Cybersecurity for online banking customers

• Phishing emails: For online criminals the easiest way to steal your security information is to trick you into handing it over. The most common way that scammers can do this through the use of fraudulent emails designed to look legitimate. These emails will usually notify you of activity on your account and then provide a link that will send you to a false website designed by scammers that will look like your bank's official website. When you log in to the website the scammers will use your login information to infiltrate your real account and steal your money.
• Password hacking: Modern day hackers can programme computers to run brute force hacking attempts where a computer will run through an unlimited number of combinations and common passwords to hack into your online accounts. Through the use of bot nets, virtual machines and exploiting vulnerabilities in website security systems; hackers can run brute force hacking attempts which if successful could gain access to your online accounts and take information that can be used to defraud you and steal money from your accounts.
• Downloads packaged with malicious software: Hackers are constantly creating malicious software (malware) that can be used to hack into your computer, watch your screen and record your keystrokes. Malware can be packaged into any file that you download from the internet making anything you download a chance for hackers to gain access your computer.
• Web browser extensions: Modern web browsers allow the installation of browser extensions which are software applications designed to enhance the web browsing experience. Hackers develop their own malicious browser extensions that once installed can take over your web browser, spy on your web activity, save your passwords and hack in to your accounts.
• Malicious websites: You don’t have to download a file or browser extension to have your computer hacked by criminals. There are websites created by hackers that are able to infect your computer just by you visiting them. Hackers will send links in emails addressed to you and post links online in order to get you to visit these websites. Once visited the website is able to install malware directly to your computer or device that can be used to steal your data.
• Exploiting patched vulnerabilities: Company software teams are constantly working to detect security flaws in their software and fix vulnerabilities. Hackers rely on users not updating their software so that they can exploit known vulnerabilities that can be used to gain access to your computer or other devices.
• Company database leaks: Your private information can also become compromised through company data leaks where hackers attack a company’s database and acquire access to all of their users’ information stored in their database which can including your password and other information that can be used to infiltrate your other online accounts.
• Malicious apps: Smartphones that allow you to download apps from sources other than the official app store can be hacked into through the use of malicious apps developed by hackers. These apps can have the ability to spy on your activity, read your messages and access the accounts saved on your smartphone.

• Stronger passwords: To protect your passwords from being cracked by brute force hacking attempts it is now recommended by cybersecurity professionals to choose a password that includes three random words put together. A password generated with this method makes it a lot harder for a computer to crack due to the increase in password length and the number of character combinations. The website betterbuys.com has an interactive password tool that shows you how long it takes modern computers to crack different password arrangements so you can test how different passwords perform against software used by hackers.
• Password managers: To prevent an intrusion of one account putting all your other accounts at risk it is recommended to use a password manager. Password managers allow you to set a different password for each account you use online. When you want to log in to one of your accounts the password manager will automatically display a prompt for you to log in with the password saved for that account. You choose a master password to log in to the password manager and then the password manager stores and saves your passwords for all your different websites and accounts. LastPass is the most popular free password manager and works as a browser extension on your computer or as an app on your smartphone. LastPass will help you generate strong passwords for each website account so that in the case of an intrusion of one account the damage will be limited to that account.
• Two-factor authentication: Two-factor authentication is a login option that provides an extra layer of protection. When a login attempt is made a text or email is sent to you with a time-limited code that will allow you to access the account. This countermeasure is important as it makes it so that a hacker who has your password still cannot get into the account without access to your phone or email. It also makes you aware that a hacker has your password if you receive a log in text prompt that was not triggered by you.
• Notifications and alerts enabled: When notifications or alerts are enabled for your accounts you will be sent alerts to your phone or email that will notify you of any activity that occurs on that account. This is important to keep you aware of an intrusion so that if a hacker gains access to your account you will be notified of their activity and will be able to alert your bank of an intrusion so that they can lock your account and cancel any transactions made by the hacker.
• Check your bank statements constantly: Bank statements must be scrutinised regularly to ensure that there have been no unfamiliar transactions no matter how small they may be. As mentioned earlier crypto currencies are effective avenues for hackers and scammers to move money out of the banking system. Amounts stolen and converted into cryptocurrencies can become irrecoverable to banks. Some banks have automated systems in place to flag initial purchases of crypto currencies over a certain amount. For a hacker to go undetected by automated systems they may initially purchase smaller amounts of crypto currencies using the account. When they then decide to steal a larger amount of money your account bank systems will not detect them as suspicious due to the earlier transactions. Being unaware of the smaller initial transactions will allow hackers to steal larger amounts of money and go undetected by automated systems. This will also make your case for compensation harder due to not having reported the initial transactions to your bank.
• Download only from official or reputable sources: Hackers are able to package malware into all types of files that can then be used to steal your information and hack your accounts. It is important that any time you download a file from the internet that it comes from the official source or from a reputable website such as www.Download.CNET.com that scans software first and can guarantee there are no malicious software packaged in with the file.
• Download only the most popular browser extensions: Knowing what web browser extensions can do with your web activity it is important to avoid malicious extensions that can be used to steal your information and passwords. You should only install the most reputable web extensions that have highest ratings and highest number of downloads. This will reduce your risk of installing fraudulent extensions that can control your web browser.
• Download mobile apps from official sources only: Smartphone applications should only be downloaded from the official app stores provided for the operating system. For Android this is the Google Play Store. Apps from unofficial sources could be packaged with malicious software that can be used to spy on your activity, steal your data and hack your accounts. Apps approved by the official app stores have been checked to be free of malware and are safe for use.
• Update your software with the latest releases: By keeping your computer and software up to date with the latest releases you ensure that the software you use is protected from any known vulnerabilities that have been patched by the companies’ cybersecurity teams. By using older versions of software you may be susceptible to infiltration through weaknesses that are known to hackers and have been patched in later releases.
• Run antivirus and malware scanners on your computer: Antivirus and malware scanners compare a database of all known viruses and malware used by hackers and scans your computer for any files that could be used by hackers to hack into your computer. Malwarebytes is the one of the most popular free antivirus software available for home computers. It works to scan and remove all known types of malware that can infect your computer and also works as a shield against viruses by blocking the ability for any form of malware to download itself to your computer while you surf the web.

It is important to remember that you can never completely eliminate the risk of having your accounts hacked and you must be aware that an intrusion can occur at any time. You must regularly check your bank accounts and report any transactions you don’t recognise. Banks encourage their customers to report fraudulent transactions whenever they can and there is no penalty for doing so. Banks are liable for any losses to a customer’s account that occurs through fraud provided that the customer has ensured a necessary level of security measures to keep their account safe.

By following all of the security measures listed you can ensure a high level of cybersecurity for your online accounts and reduce the risk of hackers and scammers gaining access to your credit cards and bank accounts.

Once you are aware of the risks you are exposed to and the security measures you must put in place to protect yourself the final step in protecting your bank account is the bank you choose. The FCA has compiled a full list of UK banks and the fraud policies they have in place for you to compare the protection they provide. Your bank’s fraud controls are your last line of defence against theft and so it is important that you choose a bank and account that meets your security needs.

Find the bank that most closely meets your security needs on
the FCA's comparison of bank fraud controls.