Get Safe Online: Watch out for banking scammers

Get Safe Online has warned people to be aware of banking scammers who are finding more advanced ways to access online bank details in sophisticated phishing scams.

It advised on Wednesday (6^th December) that individuals should stay extra vigilant, especially if they are asked to reveal sensitive banking information.

Chris Smith, writer and blogger for Get Safe Online, said: “If you find yourself on a site or getting emails asking you for sort code and bank account number, then alarm bells should start ringing”.

The organization also warned that consumers should use money comparison websites with caution.

While these websites will require personal details such as your name and date of birth, you should never have to give out your bank details, it stated.

Smith revealed that cybercriminals are increasingly creating replica versions of banking websites in a bid to access people’s bank details and withdraw finances.

These fraudulent websites are often on a website with a misspelled url. “Barclays.com might be barcalys.com, for example”, Smith stated.

In order to avoid logging into a fake homepage, Smith advised bookmarking commonly used banking websites. He continued:

“When you’re using comparison sites, or on your bank’s website, look out for the green padlock in your browser’s address bar to ensure the domain you’re on is secure.”

ESET's security researchers caution, however, that "secure" in the sense used here means "encrypted", not (necessarily) "safe."  While it's important to have communication between your browser and your banks' computers encrypted (so that an attacker who captures your network traffic can't get your passwords or PINs, alter the amount or destination of transferred funds, etc.), the Bad Guys can set up encrypted websites too.

So: to make secure your banking session (or a session to any other site where sensitive information is being transferred) in the sense of making it safe, we recommend the following:

First, manually type in the URL that you know to be correct for your bank into your browser(s), and browse to the bank's site.

Next, bookmark that site in your browser(s).

Thereafter, use only this bookmark to do business with your bank (or, not as good, but in a pinch: type in the URL  manually as you did in Step 1).

When you do any transactions, including when you log on to your account, make sure that there is a green padlock in the addressbar when you are about to transmit any sensitive data (account number, PIN, SSN, etc.).  [It's ok if there is no green padlock before you log in -- looking up the bank's hours of business is not exactly a transfer of sensitive information!]

Then, and only then, are you helping to ensure your security (in the "safe" sense of the word "secure", as opposed to meaning merely "encrypted") as mentioned in Mr. Smith's recommendations.

Inadvertently disclosing personal information on social media is also an easy way for cybercriminals to store memorable details to verify bank accounts, such as the name of your first pet.

Password strength testing websites should also be treated with caution.

Smith said: "Though some of these sites are legitimate, some can track your IP address then use the password you ‘tested’ to hack into the accounts you use this password for."

This article was updated on December 10th.