You can’t argue with the convenience of paying bills and reviewing transactions online, all without going out of the house, sitting comfortably in front of your computer. Of course, as you’re probably well aware, there are certain caveats to banking online, the most important being security.
Let’s take a look at the most important aspects of banking online, and how can you protect yourself and your bank information.
Phishing, by far the most common vector of attack, is often an email, text message or even call, that, through a technique called “˜social engineering’ fools you into believing that the bank contacted you. Social engineering is, according to BinarySEC:
Art of manipulating persons in order to bypass security measures and tools. The purpose is to obtain confidential information from users through phone, e-mail, snail mail or direct contact and secondly use these data to gain illegal access.
- The easiest thing to do in order to protect yourself is to never click on links in emails pertaining to be from banks and other financial institutions. Even if you believe the message might be from a trusted source, go directly to the bank website by typing the web address yourself, or even better call the bank directly. Remember to always report phishing attempts.
Malware, spyware and other types of computer viruses, present a major risk especially on Windows platforms.
- If possible, work on Linux or Mac computers day-to-day. It is widely believed that the security system for those operating systems, both Unix-based, is more robust.
- Use a Linux Live CD from any major available distribution. A perfect example is the Ubuntu Live CD. Available for free via the ShipIt program or easily downloadable from mirror servers around the world, it guarantees that you have a uncompromised environment for working with sensitive information.
- Make sure your software is always up-to-date. New vulnerabilities are discovered every day and the developers are usually pretty quick to patch the hole. Update your anti-virus, anti-spyware, and leave Windows Updates on automatic check every day.
- Security through obscurity isn’t very well regarded by security researchers but it will protect you from exploits targeted at mainstream software. An example of this could be Google’s Chrome, which remained unscathed at the recent Pwn2Own security contest, although it is based on the same underlying code base, WebKit.
- Some malware will try to route your request for a bank website to a malicious one. Remember to always check the security certificate of the webpage you’re visiting. Even if the connection is SSL secured (https://) and the site presents a security certificate, you should still verify the issuer, the owner and the expiration date to ensure it belongs to a bank.
- To prevent DNS exploits and redirects, you should use OpenDNS or a VPN service you trust to have up-to-date software. A VPN service also ensures your traffic will be encrypted, out of reach of network sniffers and packet capturing and reconstruction; A VPN is extremely useful on an open wireless connection. For example, I use Witopia’s personalVPN service.
Extra security measures are usually provided by your bank. You should check with your bank’s website to find out if they have software solutions like NatWest’s Rapport and multi-factor authentication using tokens, SMS or other means of verification.
If you’ve got any tips or stories to share regarding security and online banking, feel free to leave a comment.