AARP Eye Center
You log into your banking site and immediately notice something’s wrong, horribly wrong. Somehow, your account has been compromised and money is missing. At the risk of fearmongering, this isn’t as uncommon as you might think.
Like many Americans, you have become a victim of bank fraud, which is usually tied to a password that has been stolen, guessed or tricked into sharing with cybercriminals.
“Unfortunately, most people use the same credentials for their online bank accounts as they do for social media and online shopping sites,” says Georgia Weidman, author of the book Penetration Testing: A Hands-On Introduction to Hacking. “If one of those vendors is compromised and attackers gain access to the stored credentials, they may be able to reuse them on the online banking site.”
Skepticism is your friend
“Another common attack is phishing, or basically asking the user to attack themselves,” says Weidman, who also founded Bulb Security.
The cybersecurity company is devoted to device vulnerability assessment, training and penetration testing — essentially ethical hackers for hire.
“An attacker might send you an email or text message pretending to be your bank and asking that you validate a recent purchase,” she says.
“When you click on the link in the text message, it takes you to what looks exactly like your online bank account, except it is actually a clone controlled by the attacker.”
You might think you’re at capitalone.com, for example, but if you look closely, it’s capital0ne.com.
Some scammers will even call you — yes, by telephone — and pretend they’re from Microsoft, the IRS, your bank, and so on to try to persuade you to give out your personal information to (ironically) protect you.
Don’t fall for it.
“Your bank or other financial institution won’t ask you to confirm these credentials in an email or by an unsolicited phone call,” says global security evangelist Tony Anscombe at ESET, a technology security company. “When in doubt, contact your bank to see if it was really them. Chances are it wasn’t.”
Reduce the odds of becoming a victim of bank fraud with these five tips.
1. Use strong and unique passwords
Don’t use your kids’ or pets’ names, phone number, date of birth or mother’s maiden name. All of this information could be easily attainable, especially in this era of social media.
Not only should you use different passwords for all accounts — and password manager apps are a handy way to remember them all — but you also can use a passphrase instead of a password, a sequence of words and other characters including numbers and symbols.
2. Enable two-factor authentication
Two-factor authentication means you not only need a password, passcode or biometrics logon such as a fingerprint or facial scan to confirm only you can access your accounts, but you also receive a one-time code to your mobile phone to type in.
In other words, two-factor authentication combines something you know, your password, with something you have, your smartphone.
3. Install good antimalware
Reputable antimalware that’s updated often can identify, quarantine, delete and report any suspicious activity coming into your computer or flag sensitive information going out.
4. Opt for fraud detection and review your statements
Some, but not all, credit-card companies and banks can push notifications to your mobile device if something looks suspicious during a purchase — such as a large amount charged or a location in a different state than your usual address.
5. Watch out for Wi-Fi hotspots
Do not conduct any financial transactions such as online banking, trading or shopping when you’re using a public computer in an airport lounge, hotel or library or when you’re using a public Wi-Fi network, say, at your favorite coffee shop.
You don’t need a degree in computer engineering to protect yourself from bank fraud.
So what is being done about phishing?
AARP endorses the TRACED Act, which would require service providers to adopt smart call authentication technology and expand the powers of the Federal Communications Commission to levy civil penalties against robocallers. The bill also would promote interagency cooperation to address the robocall problem.
AARP endorses The Stopping Bad Robocalls Act (H.R. 3375), which is sponsored by House Energy & Commerce Committee Chairman Frank Pallone (D-N.J.), committee ranking member Greg Walden (R-Ore.) and others. The legislation was unanimously approved by the committee, and would next be considered by the full House. Under H.R. 3375, the FCC would be required to ensure that robocalls are only made with consumers’ consent. Since fraudsters disguise – or “spoof” – Caller ID systems when making many of their illegal calls, the bill also requires telephone carriers to implement technology to authenticate the information displayed on Caller ID. The AARP survey found a high consumer reliance on Caller ID: U.S. adults are more likely to answer a call that appears to originate from a local area code (59 percent), an area code where friends or family live (44 percent) or an area code and telephone exchange that matches their own (36 percent). Read more here.
AARP’s Fraud Watch Network can help you spot and avoid scams. Sign up for free “watchdog alerts," review our scam-tracking map, or call our toll-free fraud helpline at 877-908-3360 if you or a loved one suspect you’ve been a victim.