Evading banking cyber thugs is more challenging than ever. They’re now targeting consumers rather than banks and scouting out security holes in your computer. The reason: About 80 percent of U.S. households bank on the Internet, according to banking consultancy Novantas LLC in New York.
The newest ruse called “smishing,” a variation of phishing, targets mobile banking customers. “We’re in the early stages of mobile threats,” says Kevin Mahaffey, chief technology officer at mobile security firm Lookout Inc. “Attackers are still figuring out how they’re going to play in this world.”
But malware, short for malicious software, is still the most pervasive fraud. Malware can infect any computer by attacking it through e-mail or poisoned Web downloads. Cyber criminals then take control of your computer and your finances.
“It’s always a game of leapfrog,” says Marc DeCastro, a research manager at Financial Insights based in Framingham, Mass. “The bad guys look for the easiest point of entry. There are ebbs and flows.”
Don’t let the bad guys fool you. Here are five ways to fend off online banking thugs.
1 of 7
The Bankrate Daily
Beware of smishing
2 of 7
Mobile banking is generally considered safe. But online frauds like smishing are gaining some traction.
Smishing occurs when you get a dubious text message from a fraudster posing as a bank representative. The message may warn you of security breaches and ask you to call a toll-free number. Then you’re asked for your account number and PIN.
“Someone in a foreign country is actually collecting the information,” says Robert Vamosi, an analyst covering risk and fraud at Javelin Strategy & Research in Pleasanton, Calif. “Don’t call the number on your text message.”
Instead, treat it as an untrusted communication. Call the customer service number listed on your monthly account statement and verify the text communication, advises Consumer Reports.
2 of 7
Fend off malware
3 of 7
This is probably the most widespread and worrisome Web attack.
Malware infiltrates your computer without your consent or your knowledge. And malware software types have been exploding recently.
Your computer can get infected in two different ways. You can click on an online link and download a poisoned program. Or you can click on an infected e-mail.
Once malware is installed on your computer, cyber criminals can track your every move on the Internet, including your online banking transactions. Then, they can empty your account.
“Just Web browsing exposes you to risk,” says Jason Milletary, a technical director of malware analysis at information security firm SecureWorks Inc. in Atlanta. “We tell banks that they have to assume that their customers are going to be compromised.”
To fend off malware, avoid going to small hosted websites with community forums, such as computer game sites. Security usually isn’t as diligent, he says. Often free software and other pop-ups have malware embedded.
Another option is using a dedicated home computer or virtual desktop just for online banking and bill paying. Milletary also suggests having your antivirus programs regularly updated.
3 of 7
Avoid shared computers and networks
4 of 7
If you’re banking on a shared computer, you’re putting your account at risk. This includes Internet cafes as well as your computer at work.
“When you’re done, log off your banking site if you do use a shared computer,” Vamosi says. “If you’re surfing to the next page, you’re still on the banking site. Someone can gain access to your account.”
Tapping into outside Wi-Fi networks is also dangerous. Vamosi warns against using Wi-Fi networks in airports, cafes, trains or taxi cabs, with some exceptions. “If you’re given a password to get onto a wireless network, you’re safer,” he says. At hotels, opting for a wired connection is safest, he says.
4 of 7
Protect your password
5 of 7
In online banking, good security hinges on a rock-solid password.
But many passwords are easily hacked, says DeCastro. He advises using a difficult password with a three-, four- or five-word phrase followed by a number and a symbol, such as an exclamation point.
“Never write your password down,” he says. Also, don’t let your computer remember your password.
5 of 7
Know what bank apps you’re downloading
6 of 7
The banking apps market for Apple’s iPhone devices and other cell phones is exploding. Already, 18 million adults actively use mobile banking, according to Celent, a research firm based in Boston.
But app security is lagging behind.
For example, Citibank said this summer that its iPhone banking app had a security flaw and advised downloading an upgrade. “People think that apps downloaded from the Apple Store are secure,” says DeCastro. “But that doesn’t mean there won’t be issues. More and more people are trying to steal credentials.”
Downloading third-party apps not issued by an authorized bank is also dicey. “Download apps you trust,” says Mahaffey. To do that, look at app ratings and quality.
“If there aren’t many downloads, you want to be careful,” says Mahaffey. “Smart phones have the same security issues as PCs. Don’t let your guard down.”
6 of 7
7 of 7
For more information about banks, check out these stories at Bankrate.com.