Most of us would be uncomfortable carrying a few thousand dollars in cash, but at least you would know how to avoid risks. Are you equally confident online?
Online banking can be safe, but just like in the physical world that depends on you. You must pay careful attention to what you do, where you go and most of all recognize that a whole lot of unsavory characters can cross your path in the online world. Even on your own PC.
You may have heard of risks like phishing and keyboard logging, but do you really understand how to avoid them? Can you tell if you are really connected to your bank, or if you have a secure connection?
Here are a few insights into the risks you are facing when banking online, and some do’s and don’ts to keep you safe.
1. Stolen Passwords
At the root of Internet security problems is over-reliance on passwords to protect your identity, accounts and assets online. Imagine you could withdraw money at an ATM by just entering a PIN code. No ATM card required. Would you trust that? That would mean that if someone could get your PIN code, say with an overhead Web-cam at a grocery store checkout, they could clean out your bank account.
You know that makes no sense in the physical world. Yet you are willing to trust passwords to protect your online bank account?
Stolen passwords are the real problem to watch out for. If someone steals your username and password, they can become you at that account. The bank cannot distinguish the crook from you if they have the right login and password. They can steal your money or perhaps your identity.
The most important element of your online banking security is you! You need to take responsibility for your own online safety by learning how to do it.
Phishing is a scam to steal your online username and password. They can target your banking account, your credit cards or even your employer.
It works by tricking you with an email that looks like it’s from your bank, your broker or employer. A common example is a security warning, alerting you that there may be a problem with your account. “Please click here to check your security,” the email offers helpfully.
The problem is the link in the email goes to a fake site operated by criminals. It looks like the real thing, so you are fooled into entering your bank account login or other personal identity information.
Spyware and malware (malicious software) are nasty programs that someone sneaks onto your computer to do bad things to you or your PC. Spyware and malware often get installed along with something else you-or your children-are getting for “free” on the Web. Music, a funny cat video that requires a special program to watch, videos, game cheats, an MP3 editing utility. You get the idea.
It works by installing a bad program-the “payload”-in addition to what you really wanted. Two very dangerous malware examples are presented below, keylogger and an Internet address redirection attack.
A keylogger, or keyboard logger, is a type of malware program that monitors every stroke you type on the keyboard to gather information used for identity theft, including account logins and passwords, which it sends to the hacker. Unlike malware that spams you with incessant Internet advertising popups so you know you have a real problem, keyloggers work invisibly. You won’t even know its there.
5. Internet Address Redirects
Internet addresses are friendly for people, like www.justaskgemalto.com. Underneath that though, real Internet addresses are all numbers, such as 18.104.22.168. The friendly version is called a Domain Name, and there is something called a Domain Name Server (DNS) that acts like a White Pages lookup and maps the friendly name to the actual address.
Internet address redirect attacks, also called DNS poisoning, work by putting a bad Domain Name lookup up list on your PC. You enter www.mybank.com but you get redirected to a copy site operated by criminals, who trick you into revealing passwords.
6. WiFi snooping and Hotspots
Think about this: When you use a public hotspot, even one you pay for, why do you always get a warning that anything on this network can be seen by others? Well, because it’s true.
To drive the point home, a big hacker convention features the “Wall of Shame.” It displays a steady stream of usernames and passwords gathered at the event as people enter them while using the free WiFi public network.
Is there any way to be safe using a public WiFi? There are ways, but if you are not tech savvy we recommend you avoid accessing your banking or other confidential accounts from hotspots.
7. WiFi snooping of your home or business network
WiFi is a little like radio. What are you broadcasting? If you are not careful, someone nearby could monitor your communications or access your wireless network. They can attack your PCs and sniff out passwords for example. Weak wireless network security contributed to the largest identity theft fraud ever in the United States.
8. Who else can use the PC you bank from?
Ever do your banking at work? If your PC memorized your bank account passwords, anyone who can access that desktop can enter your bank account. Or someone may have installed a keylogger on your PC. If you do banking from a PC that others can access, you are trusting that computer and everyone you work with your confidential information.
Top 10 Dos and Don’ts
1. Use some kind of one-time password (OTP) or smart card-based personal security device in addition to your password for login security. Using two forms of authentication for online banking protects keeps you safe, like your ATM card and PIN, but far stronger.
2. Install anti-virus/anti-spyware software and keep it up-to-date. Also keep your operating system and browser software current. Don’t think of anti-virus software as a cure all, however; remember you are the most important part of your digital security. You need to learn about the threats to online banking and how to avoid them and stay safe.
3. Never connect directly to the Internet through a cable or DSL modem without a hardware firewall or at least a hardware router or switch. Criminals can scan direct cable modem connections and take over your PC and install malware or make your computer a zombie
4. Install and use a software firewall on your desktops or laptops.
5. Never click on links in emails to get to your banking or other confidential accounts. Remember phishing works by tricking you into clicking on a link to a fake site. Train yourself never to click on email links and stay safe online. Type in the URL yourself or use a shortcut you created.
6. Make sure you have a secure Internet connection (https:// and padlock) when going to a bank or other confidential Web site.
7. Don’t login to your bank account from hotspots or other insecure wireless network.
8. Don’t login from your work PC or any other desktop others can also access.
9. Setup your home wireless network security with the built-in authentication. Use the newer WPA wireless security standard, not the older WEP standard. If your network equipment doesn’t support WPA, time to upgrade.
10. Use a browser toolbar w
ith anti-phishing/site verification capability.