Mobile banking is generally considered safe. But online frauds like smishing are gaining traction.
“It’s always a game of leapfrog,” says Marc DeCastro, a research director at IDC Financial Insights based in Framingham, Massachusetts. “The bad guys look for the easiest point of entry. There are ebbs and flows.”
Smishing occurs when you get a dubious text message from a fraudster posing as a bank representative. The message may warn you of security breaches and ask you to call a toll-free number. Then you’re asked for your account number and PIN.
“Someone in a foreign country is actually collecting the information,” says Robert Vamosi, a former analyst covering risk and fraud at Javelin Strategy & Research. “Don’t call the number on your text message.”
Instead, treat it as an untrusted communication. Call the customer service number listed on your monthly account statement and verify the text communication.
Fend off malware
Your computer can get infected with malware in two different ways. You can click on an online link and download a poisoned program or you can click on an infected email.
Once malware is installed on your computer, cyber criminals can track your every move on the internet, including your online banking transactions. Then they can empty your chequing account or clear out the emergency fund in your savings account.
To fend off malware, avoid going to small hosted websites with community forums, such as computer game sites. Security usually isn’t as diligent. Often free software and other pop-ups have malware embedded.
Another option is using a dedicated home computer or virtual desktop just for online banking and bill paying. You should also update your antivirus programs regularly.
Avoid shared computers and networks
If you’re banking on a public computer, you’re putting yourself at risk.
“When you’re done, log off your banking site if you do use a shared computer,” Vamosi says. “If you’re surfing to the next page, you’re still on the banking site. Someone can gain access to your account.”
Tapping into outside Wi-Fi networks is also dangerous. Vamosi warns against using Wi-Fi networks in airports, cafes, trains or taxi cabs, with some exceptions. “If you’re given a password to get onto a wireless network, you’re safer,” he says. At hotels, opting for a wired connection is safest, he says.
Protect your password
In online banking, good security hinges on a rock-solid password.
But many passwords are easily hacked. Use a difficult password with a three-, four- or five-word phrase followed by a number and a symbol, such as an exclamation point.
Don’t write your passwords down. Also, don’t let your computer remember your password.
Know what bank apps you’re downloading
A lot of people report using a mobile banking app, according to a recent Bank of America report. But app security is lagging behind.
“People think that apps downloaded from the Apple Store are secure,” says DeCastro. “But that doesn’t mean there won’t be issues. More and more people are trying to steal credentials.”
Downloading third-party apps not issued by an authorised bank is also dicey. “Download apps you trust,” says Kevin Mahaffey, chief technology officer at Lookout Inc, a mobile security firm. To do that, look at app ratings and quality.
“If there aren’t many downloads, you want to be careful,” Mahaffey says. “Smartphones have the same security issues as PCs. Don’t let your guard down.”