you are pissed. Sorry to hear this has happened to you. First, make sure your bank is aware that someone had unauthorized access to your bank account. I also recommend disabling your ATM card and changing your password while the bank investigates on their end. So, for this article, we will see possible scenarios whereby the person may have exploited to transfer money from someone account without the person knowing.
Is This Even Possible?
Of course, it is possible to transfer money from someone account without the person knowing. According to a report from CNBC, American consumers reported losing over $5.8 billion to fraud in 2021—a significant increase of more than 70% compared to $3.4 billion in 2020. This data, provided by the Federal Trade Commission (FTC), indicates that almost 2.8 million consumers filed a fraud report in 2021, marking the highest number on record since 2001. About 25% of these scams resulted in financial loss, with the typical person losing around $500. The true extent of financial loss is likely higher, as some incidents may not have been reported.
How to Transfer Money from Someone Account Without the Person Knowing
1. Phishing Attack
Let’s say your friend receives an email that looks like it’s from their bank. The email claims there’s an issue with his account and contains a link to a website that looks identical to their bank’s login page. Now, believing the email to be genuine, your friend enters his login credentials on this fake website. The fraudsters behind the phishing attack now have their username and password.
Using these bank details, the fraudster can log into your friend’s bank account and transfer money from someone account without the person knowing to an offshore account.
After the transaction, the person can use software to delete the transaction history from a friend’s account or manipulate the digital records. Now, this may not completely wipe off the trace but makes it difficult for your friend to notice the unauthorized transaction immediately.
2. Malware Injection
Now, let me narrate this from a viewpoint directed at you. So, you accidentally download malware onto your own computer by clicking on a suspicious link or downloading an infected attachment from an email you received.
The malware is designed to run in the background undetected and harvest as much information as possible, including your account details. It can also record keystrokes and screen activity. When you log into your online bank app, the malware captures your login details and the owner of the malware is now aware of your logins.
They can use these captured details to access the bank account and make several small transactions to avoid immediate detection, gradually siphoning funds. Let’s not forget that the malware is programmed to alter or delete the digital logs of these transactions. It sends the data back to the fraudster who manually clears the transaction history.
3. Social Engineering and Account Takeover
In this scenario, a fraudster uses social engineering techniques to gain access to your bank account. Typically, you will receive a phone call from someone claiming to be a bank representative. The caller sounds professional and informs you about a supposed security breach at the bank. Now, this is a psychological tactic that creates a sense of urgency.
The caller may have asked for your security questions, supposedly to verify your friend’s identity. In reality, they are collecting information. They might even provide some correct details about your friend’s account (obtained from previous data breaches) to appear legitimate.
Gradually, the caller may have convinced you to reveal your sensitive information such as online banking username, password, and even answers to security questions. Don’t forget that this was under the guise of securing the account. However, the backstory is actually to transfer money from someone account without the person knowing.
With this information, the fraudster can access your bank account online, change the login credentials, and start making unauthorized transactions. They might transfer funds to multiple accounts to avoid detection.
The fraudster might change the email and phone number associated with the account to prevent your friend from receiving alerts. This particular one works with mobile payment apps such as PayPal, Cash App, etc. They could also use software to delete transaction logs or disguise their IP address to avoid being traced.
4. ATM Skimming and Cloning
This involves a physical device called a skimmer, which is illegally installed on ATMs. First, the fraudster discreetly installs a skimming device on an ATM that you frequently use. This device can read and store data from the magnetic stripe of any card inserted into the ATM.
Now, on to the data harvesting, when you use the ATM, the skimmer captures the card’s details, including the card number and PIN. You will not know this because it happens without interrupting the transaction process.
The next phase is card cloning where the fraudster retrieves the skimmer and downloads the collected data. They then use this data to create cloned cards. Using the cloned cards, the fraudster or their associates make cash withdrawals from various ATMs.
To avoid immediate detection, the fraudster might perform withdrawals at different ATMs in various locations. They might also use methods to interfere with the ATM’s camera or employ disguises to avoid being identified in surveillance footage.
5. Compromised Banking App and Remote Access
Did you at any time notice a seemingly harmless app installed on your smartphone? It was actually malware that targeted banking applications. For example, you downloaded an app called “FlashBright LED”, which is advertised as a flashlight app with additional features. Unknowingly to you, this app contains malware that targets banking apps, including mobile payment applications on your device.
Once installed, the malware stays dormant until it detects a banking app being used. You regularly use your bank app for your banking needs. The next time you open the app, the malware activates and creates a fake login screen that looks identical to the real app. When you enter your credentials, the malware captures this information. Now, someone, somewhere can transfer money from someone account without the person knowing.
The person, a fraudster, will remotely receive the captured data and use it to log into your bank account from another device. You guessed right, they will immediately make a series of money transfers to a different account or use your funds to buy things online without OTP.
Now, they have to cover their tracks. The malware can automatically delete any transaction notifications from your bank app. It also uses a VPN service like Nord to mask the person’s location and IP address. So, while it cannot completely erase the transaction, it makes it harder to trace when you eventually find out from your bank statement.
6. Social Media Engineering and Wire Transfer Fraud
We also have the social media engineering method where someone can transfer money from someone account without the person knowing. Here, the fraudster uses information from social media platforms to complete wire transfer fraud. The fraudster first gathers information about you through social media platforms such as Facebook and LinkedIn. They learn about your regular activities, interests, and even your banking preferences.
With this information, they can create a fake profile you might trust, such as a co-worker. They contact you through a popular messaging app like WhatsApp impersonating this co-worker. Now, they are in contact with you after sending a message explaining an urgent situation where they need a wire transfer done for a work-related issue. This might have come with specific details to make the story believable.
Of course, you may have trusted the message, and used your bank’s wire transfer service, possibly through an online platform like QuickWire, to send money money to the account number provided by the fraudster. After the transaction, the fraudster deletes their WhatsApp account. They might also quickly transfer the money through various accounts to make it untraceable.
7. A Friend with Access to Your Password
Even someone you know might abuse their access to your computer or personal documents. If you have the habit of saving your passwords in a document on your personal computer for convenience, your roommate who knows the computer’s password might have access.
While you are not home, they may have used the opportunity to access the computer and find the document with the banking details, including login credentials for your online banking portal. The next thing is that they log into the banking portal and transfer money from your account without you knowing.
Since the person is just using a saved password, it won’t be traced back to them. After the transaction, they delete the browser history and leave no physical evidence such as printouts or written notes are left behind.
8. A Family Member with Access to Your Bank Password
Does your family member have access to your smartphone? They may take advantage of it to transfer money from someone account without the person knowing.
It could be that your cousin is often allowed to use your smartphone to play games or watch videos. The phone has a banking app installed which you use for your transactions.
Over time, your cousin has observed you using the banking app, including how you input your PIN or password.
When the phone is left unattended, they may have accessed the mobile app having memorized the PIN, and easily logged in.
Fascinated by the ability to transfer money, they may send the funds to an online gaming platform to buy virtual items. The person can also clear the app’s notification history and log out, which explains how to transfer money from someone account without the person knowing.
9. A Colleague Knows Your Password
If your colleague or your friend knows your bank password, they might have taken advantage of having temporary access to your smartphone. You share a desk with a colleague and have a friendly relationship. This makes you occasionally leave your phone at the desk, trusting them to watch over it.
Now, your colleague knows the mobile payment app linked to your bank account and doesn’t require additional authentication once the phone is unlocked. They unlock the phone (had previously observed your phone unlock pattern) and open the payment app. What’s next? You guessed right—they transfer money to their account, delete the transaction notification from the phone, and clear the app history.
10. Transfer by a Repair Technician
You have unlocked and given your phone to a repair technician who misuses the access granted to repair a smartphone. Your smartphone has a screen issue, so you take it to a local repair shop. The technician will ask for the unlock code since it’s necessary to test the phone post-repair.
Now, while repairing the phone, they may be tempted to open your banking app. If it automatically logs in, they can transfer a small amount of money to their account. If the smaller transaction would go unnoticed, they can go for more.
So, there you go on the ‘how to’ if you suspect that someone transferred money from your account without you knowing. Always be careful with your bank details to prevent any reoccurrence. The most important thing is to notify your bank immediately.