For years now, ESET Ireland has been reporting on various banking scams that have been plaguing Irish online banking users. Every week we see fraudulent mobile text messages, fake websites, redirected links and new varieties of spam emails claiming to come from the Bank of Ireland, AIB, Ulster Bank, etc, asking the user to “update their details”, “confirm their login” and other nonsense, made up to provide the cyber criminals with access to cards or accounts. How to deal with all that? Here are some tips on how to keep your online banking safe:
- Use a trustworthy device
The first and most basic principle when you connect to your online account, is to use a trustworthy device. Your own computer, tablet or smartphone is mostly the best choice, as you would be more likely to notice if there was any suspicious activity going on, or the device was acting weird. If possible, try to avoid using borrowed or public devices that might put your account and savings at risk.
- Be careful where you connect
Not every internet connection is secure enough to be used for online banking or payments. Public Wi-Fi in your favourite coffee shop or a random network available at the town square may not necessarily be the best options to check your savings or pay bills. If you have to use this kind of connection, use a virtual private network (VPN) to keep your communications encrypted and thus unreadable to anyone who would try to intercept them.
- Update your computer to the max
Keep your operating system and software up-to-date. This closes loopholes the attackers are looking for and that allow them to infect your machine. To save yourself time and maximise your protection, many programs offer automatic updates and can check for patches or new versions themselves, without requiring your attention.
- Use a reliable and updated security solution
Before you connect to your online banking account or pay anything online, install a reliable, multi-layered and updated security solution. This offers protection from multiple types of malware as well as malicious tricks that might be disguised as harmless emails or websites luring you into giving up your sensitive information.
- Create a strong password and don’t reuse it
Is your password really secure? If you are not sure what that means, then you can use this short guide to build strong passwords that even kids can understand. One of the most important rules is to never reuse your password! We understand that it’s difficult to come-up with a complicated, hard to guess combination every time, but using the same password for your bank, social media and other accounts can lead to disaster in case it leaks from any one of them. A very useful and easy to remember alternative is a passphrase.
- Use two-factor authentication
If your bank offers two factor authentication (2FA) for your online account, use it. This way the bank can double check if it is/was really you connecting or making a transaction by using something only you have – such as your personal smartphone. So even if your password ends up in the wrong hands, without the second verification it is useless.
- Don’t get lured into traps
Cybercriminals will literally try anything to get to your sensitive information or data. Pretend they are your banker, pose as a notification, or ask you to change the password via a link added to the email you just received. Those are just some of the lies they will try to in order to trick you into giving up payment card data or the password to your account. Remember, if you get any message asking you to change your banking credentials or click on a link, check twice whether it is truly your bank who sent it. Your best shot is to contact them over phone or stop by in person.
- Use the log out button
Not using your online banking anymore? Log out. If an attacker tries to hijack your session, without being logged into the account, he/she can do less damage.
- Activate notifications via SMS
If you are one of those people who check their online banking account once a month or even less frequently, set up notifications to your phone. Having information about all the current transactions makes it much easier to recognize any suspicious activity.
by Urban Schrott & Ondrej Kubovic, ESET We Live Security