Sign up to our newsletter
Banking online from the comfort of your own home may sound safe, but it doesn’t mean you are immune from attack. We look at what you need to do to reduce the chances of opportunistic attackers accessing your banking records and stealing your money.
Two-factor authentication is for some users a relatively new and emerging trend, but it’s something that the banks have been aware of for some time.
Most banks have longed asked their customers to enter a customer password and PIN number to log into their accounts, but there’s now a move to issuing debit or credit card readers so users can log into their accounts, and/or authorize transactions.
For example, if you’re paying someone for the first time, you might be asked to confirm the payment details via the card reader, and to enter a small code on both the web page and card reader to verify that you are the rightful owner of that bank account.
If you don’t have one of these readers, ask your bank where you can get one.
The locked padlock sign – or unbroken key symbol – should always appear in your browser window when banking online, as this indicates you are using a secure HTTPS web connection that cannot be compromised or spied on. You should also see HTTPS at the start of the visited website address.
HTTP websites are still relatively safe, but because the connection is not encrypted, it could potentially be cracked in a man-in-the-middle (MiTM) attack, where an attacker looks to impersonate a trusted party to intercept data. Sometimes, they do this by pretending to be the certificate authority (CA) issuing the digital certificate for the web address, while other attacks may see them set-up a fake Wi-Fi hotspot and so on.
Password protect your Wi-Fi
A basic first step in any type of online security is making sure your own Wi-Fi is password-protected so no nefarious actors can hijack your web sessions.
You should create a password that is unique, strong and ideally compromising upper case and lower case letters, as well as numbers and symbols.
This advice also applies to your router. Many users never change the default administrative password as set by the internet service provider (ISP), which could result in someone potentially connecting to the network and changing the router settings to direct you to rogue websites. They could also set-up spoofed Wi-Fi hotspots in the hope you would connect to it.
Only use trusted sources
You should always visit your bank online by using official applications or by typing its web address into a search engine. You should avoid clicking links claiming to direct you to the site, especially if it comes via on social media or email, as these webpages – which may even look like the official page – could be trying to steal your login credentials.
You should also be wary of unsolicited emails or phone calls asking for your PIN number or password to your account. Your bank would never ask for these details in full, and certainly not over the phone or email.
Keep browsers and software up-to-date
Most cyberattacks start with ‘low hanging fruit’ – easy to solve challenges – which includes common human error, like using weak passwords, or maintaining outdated software, which has bugs that can be exploited.
Outdated internet browsers have been found to have various zero-day vulnerabilities – or flaws with no immediate fix – while the same is also true of Adobe’s Flash Player and other widely-uses software.
Cybercriminals will often look to exploit these vulnerabilities to find a way into your machine to wreak havoc.
In which case, make sure your browser is always running the latest version, and that you regularly download updates for all software running on your computer. Most modern software will check for updates automatically so you may want to install them as they become available.
Install a security solution on your devices
Antivirus software protects you, your privacy and your money by scanning and removing malware, trojans, spyware and adware, which can over your PC and steal from you.
In order to work effectively, security solution software has to download updates regularly over the internet to keep up with the threats. Out-of-date software will have flaws, and won’t be as useful.
Think who might have access to your computer
If you flat-share or live with friends, family or work colleagues, you should think carefully about what they could potentially see.
For example, if you share laptops, iPads or Android tablets, you should ensure multi-user accounts are enforced, with separate passwords too. And if you own your own laptop you need to be wary of ‘shoulder surfers’ viewing your screen from behind.
Also, ask yourself if you need a privacy screen filter, a laptop lock or other accessories that can protect against digital and physical theft.
Log out when you finish with online banking
It may sound simple but it’s always a good idea to log out of your online banking session when you’ve done what you’ve needed too. This significantly reduces the chances of that session being hijacked.
Most banks will log you out after a few minutes anyway, but why take the risk when you can do it yourself?
Set up notifications to alert you to what’s happening
Some banks now offer a facility so that customers can set up text or email notifications to alert them to certain activities on their account. For example, if a withdrawal matches or exceeds a specified amount or the account balance drops below a certain point then a message will be sent.
These alerts could be a useful way of spotting any suspicious activity on your account.
Author Editor, ESET