Skip to Main Content

Expert advice on protecting your bank accounts from hackers

Woman talking on the phone with bank
10'000 Hours/Getty Images
Bankrate Logo

Why you can trust Bankrate

While we adhere to strict , this post may contain references to products from our partners. Here's an explanation for .

Consumers often prefer online banking for its convenience, including the ability to access account information and make transactions with just a few taps. A recent Bankrate survey found that 44 percent of bank customers were using mobile apps to manage their accounts. With increased usage, however, comes a higher risk of cybersecurity problems.

An FBI-issued public service announcement alerted consumers to fake banking apps designed to take possession of people’s account information. It recommended using measures such as strong passwords and two-factor authentication as protection from such cybercrimes.

Cybersecurity expert Paul Benda relays a story about the time that hackers tried to break into his bank account and steal his money. “They found out my login, but didn’t know my password,” says the senior vice president of risk and cybersecurity policy at American Bankers Association.

Fortunately, the cyber thieves were foiled. “I called up my bank and locked down my account,” Benda says.

Tips to avoid getting hacked

Bankrate interviewed four cybersecurity experts to learn the best ways consumers can protect their banking and financial accounts.

Paul Benda, senior vice president of risk and cybersecurity policy at the American Bankers Association:

  • Make sure you’re really on your bank or financial institution’s website or app when you’re transacting business — and not an imposter site set up by hackers. “Check on your statement or the back of your bank card for the right website, bookmark that, and use that,” Benda says.
  • Only download verified apps from reputable websites, such as the App Store or Google Play. “Trojans are really pernicious,” Benda says. “People need to be careful about what apps they install and where they install them from.” Fraudulent activity can often occur through sideload apps, or those downloaded from unofficial sources, he says.

Teresa Walsh, global intelligence officer at Financial Services Information Sharing and Analysis Center

  • Use trusted app stores when downloading apps. “Users shouldn’t download applications found on open forums,” Walsh says. “For banking applications, many banks feature links to the app stores from their websites to ensure you pick the correct one.”
  • Beware of phishing emails that try to get your personal information. These messages often contain malware that targets your computer if a link in the text is clicked. “Phishing awareness still holds true for mobile threat mitigation as many people use their mobile for email and text messages from their banks,” Walsh says.

Donald Korinchak of CyberExperts.com:

  • Don’t make it easy for hackers to guess your PIN and password. “The biggest problem with passwords is that people tend to reuse passwords and choose weak passwords,” Korinchak says. “This is because weak passwords are easier to remember. Strong passwords are difficult to remember, especially if you have dozens of different strong passwords.” It’s best to use longer passwords with a combination of upper and lower case letters, numbers and symbols.
  • Use two-factor or multifactor authentication to reduce your risk of exposure. This security measure offers greater protection by requiring you to provide at least two methods for verifying your identity. “There are three categories of authentication,”  Korinchak says. “One, something you know, like a password. Two, something you have, like your cellphone — this is validated when you receive the text code. And three, something you are — biometrics.”
  • Set up alerts via email, text or your bank’s app to monitor fraudulent activity. “In the old days, customers often were unaware of fraud until they got their monthly bank statements,” he says. “Because of this delay, the fraudulent activity could continue for up to four weeks. With alerts, the customer is notified very quickly and can work with the bank to swiftly rectify the issue.”
  • Avoid sending financial or sensitive information via email since it’s not encrypted and can be intercepted by hackers and used to raid your account.
  • Use your device’s security functions to protect data. “Be sure to set up the ability to track your stolen device, disable it and wipe it remotely,” says Korinchak.
  • Consider using a password manager app, which helps you generate, store and manage your personal passwords. Korinchak says password manager software is recommended by most cyber security experts.

Eric Kraus, vice president of fraud, risk and compliance solutions at FIS, a fintech company:

  • In addition to downloading only verified apps from Apple’s App Store or Google Play, read reviews of apps before downloading them. “If a couple of consumers downloaded an app and had a malicious experience, they write about it in the review,” Kraus says.
  • Consider getting mobile security software, which is designed to protect your personal information and prevent viruses and malware.
  • Signs something may be amiss include increased data use and a device’s battery draining more rapidly than usual. “That can indicate something is silently running in the background,” Kraus says. “Be actively involved in monitoring data and battery usage.”
  • Avoid clicking on adware popups. “That’s a popular way that fraudsters love to embed malware,” Kraus says. “Don’t be overly zealous clicking into less than scrupulous apps and ads that are being pushed to you and popping up.”
  • Limit sharing too much of your personal information on social media. “Everyone wants to tell everyone in the world about every little personal thing in their life,” he says. “Be cognizant of not oversharing.” The more of your personal data a hacker has, the greater likelihood they can use that information to get into your account.
  • Consider using a Virtual Private Network (VPN) on your computer to shield you from password pickpockets, but avoid those that are free because they may not protect you at all. “VPNs can be very effective,” says Kraus. “They’re not expensive, and not hard to set up at your home.”

Bottom line

Hackers attempt to attack computers with internet access an average of every 39 seconds, according to a study by the University of Maryland’s Clark School of Engineering. You can help avoid being a statistic by being aware of the types of cybercrime and the ways to protect yourself.

“Hackers are constantly improving their game,” says Korinchak of CyberExperts.com. “And it is up to all of us to be vigilant.”

Written by
Karen Bennett
Consumer banking reporter
Karen Bennett is a consumer banking reporter at Bankrate. She uses her finance writing background to help readers learn more about savings and checking accounts, CDs, and other financial matters.
Edited by
Wealth editor