Approximately 73% of people worldwide use some form of online banking at least once a month. As advantageous as it is to have access to your account whenever and wherever that convenience can come at a cost. In 2021, account takeover fraud increased by 90%, and new account fraud jumped by 109%. As the ease of online banking has increased, so has banking-related cybercrime. If someone hacks your social media account, it can be a real pain, but it can be devastating if a hacker breaches your bank account. It can mean significant losses that you may not be able to recoup from your financial institution. In this article, we'll look at some of the common mistakes people make that leave their accounts at risk, as well as some critical tips on how to keep your bank account better protected.
Mistakes that allow criminals to access your account:
Not enabling two-factor authentication
Two-factor authentication (2FA) is a simple process that is absolutely essential in modern cybersecurity. Enabling this setting for an online account means that it requires an extra step to log in to that account besides just your username and password. That step usually consists of receiving a one-time passcode (OTP) by SMS and entering that at login. Many people make the mistake of leaving this disabled because they either don't know it's there or they think it's too inconvenient. But enabling this setting drastically improves the security of your online accounts, so you should use it whenever you can. We've even made multiple posts about how beneficial 2FA is.
Falling for a phishing scam
Hackers use several types of phishing scams to target users of online banking. They send emails designed to look like official communication coming from your bank. These scams often involve a fake warning of unauthorized account activity or a fake offer for some sort of "great deal" and a request to follow a link and log in. However, the link actually leads to a fake login page designed to look just like your normal bank website, and once you enter your login details, the hacker records them and uses them to access your account. It is vital for cybersecurity that you are able to identify and protect yourself from phishing scams. Thankfully there are numerous online resources to educate people on how to identify phishing.
Using easy-to-guess passwords
A simple password may be easy to remember, but that is because it's also easy to guess. Using weak passwords is a common mistake that enables many cybercriminals. Some best practices for passwords include:
- Make them at least ten characters long
- Include at least one number
- Include at least one symbol
- Include at least one upper-case letter
- Don't make them personal (e.g., don't use your birthdate, address, etc.)
It is also poor cybersecurity practice to use the same password multiple times for different accounts. A hacker only needs to breach a password one time, and they will often try that password on numerous different services looking for a match.
Downloading unsafe mobile apps
Hackers often use malicious mobile apps as a way of tricking people into downloading banking trojans that are hidden in the apps. These apps can look like anything and are often distributed on, but not limited to, third-party app stores. Once a victim installs a malicious app, banking trojans seek out any details they can find and attempt to breach banking and wallet apps also on the device. In order to stay cyber secure, it is necessary to review the security and legitimacy of any app before you download it.
Logging into online banking while on public wifi
One surefire way to give away your online banking password is to log in while on public wifi. Hackers constantly watch and record traffic on public wifi to spy on the activity of others connected to that wifi. You should never type in a password or other sensitive details when connected to public wifi. If you absolutely must use public wifi, make sure you enable a VPN in order to encrypt the data you send.
Additional tips for improving online banking security:
Set up banking alerts
Time is of the essence when an intruder breaches your account, so the faster you notify your bank of the breach, the better. You could reduce the impact on you by having your account locked down immediately. Setting up banking alerts is an excellent way to enable you to identify suspicious activity quickly so you can react quickly. Some common banking alerts people use include low-balance alerts and login alerts.
Install an antivirus & DNS filtering on your PC & mobile device
Many people forget about the need to install antivirus on their mobile devices, but smartphones are also computers and require many of the same protections as any PC. It's also good to use a DNS filter, which helps protects you from going to dangerous phishing sites by blocking them.