Rarely a week passes without a headline about a data security breach or a household name leaking your personal data, usually due to technological negligence or poor security practices.
Increasingly, our financial affairs are conducted online, offering up personal and financial data for hackers to potentially steal and use – but we often delay taking simple protections, even though the consequences can be severe, both personally and financially.
There are many different tricks and tactics used by hackers or scammers to try and steal your personal information and ultimately, your money. Here are some of the common types of scam to look out for:
These scams involve fraudsters accessing personal details through fake emails, websites and text messages which appear to be from legitimate organisations.
Email scams which ask you to use your bank account to move a large amount of money, paying you a fee in exchange for your help.
You’ll receive a phone call and the scammer will pretend to be from your bank. The caller will pretend that your account has been compromised and ask for your details, claiming that they will transfer your account to a new, safe bank account.
If you’re looking for how to protect your bank account from fraud, here are 6 effective ways of protecting your personal details and your money online:
Regularly update your software and apps
Use two-factor authentication
Use social media carefully
Use a password manager
Check your credit report regularly
Be sceptical of every email you receive
One of the most straightforward steps to protect your computer, mobile phone or other devices is to regularly update installed apps and software, including your operating system (Windows, Mac OS, iOS, Android) and any antivirus or anti-malware tools.
The most common way for a hacker to gain access to your device is through an old piece of software that has a security vulnerability.
If you have antivirus or anti-malware software installed, make sure it fully scans your computer at least once a week.
Most banks recognise the importance of security – but, as regular reports of online banking fraud show, many still fail to keep your personal and financial data safe.
There are 4 main elements to online banking security that your bank needs to offer protection for: logging in; encrypting your data, so it can’t be intercepted by anyone other than you or your bank when it’s transmitted across the internet; securely storing your banking data; and the logging out process.
Ideally, you want your online banking service to use two-factor authentication (2FA), which uses two steps to confirm your identity rather than just one password that could be guessed or discovered. This makes it much more difficult for fraudsters to gain access to your account. From September 2019, all financial institutions have been obliged to use strong customer authentication.
In some ways, mobile banking apps are safer than using a web browser on your PC because computers can run software from any source, while smartphone apps are usually checked by Google or Apple.
Alongside concerns about what social media sites are doing legally through data harvesting, they are also susceptible to hacking and fraud and there are ways for criminals to con you out of cash or financial details.
Ensure personal information like your date of birth, phone number and address can’t be viewed. They represent a stepping stone that, combined with other information, can lead to fraud. Check and review your security settings and use less obvious answers for security questions, particularly ones that may be repeated in your posts on social media such as your favourite football team, pet names or mother’s maiden name.
Be wary of what information or pictures you add to social media accounts when you are on holiday. Wait until you return home to post details or you could alert criminals to the fact that your house is empty.
Passwords are your first line of defence against online fraud – but, believe it or not, variations of ‘password’ and ‘123456’ are still the most commonly used passwords. While it might be tempting to use the same password for multiple accounts and services, you really shouldn’t – just imagine the havoc a hacker could wreak if they obtain it.
Instead, you should use a password manager. A password manager automatically generates secure passwords for services that you sign up for, and then encrypts and securely stores them until you next log in.
Ensuring the details contained in your credit report are accurate is another important strand of data security, though you could be forgiven for being cynical about credit reference agencies keeping your data secure after the massive Equifax security breach.
You should check your credit report to see if there are any unusual entries that not only impact your credit score but also suggest that someone has accessed your financial data or personal details and used them fraudulently. Checking your credit report can be the first sign that you’ve been hacked as any applications for credit show up there.
If you notice anything suspicious, contact the credit reference agencies and follow the procedure to get the entry removed, known as a ‘notice of correction’.
Many threats come via email, so be vigilant against opening links that could install malicious software (malware) on your computer. The same principle applies to attempts to solicit information through phone calls or text messages.
Always double check who the person or organisation is before clicking on a link or providing any personal information. Always ask yourself whether you’re expecting an email from that person – if it seems at all suspicious, don’t click any links or open any attachments. Remember, your bank will never ask you for your complete PIN or password by phone or email.
Malware can infect your computer through an email attachment or downloading a file from the web. Once malware is on your computer, criminals can track every action you take on your computer, including what sites you visit and the login credentials that you type in.
The equivalent attack on a smartphone, sometimes called “smishing,” comes via a text message. The fraudster sends a message asking you to call a number to discuss a security issue – and then they ask you for your account number and PIN.
Increasingly, scammers are cold calling or emailing individuals and convincing them that they work for banks. The scammers claim the individuals are victims of fraud and request personal and security details under the guise of securing the account when in fact, they are accessing the account fraudulently.
When they gain access, often scammers will transfer any money out of the account and disappear.
If you believe your account has been hacked or that you’ve been scammed, report the fraud as quickly as you can to your bank so that your bank can freeze the account and seek to recover your funds.
If you’re hacked and lose personal data or suffer financial loss, contact your bank or financial institution.
If the identity theft or fraud causes financial loss from your bank, they will refund your money once it has investigated and decided you weren’t negligent and caused the problem. If, for instance, you’ve given out your PIN to someone, it might not refund the money.
If the fraud relates to a credit card, contact the card issuer and follow their advice.
If you’re a victim and a financial organisation rejects your claim you can appeal to the Financial Ombudsman.
There is lots more help available. You can speak to a Citizens Advice Scams advisor on 0808 250 5050 or the Financial Conduct Authority.
Report the scam to the police through Action Fraud. It’s important to do this because it could help catch criminals and stop it happening to others.