With more people doing more things online, understanding the risks as well as the opportunities is essential. Whether you’re thinking of banking online or just want to learn more about the risks and how to mitigate against them, this page will walk you through everything you need to know.
With banks closing branches all the time, online banking is now mainstream. Whether cause or effect, online banking and banking apps are taking over from the brick and mortar branches and every bank has their own app. But how secure are they? Jamie Kavanagh, a Contributor at Broadband Genie talks through what the risks are when using them and what you can do if you have been a victim of online fraud.
Potential risks with financial apps and the internet in general
There are a number of risk factors with internet banking, apps and general internet use. These risk should never put you off using the web as it really is a force for good but you should always be aware of the potential risks you may face.
Common risks online can include:
- Viruses and malware
- Targeted attacks
Let’s take a quick look at each…
Viruses and malware
Viruses and malware are probably the oldest computer threats. Viruses are much rarer now as hackers have shifted towards malware and ransomware but they are still out there. Viruses and malware will infect your device through a download of some kind and will usually delete all your files or otherwise render them inaccessible.
Phishing describes an email that pretends to be from your bank, government, tax office or other official entity. They are usually very realistic and look exactly like the real thing. These will include a URL of some kind that will take you to a realistic looking web page where you will be asked to enter account details or other private information.
Spyware is a type of malware that spies on you. It usually includes a key-logger or something that records keystrokes to try to collect usernames and passwords. The spyware will then secretly send this data back to a central server to be used in crime.
Ransomware is relatively new but evil. It works like malware and downloads onto your device. Rather than destroying your data, it will encrypt it and hold you to ransom. It will demand payment in cryptocurrency to unlock your files. There is never a guarantee of your data being unlocked even if you pay.
Eavesdropping is where someone sets up a fake WiFi hotspot or hacks your wireless networks and collects all the traffic on it. This can provide them with logins, credit card details and all manner of private information.
Targeted attacks differ from all the above. Rather than a hacker throwing their net wide to see who they can catch, a targeted attack will focus on you. They will learn everything there is to know about you and will try to trick you into giving them information such as account details, name, address or whatever they need to steal your identity.
Staying safe online
Don’t let that list of potential risks put you off as there are simple ways to combat all of them. Some involve using tools while others use behaviours. Either way, follow the suggestions to avoid 99% of internet risks.
Keep your devices up to date
Whatever device you use and whatever applications you have installed, keeping everything up to date is essential. Most operating systems will manage updates automatically. Most applications will also automatically update when one is available. Regularly check to make sure as updates will contain security fixes that can protect against risks. Don’t neglect firmware updates for hardware, either, especially vital devices such as Wi-Fi routers.
Always download apps from official app stores
In the case of any app but especially financial or banking apps, always make sure to use a legitimate source. That could be downloading from the bank directly or from Google Play
Store or the Apple App Store. Don’t download from anywhere else.
Always use security software
Every device you use should have a software firewall and antivirus running at all times. Computers should also have a malware scanner. These programs should always be set to automatically scan and automatically update. Some programs are free while others will cost money. The free programs have the same level of protection but fewer features. You do not compromise protection by using free security.
Use strong unique passwords
Every website you log into will use a password as part of account security. The importance of a strong password that is unique to that login and not used anywhere else cannot be overstated. It is essential to make the password as strong as possible and to never use it elsewhere. There are password managers available which allow you to securely store all your logins without having to remember the details for each.
Use multi-factor authentication wherever possible
If a website or app you use offers multi-factor authentication (MFA), use it. This is a valuable extra protection. It requires an extra step to log into your account, such as a random code sent to your phone, but can make it much more difficult to hack an account. Without that MFA code, even if a hacker had your username and password they would not be able to log in. It’s a free but very useful extra security measure.
Enable account notifications
Many web apps and websites have the option to notify you via email of logins or suspicious activity. Always have these enabled. Should your details be hacked, you will be notified of any access by email or text and can act quickly to prevent any loss or damage to that account or quickly change your password.
Use Wi-Fi safely
Wi-Fi is a risk as it’s possible for data to be intercepted. But it’s too useful to avoid using altogether, so you can get a Virtual Private Network (VPN) on your device to encrypt all your data. VPNs create a secure tunnel between your device and the VPN server that protects your data. Even if you accidentally connect to a fake Wi-Fi hotspot, your traffic is unreadable so is useless to the hacker.
Watch where you surf
Being aware of where you are on the internet is essential. Always check the URL, hover your cursor over a URL on a page or in an email to check it before clicking it and make sure you always use trusted websites. Be very cautious if a site is not encrypted using HTTPS. This will be indicated in the web browser URL bar, and if it’s not then your data could be at risk. Never enter any kind of information into a site which is not protected with HTTPS.
Know how to remote lock or erase your phone
If you use financial apps, banking apps or have personal data on your phone, it makes sense to familiarise yourself with the remote locking and erasure feature. Android and Apple both have a feature to remotely locate, lock or wipe your phone in case yours is lost or stolen.
What to do if you’re a victim of cybercrime
If you find yourself a victim of cybercrime, there are things you need to do to protect yourself. Exactly what depends on what has happened. The one universal requirement is to act quickly.
If you’re subject to any kind of crime or hacking online, you have to be proactive about the situation. That means actively changing affected passwords, contacting any related organisation, stopping credit cards, informing your bank and alerting the necessary authorities.
Here are some practical tips for actions to take:
- If your security program detects spyware, scan your system and allow it to clean the device.
- If you suspect you have received a phishing email, delete it and never click a link within it.
- If you think you have landed on a fraudulent website, close your web browser and perform a full antivirus and malware scan.
- If you are subject to a ransomware request, don’t pay. Wipe your device and rebuild it or have a professional do it.
- If your bank alerts you to strange behaviour on your account, independently verify and then phone your bank or credit card company using the number on the card.
- If you see strange debits on any account, alert the bank, change associated passwords and report the fraud to police.
Prevention is always better than cure but it isn’t always possible to avoid risks on the internet completely. If you follow the advice in this article, you will avoid the vast majority of risks out there and be able to enjoy the internet in the way it was originally designed to be enjoyed. Good luck out there!