Are you confident when you use
mobile and online banking to access or conduct transactions, or do you get
nervous whenever you push the “send” button? In today’s rapidly developing world
of technology, where depositing a check can be as easy as taking a picture with
your smartphone and you can log on to your account from your tablet anywhere you
can carry it, protecting your information and devices has become even more
important.
While reports about online risks are fairly regular, performing financial
transactions online can be as safe as conducting them in person. All it takes is
some fairly simple steps to help reduce your exposure to these risks. Below
you’ll be introduced to some of the most effective strategies for protecting
yourself online. “The strongest defense is educated consumers who know what they
can do to keep themselves secure,” says Alexander Popowycz, vice president of
information security at Fidelity.
Major risks to be aware of: phishing, malware, and identity theft
There are many ways that information can be compromised, and techniques used by
online criminals are constantly evolving. The majority of risks that online
consumers face fall into a few categories. Here’s a look at a few of the most
common, along with some steps you can take along the way to help protect
yourself.
Phishing Scams
When cyber criminals go “phishing,” consumers are the prey and fake Web sites
and emails are the bait. Phishing typically works like this: A consumer receives
an urgent email, allegedly from a trusted party such as a retailer, email
provider, or bank. Such emails generally include links that lead to a Web site
where the email’s recipient is asked to enter information such as a password,
Social Security number, or other sensitive information. Once entered, this
information can be captured by online criminals who designed both the email
address and the Web site to mimic the trusted third party’s actual online
presence. “Criminals are sophisticated at using phishing to trick consumers and
elicit information from them,” says Popowycz.
How to protect yourself
Be smart when conducting online transactions. To avoid being conned by a
phishing scam, always verify the legitimacy of any Web site that asks you for
personal information. “One way to make sure you’re not being sent to a
fraudulent Web site is to type the address of the Web site you’re being asked to
visit into your browser’s address bar or use a bookmark that you personally have
created instead of clicking on a link in the email” says Popowycz
Urgent-sounding communications should raise a red flag. “Criminals create these
scams to prey on consumers’ emotions,” says Popowycz. Use caution any time you
receive a text message or email telling you to immediately update your personal
information, activate an account, or even check on an unexpected delivery.
Rather than clicking on a link or calling the number provided in the email to
verify the request, go to the institution’s Web site as you normally would, or
call the company’s general customer service number to check the validity of the
message. And be sure to delete emails coming from addresses that are unknown to
you.
Malware
Computer programs intended to gather information or disrupt a computer’s normal
functions are known as malicious software or malware. Your computer or device
can be infected with malware by visiting unsecured Web sites or by opening
attachments to emails sent by cybercriminals. “Some people have their personal
data, including passwords, taken by malware like viruses and Trojan horses,”
says Popowycz.
How to protect yourself
Keep your computer and the rest of your digital devices up to date with the
latest security updates, fixes, or “patches.” A computer with antivirus software
and an operating system that is regularly updated, combined with a personal
firewall, provide a strong foundation of protection from malware and other
online threats. But it’s not enough to install an Internet security software
package when you first get your computer. You also need to regularly download
updates such as virus definitions for the software so it is equipped to respond
to the latest malware. Many applications let you set up automatic updates as
well, but you should check to make sure your security subscription is up to
date.
Install a firewall. At home you should only connect to your ISP through a
network firewall. These firewalls are often integrated with other network gear
like WiFi routers, sometimes even provided by your Internet service provider
(ISP). This helps protect not only your PC but other devices on your home
network, including printers and DVRs. For laptops and other mobile devices,
consider using a software firewall installed on these devices, as they won’t
always be used on your home network. Security software generally includes a
firewall as part of a suite, along with antivirus. Check with your ISP to see
whether it offers security software, possibly at reduced prices, or even for
free.
Identity Theft
Once criminals gain access to a person’s personal information—whether it’s by
phishing, malware, or simply by finding a lost wallet or looking over a
shoulder—they can then use the information to set up new financial accounts.
Identity theft is sometimes the result of criminals gaining access to
information that’s not directly related to a person’s financial accounts.
“Social media like Facebook and Twitter make things easier than ever for
criminals, because there is so much personal information online,” says Popowycz.
“Keeping financial information safe requires more than just secure online
banking—it’s important to carefully check your privacy settings on social media
that you use and avoid spreading any personal information unnecessarily.”
How to protect yourself
Don’t trust public computers. There’s usually no good way to know if public
computers, such as those in libraries or schools, are infected with malware or
are lacking adequate protection. Avoid accessing financial accounts or making
online purchases on such computers. “It’s always best to use a computer that you
trust,” says Popowycz.
Public wireless networks are less problematic. They’re probably less secure than
your home connection, but Popowycz says the risk is typically minimal. “Use
discretion,” he advises. “Generally, connections to financial institutions are
encrypted, so it’s not essential for the wireless network you use to also be
encrypted, but you should try to stick to using WiFi that is known to you,
rather than connecting to the nearest signal.”
Protect passwords and other information that could be used to access your
accounts. Everyone knows password protection is crucial. Still, it can be
tempting to share passwords with loved ones or choose passwords that are easy to
remember but not particularly secure. Popowycz cautions that the risk isn’t
worth it. “Knowing a password makes it much easier for criminals to access an
account, even if they have no other information,” says Popowycz. “And too often
people use the same password for multiple accounts.”
Popowycz says that one of the best ways consumers can secure their accounts is
to create a complex password and keep it to themselves. “Pick a creative
password that’s easy for you to remember but difficult for anyone to guess,” he
suggests. “And don’t use easy-to-guess digits like your date of birth, street
address, or phone number.” One method he offers: “Think of a sentence that you
can remember and use the first letter of each word in that sentence as your
password while also adding numbers and special characters such as asterisks to
make them more secure.”
It’s also a good practice to change your passwords occasionally. For instance,
you might want to create a new password every year on a date that is memorable
to you. Review financial transactions regularly. The most common way criminals
use stolen information is to make purchases online or by phone. Such
transactions usually show up immediately in your account history. Consumers
might also consider checking their balances from other computers as well.
Sophisticated malware can sometimes cover its tracks by hiding fraudulent
transactions, but only from the computer it has infected. You can greatly
minimize the damage from any incident of identity theft if you review your
account regularly for unknown or unauthorized transactions, and then contact
your financial institution immediately if you spot something suspicious.