Consumers often prefer online banking for its convenience, including the ability to access account information and make transactions with just a few taps or clicks. A study released by Chase in 2023 found that 87 percent of Americans use their banking app at least once a month. With increased usage, however, comes a higher risk of cybersecurity problems.

The Federal Deposit Insurance Corp. (FDIC) has alerted consumers to fake bank websites and banking apps designed to steal money or personal information. The agency recommends researching banking websites to verify their legitimacy, as well as being cautious of apps that ask for suspicious permissions.

Cybersecurity expert Paul Benda relays a story about the time that hackers tried to break into his bank account and steal his money. “They found out my login, but didn’t know my password,” says the senior vice president of risk and cybersecurity policy at American Bankers Association.

Fortunately, the cyber thieves were foiled. “I called up my bank and locked down my account,” Benda says.

Tips to avoid getting hacked

Bankrate interviewed four cybersecurity experts to learn the best ways consumers can protect their banking and financial accounts.

Paul Benda, senior vice president, operational risk and cybersecurity at the American Bankers Association

  • Make sure you’re actually on your bank’s website or app. This is because hackers have been known to set up imposter sites. “Check your statement or the back of your bank card for the right website, bookmark it, and use that to ensure you are on your financial institution’s official website,” Benda says.
  • Only download verified apps from reputable websites such as the App Store and Google Play. “Trojans are really pernicious,” Benda says. “People need to be careful about what apps they install and where they install them from.” Fraudulent activity can often occur through sideload apps, or those downloaded from unofficial sources, he says.
  • Don’t reply to a text from your bank if you’re unsure whether it’s legitimate. “Instead, verify the message by contacting your bank at the number on the back of your card or through the mobile banking app,” Benda says.

Teresa Walsh, chief intelligence officer and managing director, EMEA, at Financial Services Information Sharing and Analysis Center

  • Be aware of ways artificial intelligence (AI) can be used to put your personal information at risk. “Along with newer threats like deepfakes, AI is also being used to mask some of the traditional warning signs of cyber threats,” Walsh says. For example, threat actors are utilizing generative AI tools to fix the poor spelling and grammar in phishing messages that used to reliably indicate a malicious email or text.”
  • Use different passwords across banks. This also applies to your credit cards and peer-to-peer apps for sending money. “If one password becomes compromised, suddenly a cyber-criminal can potentially access the full spectrum of your financial information,” Walsh says.
  • Opt for a longer password. “A 16-letter password has exponentially more possible letter permutations than an eight-letter password, making the programs criminals use to try and guess passwords unable to do so,” Walsh says. “Many people use password managers to generate, store, and change passwords on a regular basis.”

Donald Korinchak of CyberExperts.com:

  • Use two-factor or multifactor authentication. This security measure offers greater protection by requiring you to provide at least two methods for verifying your identity. “There are three categories of authentication,”  Korinchak says. “One, something you know, like a password. Two, something you have, like your cellphone — this is validated when you receive the text code. And three, something you are — biometrics.”
  • Set up alerts via email, text or your bank’s app to monitor fraudulent activity. “In the old days, customers often were unaware of fraud until they got their monthly bank statements,” he says. “Because of this delay, the fraudulent activity could continue for up to four weeks. With alerts, the customer is notified very quickly and can work with the bank to swiftly rectify the issue.”
  • Use your device’s security functions to protect data. “Be sure to set up the ability to track your stolen device, disable it and wipe it remotely,” says Korinchak.

Eric Kraus, vice president and head of products and services, fraud risk and compliance at FIS, a fintech company:

  • Beware of messages that could be from scammers. “Consumers should never respond to unknown messages and embedded web links,” Kraus says. “Everyone should understand your bank or credit union will not contact you asking for sensitive information they already have, such as your account number. When in doubt, contact your bank or credit union directly for clarification before providing anything via text or web.”
  • Set up mobile payment controls and account alerts. “Timely notification of account activity can help consumers identify suspicious activity quickly,” says Kraus, who recommends monitoring bank accounts as well as online shopping accounts and digital wallets.
  • Be careful when sharing your personal information on social media. “Everyone wants to tell everyone in the world about every little personal thing in their life,” Kraus says. “Be cognizant of not oversharing.” The more of your personal data a hacker has, the greater likelihood they can use that information to get into your account.

Bottom line

According to the Federal Trade Commission, consumers reported losing nearly $9 billion to fraud in 2022, which was a 30 percent increase over the previous year. You can help avoid being a statistic by being aware of the types of cybercrime and the ways to protect yourself.

“Hackers are constantly improving their game,” says Korinchak of CyberExperts.com. “And it is up to all of us to be vigilant.”

— Barbara Whelehan contributed to a previous version of this story.