Safe Online Banking
Online banking is a very secure and convenient way to access your bank's services. However, you need to be wary of fraudsters trying to gain access to your account. You could be tricked by phishing emails or vishing phone calls into disclosing your password and other confidential details.
- Identity theft caused by viruses or spyware, giving criminals access to your bank account and other personal information stored on your computer.
- Malware on your computer that sends information to your bank that is different from that which you intended - for example the recipient of a payment. Malware could also introduce false fields such as 'enter your complete password' on an otherwise genuine site, by interfering with your browser. This is sometimes called a 'Man in the browser' attack.
Use a VPN. For the best security, you should avoid doing online banking when connected to a network you don't control. Using a VPN (Virtual Private Network) encrypts your traffic so no one can read it.
The banks say 'if you don't have it, you could be liable'
If you're not protected and someone uses your computer to get passwords, or accesses your bank account or other financial products, you may find it harder to get a refund. The burden of proof's on the bank to show you didn't act with care, but it's best to be safe. It’s fairly simple to ensure your account is not vulnerable to any particular attack. When logging into your bank account online, most banks allow you to “remember your computer.” You can then bypass a few security questions when the bank recognizes your computer’s IPv4 address, a unique identifier for each internet connection. Hackers can spoof your IPv4 address or even use malware to hijack your computer so you don’t even know it’s accessing your bank account. It’s best to disable the “remember your computer” feature. It’s a little bit of a pain, but it’s much more secure.
Never use the same password for your bank that you use on other websites. Make it unique. Know all the main threats?
Threats to your computer come in different guises with various funky names. Collectively, they're considered malicious software, or "malware". The main types are:
- Viruses. Hidden programs that wreak havoc
These are transmitted via websites, email attachments, directly over the internet or via any other removable media. They hide in applications or files and spread from computer to computer, generally wreaking havoc wherever they get the chance.
- Spyware. Just as the name implies
Spyware is software that aims to gather information about a person or organization without their knowledge that may send such information to another entity without the consumer's consent, or that asserts control over a device without the consumer's knowledge. "Spyware" is mostly classified into four types: adware, system monitors, tracking cookies, and Trojans; examples of other notorious types include digital rights management capabilities that "phone home", keyloggers, rootkits,
- Malware. Todays big threats
Short for malicious software, is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs.
How to bank safely online
Never login to your bank website through a link in an email, even if the email appears to have come from your bank. Type the web address into your browser yourself. The login pages of bank websites are secured through an encryption process. The beginning of your bank's internet address will change from 'http' to 'https' when a secure connection is made.
- On NO account disclose any passwords or other personal information in response to an email, phone call or letter from your bank or financial institution. This included PINs. Your bank will never ask for your full PIN or password.
- Always make sure you are using a secure internet connection to connect to your bank. Never use free public Wi-Fi - however convenient - as this may not be secure and your online banking could be eavesdropped on. If you must use public Wi-Fi also use a VPN.
- Only ever visit your bank’s website by entering the address into your browser (Microsoft Edge, internet Explorer, Firefox, Chrome) or using a bookmark you have created using the correct address.
- Never click on a link to a website in an email. This would definitely be a phishing scam. Banks would not send you an email with a direct link to their bank.
- Fraudsters sometimes try to trick people into making a real payment by claiming "it's just a test". No bank would ever ask you to do this.
- Never give anyone your login details in full either by email, text or over the phone – your bank will never request these in this way.
- Check your bank statements regularly and contact your bank immediately if you spot any transactions that you didn't authorise. Another good idea is to register with a credit reference agency.
- When sending money via your online bank account, always double check the amount you are sending as well as the account number and sort code you are sending it to.
- Make sure your bank has your up-to-date contact details.
- Browsers often come with security features built in. Make sure they are activated, and updated.
Four main things to remember:
- Always have an internet security package installed, activated, and up-to-date. Free is good, but full security suites now offer safer banking with features like anti-phishing features and virtual keyboards.
- Always make sure your PC, MAC or Mobiles software is up-to-date with the latest updates and patches.
- Mobile Banking Apps – Visit your bank to find their mobile banking app. Always check it is produced by your bank and DO NOT download from any other website.
- Never give out your details to anyone over the phone, text or click on ANY links in an email to do with your personal or financial information.
All banks carry online security information on their websites, including information about known frauds. If you suspect anything suspicious, contact your bank or financial institution immediately.