Introduction

Attackers around the world are constantly attempting to gain money from victims. One way to accomplish this goal is by directly accessing a victim’s bank account and transferring the money to themselves. The primary methods that an attacker will use to gain access to your financial resources are through phishing, spoofing, and malware.

Keeping yourself secure online involves understanding how attackers can take advantage of you to gain access to your banking credentials. The details below will identify some of the more prevalent methods of attacks and how you can protect yourself.

How to Protect Your Financial Information

It’s important to consider the ways that an attacker can take advantage of you to gain access to your bank accounts, either through using credentials or other sophisticated attacks. Some methods of protecting yourself are:

  1. Ensure that emails are not being spoofed.  Always verify the full address of the sender. Hovering over the email address and links will show you the sender’s full address and URLs.
  2. Always verify a URL is using secure protocols. When entering your credentials on a banking website, ensure the website uses the secure protocol by looking for URLs containing HTTPS (eg. https://mybank.com). This is also notated by the lock icon in the URL bar in Google Chrome.
  3. Avoid banking on public networks. “Free” WiFi networks found in coffee shops, airports, and other areas can be very risky. If you cannot wait until you get home, using your phone as an internet hotspot (tethering) is a much safer option.
  4. Enable multifactor authentication whenever possible. The use of multifactor authentication protects your accounts by requiring two methods of verification: something you have (your phone) and something you know (your password).
  5. Enable banking alerts. Most banks offer alerting for your accounts. Enable as many of these alerts as possible and on as many devices as you can.

Understanding Attack Methods

Some helpful definitions of attack vectors:

Phishing

Phishing is the act of sending emails pretending to be from reputable companies in order to convince individuals to reveal personal information, such as online banking passwords and credit card numbers. Attackers can use phishing to get you to reveal your banking information. Emails sent to you may direct you to websites that appear to be legitimate banking sites, but are actually just information collection sites created by attackers to collect your credentials.

Spoofing

Spoofing is the act of an attacker appearing to be someone else, usually a trusted source. For example, an attacker may send you an email appearing to be from your banking provider requesting that you login to a malicious website to collect your username and password. Identifying spoofed addresses is important in protecting yourself from attackers.

Malware

Malware can infect a user’s computer through many different means. It is important to scan your device with anti-virus and anti-malware software periodically to ensure your devices remain free of infections, keyloggers and other spyware which can record your actions and steal your banking credentials.