Identity theft and cybercrime have become a fact of life in the 21st century at a cost of $600 billion per year. With the right information, a hacker can clean out your bank account in seconds. And they are virtually untraceable. If the loss goes undetected for more than 60 days then the bank isn’t liable to cover cybercrime losses. What’s worse is, if you lose control of your identity, you can have unauthorized transactions, charges, and online activities that haunt you for years, affecting your credit rating and every other aspect of your life.
Hackers are becoming more active, more aggressive, and more cunning, but they tend to go after the easy marks: those consumers who are careless about securing their bank accounts and who make it easier to steal their money. You don’t have to be an easy mark. Your best defense against a cyberattack is being well-informed and being proactive about securing your bank account.
Cybertheft Is on the Rise
Cybercrime has been growing at an alarming rate. According to the 2018 Data Breach Investigations Report from Verizon, ransomware is the biggest threat, making up 39 percent of data breaches. Ransomware is malware that locks your computer and requires you to pay a fee to an anonymous source to unlock your system. Since the amounts demanded are usually modest, typically a few hundred dollars, most people find it more expedient and less expensive to pay the ransom than to try to remove the malware.
Part of the reason that cybercrime is so prevalent is because it is lucrative. For example, the price of a Social Security number on the dark web is $1, a driver’s license is $20, online payment system logins can go for as much as $200 each, and passport numbers get up to $2,000 each. Since most cyberattacks are automated, it becomes a numbers game for criminals; they send as many malware messages as they can, knowing a percentage will reply, so they are sure to find new victims.
The best way to defend your bank account against cybercriminals is by being aware of different ways you can be hacked, where you share sensitive information, and whom you share it with. Here are just a few basic online safety tips:
Tips to Secure Your Computer
In the age of internet communications and e-commerce, your computer has become the tool that handles most of your personal financial activity and money management. It has become routine to do your banking online; make online payments for your mortgage and household expenses; and, of course, shop online. As a result, your computer holds a lot of personal and financial information that could be valuable to cybercriminals. To protect yourself, here are some tips:
- Use anti-malware software. Malware can infect your computer from a variety of sources, whether it’s from an incoming email attachment or by visiting the wrong website. Once malware is loaded into your system, it hides itself, making subtle changes to your computer operating system that can be hard to detect. One of the best ways to protect yourself is with antivirus and antimalware software from a reliable software company. Be sure the software you choose covers a wide range of potential threats and the software company updates its threat database regularly.
Keep your software up to date. Even the best software protection won’t help you if the software is out of date. Be sure to keep all your computer software up to date, including the operating system and anti-malware software. Most updates include security measures to deal with emerging threats.
Watch for email phishing attacks. According to the Verizon report, human error accounts for 90 percent of data breaches, and 96 percent of those threats come via email. Be suspicious. Hackers are clever, and they are good at making phishing messages look like legitimate email. A few basic rules to remember:
Never click on a link in an email message. If you think a message is legitimate, open your web browser and log in to your account manually, bypassing the link.
Look for errors or suspicious text. While an email may have the right images and look legitimate, phishing messages often have misspellings or awkward grammar.
Check the email address. Often, you can tell if a message is fraudulent by looking at the sender’s address. If it doesn’t match the body of the message, it is probably fraudulent.
See if there are group recipients. Often, spammers copy a list of “undisclosed recipients” on the same message. Legitimate email messages don’t use mass addresses.
- Don’t trust public Wi-Fi networks. Many people love the convenience of laptop computers and use them when traveling or at the local coffee shop. Never use a public Wi-Fi network. It’s the easiest means for a hacker to access your computer.
Maintaining Mobile Data Security
Mobile banking is gaining in popularity with consumers, banks, and credit unions. In fact, a Javelin Research report shows that 62 percent of millennials and 34 percent of baby boomers currently use mobile banking. While most of the security concerns are unwarranted, there are a few steps you should take:
- Watch for smishing attacks. Smishing uses SMS texting to send phishing-type messages, often pretending to be a bank or credit card company. It’s harder to track sources of SMS solicitations, so if they are unknown or unexpected, don’t trust them.
- Keep your phone firmware up to date. As with your computer, your phone or tablet gets regular operating system updates, including security patches.
- Strengthen your PIN. Set a strong personal identification number on your mobile device so if you lose it, it’s harder to crack. Avoid sequences like 123456, birthdays, zip codes, or blunders like Kanye West’s 000000 PIN.
- Use biometrics. Most phones come with biometric security features, such as fingerprint authentication. Use these features to secure your banking apps; they are hard to defeat if your phone is lost or stolen.
Use Safe Online Banking Practices
Now that we have talked about ways to protect your computer and mobile devices, let’s consider some best practices to keep your bank account safe when shopping, paying bills, or doing any kind of online banking:
- Create a strong, unique password. Most people are careless with their passwords, either using obvious phrases or using the same password for every account. Use a password that is unique for your online bank account. Choose a password that is strong, complex, and difficult to guess. Use special characters, include numbers that you can remember, and choose words that are not in the dictionary. The more complex the combination, the harder it will be to hack. Also change your password regularly and do not share it with anyone.
- Encrypt your passwords. Some financial institutions allow you to encrypt your password for greater security. If encryption is available, use it.
- Use two-factor authentication. Many online and mobile banking systems offer two-step authentication, where they generate a code that is sent to your phone or email so you can prove that you are you before you access your account. This is a great security feature since you need to have the physical phone or right email address before you access your bank account.
- Know your apps. When people sign up for online banking, they usually go to the App Store or Google Play to find the mobile software they need. Be sure you use the right software. Use apps from the bank or credit union rather than third-party apps and make sure you have the right app version.
- Sign up for real-time activity alerts. Most banks and credit unions also offer activity alerts that generate a text confirmation for any mobile banking activity. This is an easy way to watch for unauthorized access to your bank account.
- Use third-party payment systems. Services such as Apple Pay, Google Pay, PayPal, Venmo, and Zelle can be linked to your bank account and used for online purchases or to securely transfer money. The advantage of using third-party payment systems is that the username and password for the payment service are separate from your bank account, so hackers don’t have direct access.
- Watch for skimming and shimming. Skimming has been an ongoing problem, especially at gas pumps and ATMs. A skimmer is a device that is fitted over a credit card reader and designed to capture your credit or debit card information by copying the magnetic stripe. Skimmers are becoming less of a problem with the adoption of EMV chip cards, but now hackers are being more devious with shimmers, devices that fit inside the card reader machine and clone the chip data. The good news is that shimmers can read only a portion of the card data, but they could still lead to debit or credit card fraud. Your best defense is to monitor account transactions.
Even though cybercriminals are becoming more aggressive, you don’t have to be a victim. Using simple security protocols and common sense, you can keep your bank account safe online. Of course, you also want to make sure that you have your money with a reputable institution that understands the dangers of online fraud and will help you protect your money. Here at iQ Credit Union, we care about keeping your money secure. Contact us to learn how we can make your life simpler with online banking and still keep your money safe.
The Most Common Types of Cyber Attacks
Phishing attacks are still prevalent. While Verizon reports that 78 percent of recipients do not fall for most phishing attacks, 4 percent do. And phishing attacks are becoming more sophisticated. They often appear as legitimate correspondence from a bank or credit union with a link to a malware site.
Criminal pretexting is increasing. Pretexting is a clever strategy to steal and sell your identity. A pretexter may contact you by email, text, or phone, posing as a survey firm, hotel, or someone who wants to ask you a few questions. Once they have the basic information, they use it to gather more information about you, such as your social security information from organizations you do business by posing as you. Once they have your profile they can sell it on the dark web. There has been a five-fold increase in pretexting over the last year.
Password attacks are very common. Criminals can “sniff” the network connection looking for passwords (which is why you should never access your bank account from a public wi-fi network). Brute force attacks use random terms to guess a password, but those words are often tied to a job title, hobby, or other personal information. Dictionary attacks use commonly used passwords to try to hack the account.Malware attacks are very common and insidious. Malware such as ransomware, viruses, Trojans, worms, and others infect your computer or phone system without your knowledge, often providing access to sensitive data such as your bank login. You can pick up malware by opening the wrong email attachment or even visiting the wrong website.