Online vs Offline
My entire day is spent thinking about your money and how to steal it…
I am not Danny Ocean (I was once mistaken for George Clooney). I work as an information security consultant for a major international bank. They pay me a decent chunk of money to think like a bad guy for over 2000 hours a year so I figure out how to steal your money before they do and make sure they don’t. Of the hundreds of security incidents that my department has investigated where customers lost money from their account via online methods, one was not (entirely) the fault of the account holder. So I have to tell you from direct experience our bank is secure. You, however, could use some help in securing your end.
In the physical world, after you take cash out of the bank do you shout “I JUST TOOK OUT 300$! My PIN number is 4567!!!” and leave the money on your car seat? No, of course not. You take basic precautions when you use an ATM because you do not want to become an ATM for a mugger.
Common sense and your mother always told you that before you use the ATM you look around to make sure no one is hiding in the bushes. While using the ATM you cover the keypad so only you see your PIN. Afterward you put your money in your wallet or sock and quickly go to your car. Online precautions are similar and just as easy.
Admit You Have A Problem
Hackers go after the weak link. Since the bank is a formidable opponent (remember I work there) they prefer to go after a softer target. You and your computer fit the bill nicely. Many users have a tendency to click on links without considering where it is sending them. Combine that with web page addresses that can be disguised or take you to an unexpected site. New security vulnerabilities in computer systems and software packages often result in exponential increases in the number of attempted attacks.
Tip #1 Do not be the soft target.
Do not click on links to get to your bank site. Always use your bookmarked site. Attackers will buy websites that are close misspellings of actual sites.
Tip #2 Do not be afraid of making changes to your computer.
Many users are unwilling to enable or disable functionality as required to secure their web browser. That is OK because I will show you how to configure a separate browser just for online banking.
Tip #3 Never send your bank information via email or in any kind of online form.
The bank already has this information and they do not need it again. If in doubt pick up the phone and call the customer service number on the back of your ATM card.
Tip #4 Ask your bank for help.
Some banks will give you software to help secure your PC and even help you configure it. Also they can send you alerts if a large transaction is done on your credit card or checking account.
Secure Your PC
Attackers focus on exploiting client-side systems (your computer) through various vulnerabilities. They use these vulnerabilities to take control of your computer, steal your information, destroy your files, and use your computer to attack other computers. A low-cost way attackers do this is by exploiting vulnerabilities in web browsers. An attacker can create a malicious web page that will install trojan software or spyware that will steal your information. To prevent this from happening to you:
Tip #5 Install the following: Firefox browser, Firewall software, Antivirus and antii-spyware software.
Firefox is an open source web browser. I will explain how to configure it in the next section. See my article on how to select a firewall for more information:Protect your home PC with an inexpensive (Free) firewall There are several articles about antivirus and spyware so I will not go into details about installing and configuring them.
After these have been installed on your system, the firewall will keep your computer from being found by other computers and the antivirus and anti-spyware programs will keep anything that sneaks through from being installed on your system. Next let’s focus on the browser.
Secure Your Browser
Since Firefox is open source anyone can write extensions to interface with it. We are going to use them to secure our browser. By using a different browser to do our banking from our normal surfing it can be locked down and protected to a much greater degree than our standard surfing browser. While the security of that browser should not be ignored, always use the high security broswer for banking.
Tip #6 Firefox settings: A much more detailed walkthrough can be found here: How to Secure Mozilla Firefox
Tip #7 Download and install the following add-ons.
No Script: This stops any script from running unless you allow it. How do you know which ones to allow? If you are using firefox just for online banking then only allow your bank.
LastPass: What is the most secure password? The one you do not even know. This add-on wil store all your online passwords for you and create ultra secure ones. Granted if you lose the master password then you cannot get any of your other passwords, so pick something you will not forget.
Ad-block: Stops ads from coming up in your browser. These have been a delivery mechanism for attackers before. The default settings are pretty good and the online directions will have you doing online transactions safely.
Tip #8 Relax
I hope this gives you a warm and fuzzy feeling about doing banking and shopping online. Statistically you are more likely to have your money stolen by someone you give your card to (like a waiter or sales clerk who could make a copy of it) than you are to have your money stolen online. If you are a victim of credit card fraud, (identity theft is a different crime but that is for another article), you are usually only responsible for $50 of the charges but this varies by bank. Check with your bank for the exact amount.
Tip #9 I am watching
If all of this still does not put your mind at ease then your level of paranoia is much higher than mine. I GET PAID TO BE PARANOID so you do not have to be.
Tip #10 Blessing in disguise
When I first started using online banking my physical card was actually stolen and I got to watch the thief spend my money on a cross country trip. I did not report it stolen because they were spending less than my wife! Thank you. I am here all week. Don’t forget to tip your wait staff.