We transact so much of our finances online from everyday banking services and managing our 401K’s to trading stocks, options and cryptocurrencies, etc., but we often do not think enough about security or cybersecurity at the personal level. While the financial institutions we use have measures in place to protect our information and our money or funds, our individual accounts could still be susceptible to hackers or other fraudsters. The reason? Because we, the account holder, are often the weakest link when it comes to security. Sometimes we make ourselves vulnerable to hacks whether it’s through phishing scams or using common passwords and sometimes it’s the hacker knowing how to exploit holes beyond our control.
So how do we secure our online financial accounts? We’ll go over some of the ways that the general public can use to help protect their financial accounts. By no means is this a comprehensive list, but these are the simplest and most common ways most people can further protect themselves right now.
Beware of Phishing Scams
Phishing scams are where, either through a malicious email or other means, a person is directed to a website that is made to look like the website for one of your financial institutions. The website URL will even be close enough that the ordinary person may not notice it’s not legitimate. Since this is not your institution’s website, when you go to enter your login information and hit enter, nothing will happen. By the time you realize it’s not a legitimate website, it’s too late. When you entered your login credentials (username, email, password, etc.), the hacker or fraudster copied your information in order to use it to access your actual account. Often a thief or hacker will use the name of a person the victim knows and create an email address that seems like it could be from that person to gain your trust. We can help protect our online financial accounts by paying more attention to emails we receive, links we click on and the website URL’s of our financial institutions. When in doubt, do a browser search for the company and access the website via the main URL for the company.
Secure your SIM
Another method that has become popular to defraud people is SIM hacking. SIM hacking is where the perpetrator steals your mobile number and gets it copied over to a SIM card in their control. They achieve this by either having an inside person working for the mobile carrier of the victim and having them port the number or they exploit weaknesses in customer service at the mobile carrier, convincing the representative that they are in fact the account holder. If you’re like most people, your mobile number is your recovery option for your email address which may be publically available or easily guessed. Most email services recommend people set up a recovery option via their mobile, but this creates a potential security issue. Once the hacker has your mobile number and other information, they can use this recovery option to reset your email account and take it over. That’s one of the early steps. They can then search through your emails and learn where you have financial accounts. Next, they will proceed to those financial websites and reset all your passwords now that they have access to your email. Since they can receive verification codes to both your email and mobile number, they are able to log into your financial accounts and clean them out.
So back to the question, how do we protect ourselves?
Update Your Passwords
Use complex passwords that incorporate numbers, letters, symbols and are longer than required by your institution. This is one of the simplest ways to make your account more secure – just do it!
Never Use Your Mobile Number as a Recovery Option
Create an email address solely for your financial accounts – and don’t disclose it anywhere publicly. Also, use a seperate email address (that is not associated with your financial accounts) as the password recovery option. Both of these email accounts should be email addresses that are not easy to guess (e.g. don’t include your name) and are different from other email addresses publicly associated with you (your work email address and those you use for shopping, social media etc.).
Then, have your different email addresses refer to other email addresses as the recovery option. This will help protect you from someone trying to hijack your email account via a SIM or other hack.
Deactivate Text Message Verification Code Option
Where possible, you should deactivate (or never turn on) the option to receive verification codes by text from your financial institutions. Choose to receive verification codes via email instead. Thus, if your institution detects an irregular login attempt, the verification code will be sent to the separate email for your financial accounts you created, per the above.
Take Advantage of 2FA, If An Option
Some financial institutions have two factor authentication (2FA) as an account security option. Using a mobile application based 2FA solution such as Google’s Authenticator is preferable to using an SMS or text based second layer verification method. When using 2FA, you’ll be required to enter a code along with your username or email and password. The 2FA code is generated in the mobile app on your phone and changes every minute. Even if someone stole your mobile number (SIM hack), they wouldn’t be able to generate the code unless they had your physical phone. Reinstalling a 2FA app on another phone requires various security checks including unique security key(s) that most hackers won’t be able to successfully obtain and complete.
The steps above are not the only ways to secure your online financial accounts; however, they are the most common and simplest to implement. While nothing is unhackable, the more layers of security you have, the more difficult you make it for fraudsters to gain access to your accounts and they will move onto an easier hack.