Tag Archives: Online Banking Security Tips

Online Banking Security – Another Town Bites the Dust

Just in case you thought I might have been crying wolf over the risks of online banking and the need to implement online banking security measures here is another report that proves the risks are very real. Another New Jersey city has become a victim of online banking fraud because they failed to implement adequate information security measures. The city feels confident they will recover most of the $400,000 that was lost but if I was a taxpayer in that area I would be very concerned about the lax information security practices that put the funds at risk to begin with.

The article linked above from Brian Krebs is a great read because it shows fascinating detail into the other end of the criminal process, how do the criminals get the money out without getting caught? Cyber thieves are utilizing social networking, job boards and a high unemployment rate to their benefit to recruit “money mules” that help move the money around quickly and minimize the likelihood of them getting caught. This is a good example of how the scam works and shows you what kind of thieves you are up against.

Remember online banking is convenient but a lot can go wrong if you are not taking information security seriously. Just as Brigantine, New Jersey could not rely on their bank to stop unauthorized transactions neither can you. The security of your financial health is reliant on you so get started today.

Online Banking phishing scam – Information Security Awareness

I received this online banking phishing scam in my email account today so it provides a good example of what you need to be on the lookout for. This one was not ideally targeted for me since I do not bank at HSBC but no matter these type of scams impersonate all types of banks and online financial service accounts. If this had been from your bank what would you have done? If you clicked on it you would have likely been asked to provide your login and password information or your machine would have been infected with malware and in either scenario your account would be at extreme risk.

Here are some tips on dealing with phishing emails from banks or other financial companies requesting you to click on them:

1. Legitimate companies will not email you requesting you to take immediate action or threaten immediate suspension of your account. That is a threat that real businesses will not make so you should take that as a warning sign that this is a scam.

2. If you point your cursor over the intended link (but don’t click on it) you’ll notice it is often not the actual company it is pretending to be. I say often because there are techniques that will make it appear as such so do not use this as a fool proof measure.

3. If you do need to check on your account status never do it via an email link but instead do it from a saved link to the site that you know to be legitimate. In the example above that means having your own link to your HSBC account and not clicking on the link bait provided.

4. Always be skeptical of unsolicited emails and treat them as untrusted and revert to step 3 above for accessing sensitive accounts.

Don’t fall for the bait avoid phishing scams and keep your online accounts secure!

Online Banking Security Tips

Another day and another report of a big online banking information security incident. At this point you have to be asking yourself if your business can securely online bank or if it is best avoided altogether. The FDIC offers some limited online banking guidance that primarily deals with not doing business with fake banks and how to validate if your bank is FDIC insured. While these measures are important they are not sufficient to ensure that your online banking is done in a secure manner.

Step 1 – Decide if the benefits of online banking are greater then your potential exposure from loss due to fraud. For individuals this is an easier decision as you have more protection but a business should fully evaluate the risks and implement controls recommended below prior to online banking.

Step 2 – Ensure the computer(s) that you will be online banking with are regularly patched (both operating systems and other general applications), utilize up to date anti virus control, and have a personal firewall installed. I will cover all of these items in more depth with recommended options in a future article but if you are using an all in one suite like Mcafee or NortonĀ  you are on the right track.

Step 3 – Strongly consider dedicating a single machine used only for online banking. That means no internet surfing, no email usage etc… The most common method of compromise is via malware from internet surfing or infected email attachments so avoiding these activities via a dedicated machine greatly reduces your risk. That being said you must be consistent and do this 100% of the time for it to be effective.

Step 4- Never perform online banking transactions on a shared PC or on a network that you do not own. Shared PCs or strange networks could be capturing your online banking credentials and could lead to the compromise of your accounts.

Step 5 – Practice good password management practices with your online banking credentials.

Step 6 – Implement automated account monitoring that will automatically alert you of key changes to your account such as security setting changes, adding of a new payee, as well as low balance alerts set on your desired threshold. I recommend getting these alerts sent to your mobile phone as this will offer some additional protection vs. being sent to a traditional email account.

Step 7 – Not many banks have implemented advanced controls to replace passwords (such as password tokens that change every minute) but if you are considering different banks I would lean towards one with greater security measures vs. those that only offer static passwords.

Step 8 – Check your online bank balances once or twice a week to ensure that nothing suspicious has occurred and if you do detect an issue promptly report it to your bank and document all the follow-up you have performed to help minimize your chances of financial loss (keep detailed records of dates and individuals you have talked to). In addition, no amount of error is too small to follow up on as thieves often start with a small test transaction to set the stages for a bigger heist later.

Online banking is convenient but you must be vigilant and implement the recommendations above to stay secure and protect your business.