Just the other day the latest Wells Fargo commercial came on TV. This is the one of the father and son running errands all day but dad can still manage to transfer money, pay bills and deposit checks all through the convenient Wells Fargo cell phone app. It painted a very accurate picture of today’s on-the-go convenience-seeking customer but not of a person concerned about the safety of their Personally Identifiable Information (PII).
Banks everywhere are benefitting from the consumer trend of convenience but at what cost is it to the consumer’s safety? Over 60% of U.S. Internet users and 35% of U.S. cell phone users bank online or through their mobile phones, respectively. However, the majority fail to consider the risks associated with connecting to public Wi-Fi and machines or understand the signs for identifying a possible phishing attack. All of which can lead to a malicious hacker easily attaining your PII and using it to exploit your identity.
While there is no way to perfectly secure a system against malicious activities, there are certain precautions that can be taken to limit your risk. Below are the top 10 steps to take in order to bank safely online.
1) Protect Login Information
This seems simple and it is, but still users don’t protect their logins as well as they should. Individuals who perform banking transactions online should never give out their password or login information, even to family or trusted friends. That being said, also be wary of who can see you keying in your login. You should never bank in a public place like a café or anywhere over public Wi-Fi, but even in more private locations be cognizant of your surroundings and who could possibly catch the codes you are entering.
Also note banks will never request password information over the Internet or through an email, but scammers will. So think twice before clicking on an email link to login to your “account” because guaranteed that login won’t be going to your bank at all but instead to a hacker who will now know the keys to unlocking your money.
2) Avoid Social Security Number Passwords
This should never be an option for any account login. End of story. It is bad enough that a scammer could access your individual account but if the key to unlock one account also accesses an entire portfolio of your identity then your one issue just rapidly evolved into a much bigger problem that could potentially follow you for the rest of your life.
Even the use of partial social security numbers should be completely avoided. Experienced hackers utilize sophisticated software that can deduce social security numbers using only four digits. Your social security number should be viewed as the key to your livelihood and it should be protected as much as possible. Therefore, if you can avoid using it you should because it truly is something you never want to fall into the wrong hands
3) Consider Your Bank’s Security
All banks are targets of attacks. There is no way around that but choosing a bank that can respond effectively to a cyber-attack is something you can control. Most big names in the banking industry can easily access the resources they need to not only develop a secure online banking system from the start but can also identify and address an attack quickly to limit its effect.
You may often hear about security breaches for big name banks such as Citibank, Wells Fargo, Chase and more, but the fact that they are able to respond and recover quickly is a testament to their abilities and the resources they have in place to address cyber security issues. Consider the fact that most small town banks will find themselves out of business after a single cyber-attack, simply because they don’t have the tools readily available to detect and address any online issues that arise. Individuals who need to perform transactions over the Internet should seriously consider switching to a bigger bank for the security standards they have in place in order to best protect your assets when an attack does occur.
4) Minimize Smartphone Use
Even though most banks offer specialized apps for online banking, most smartphone apps are not protected as well as their website counterparts. Most of today’s apps were designed to be convenient and security was pushed to the back burner, as a result many applications do not have firewall safeguards or virus protection in place. Until mobile phone and application security increases, you should not regularly perform banking transactions through an app. In other words, don’t be the guy in the Wells Fargo commercial, instead only bank through an app if it’s completely necessary, turn off Wi-Fi and use your own data and then log out immediately after.
5) Change You Login Information Regularly
This is true for any account that requires a login and it is also true that this rule of thumb is rarely followed, but it needs to be, especially, in regards to online banking. Computer network specialists recommend individuals to change their login information every three months to maintain optimal security levels. The longer someone uses the same password, the more vulnerable the person becomes, allowing hackers more time to figure out the login information. When updating a password, individuals should utilize numbers, symbols, and letters to minimize the chances of someone hacking into their bank account.
6) Do NOT Use Public Computers
This was mentioned earlier in the post, but just to reiterate do not under any circumstances log in to your bank account on a public computer. If you do, you’re just asking to be hacked. Individuals should only perform online banking from a private computer. Using public computers immediately places your PII at risk because computers retain the information keyed even after you have logged off.
Also never connect to your accounts over public Wi-Fi. You may love using Wi-Fi because it lowers your data usage and all but when it comes to your banking information, it’s better to take the small data hit than to expose your accounts to the possibility of theft. Public Wi-Fi signals come with minimal security, allowing just about anyone to access your data over these unsecured networks. Also to note, never use the card readers attached to mobile phones either. These too operate over Wi-Fi and with each swipe your credit card number, expiration date, name and security codes go floating through cyber space.
7) Note Any Unusual Activities
Be cognizant of your spending and check your accounts regularly from a secured location in order to verify everything matches up. Any signs of unusual activity especially if it is a very small transaction amount should be reported immediately to your bank. Identity thieves will normally test out the information they have on a small purchase such as a pack of gum just to see if everything matches up and the account numbers go through before using it on higher priced purchases. By staying on top of your spending you will be able to realize immediately when something has changed and take the proper steps for recovering any potential losses and limiting access after the breach.
8) Never Click Email Links
This is another safety step already addressed, but it is important to scrutinize every email that comes through to you. Online thieves know how to effectively trick people into providing their personal information through a social engineering tactic known as phishing. Hackers will often impersonate a bank with an authentic-looking email. These emails will often ask for you to log into your account for security reasons and then include clickable links appearing to direct to the bank’s website. In this case, either the link itself will contain malware that will infect your computer or the it will direct you to another legitimate looking page that once you type in your login will provided an error code, which at that point the hacker already has the necessary login to your accounts. If you believe the bank legitimately sent an email to you, still don’t click the links instead type the URL into your browser and access the site from there.
9) Update the Computer System
When an update is available it is generally good to install it onto your system. Updating the computer’s operating system will provide the maximum security, as it fixes holes and bugs located in the software. Each update comes with new security patches for fixing operating problems. If the system is not updated, then one’s information is left vulnerable to any security breaches.
10) Respond Immediately to Potential Problems
The final rule can be applied as an add-on to just about every other step. If at any time, something looks suspicious always report it to your bank. Whether it is an error on the site, an odd email or a suspicious charge it could prevent bigger problems from occurring if it is addressed immediately. This step is what will freeze your account from further suspicious activity and can give your bank the information they need to track down the hacker behind it.
Ashley Wheeler | InfoSec Blogger at Phoenix TS | @PhoenixTS_Train
Ashley Wheeler is an information security blogger at Phoenix TS. The Phoenix TS IT Security Blog, which she contributes to, focuses primarily on increasing public awareness to the latest developments in Information Security within the United States and around the world. Topics include cyber war, cloud security, critical infrastructure attacks, personal security tips, bug bounties and much more. Phoenix TS also provides formal IT training and certification, with a speciality focus on cyber security education. Through their online, in-person and on-site training courses they are able to provide quality training to practitioners and managers around the world. For more information about the training courses available through Phoenix TS visit the course catalog.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.