On Jan. 10, Rosalie Stein, executive director of Congregation Shaare Emeth, got bad news in a phone call from Heartland Bank in Clayton: The congregation’s account was missing $23,000.

“We know it was not employee related,” said Stein. “It was caught by Heartland Bank. They caught it quickly, and they closed the account. No other accounts were at risk.”

All indications so far are that the theft was committed by a hacker, who could be somewhere in the world, not necessarily in the St. Louis area or even the United States, said Lt. Jon Romas of the Creve Coeur Police Department, which is investigating the crime.

Romas said procedure in cyber thefts of this kind is that the investigator begins to trace the transaction as far as possible.

“They start tracing from the bank, to see how it was done. They are tracing backwards,” Romas said.

And if the theft originated from overseas, he said, the FBI will be called in to help with the case. 

He did not say when the case may be solved. But he added that anyone with a bank account that he or she accesses by computer or a smart phone or digital tablet should take the precaution of changing the password every 30 days.

“It should be a combination of numbers, letters and symbols,” he said. “Password security is a big deal.”

He added that free encryption programs for passwords are available on the Internet.

Most security experts also warn against using simple words or phrases as passwords. Stay away from the names of family members, birthdays and obvious facts that can be gleaned by possible thieves simply by culling through public records where birthdays, names and home towns can be found.

Shaare Emeth sent out an email to members on Friday alerting them to the theft. “We wanted to let people know because somebody always finds out,” Stein said. “We didn’t want the rumor mill to start.”

 Bruce Shumate, vice president of marketing at Heartland Bank, said in an email that the bank has no comment on the Shaare Emeth case.

However, he added these industry-wide security measures:

• Keep your security / anti-virus software up-to-date.

• Never provide personal information (online banking password, social security number, account number, etc.) to a caller or by email. If you receive such a request, call your financial institution using your known number. Do not call a number listed in an email or provided by the caller.

• Change your online banking password every 30 days.

• Never share your online banking password with anyone.

• Review your account transactions regularly.