On Wednesday of this week, the FBI arrested 53 people conducting a vast financial fraud based on phishing, which involves contacting people online via email or instant message and tricking them into giving away personal information. In this case, the victims, mainly customers of Bank of America and Wells Fargo, received emails which were made to look as if they were an urgent correspondence from their bank. The emails then directed them to a fake website, identical in appearance to the actual bank website. Once on the website the victims were asked for their bank account numbers, online banking passwords, Social Security Numbers and driver’s license numbers. This information was then used to access their banking accounts online and transfer money out of it.
Online banking fraud is on the rise in the UK as well. According to a study that was released this week, online banking fraud in the UK has risen 55% in the first six months of 2009 compared to the same time period last year. This rapid increase was due in large part to malicious software programs that affect vulnerable home computers and the more than 26,000 fraudulent phishing websites that trick people into divulging their passwords.
Online banking is particularly vulnerable in the U.S. as most banks only require a username and password to gain access to accounts. In the U.K. banks have taken more rigorous measures. For example, NatWest requires customers to enter their birth date plus a unique four digit code that is not the same as their ATM PIN number. Then the website asks for a password, but only certain letters. The combination of letters changes each time the account is accessed via the website. If you fail to enter the code and password correctly, you cannot access your account. Even this measure is vulnerable to phishing scams if people unwittingly send their information to a fraudster.
Following are some tips to protect yourself from online banking fraud:
- Choose complex passwords for your online accounts that are a combination of at least seven numerals and letters. Change the passwords at least every 90 days. A recent phishing scam which netted the login and password information from 10,000 users of the email website Hotmail, revealed that the most commonly used password was 123456. While it may be easier for you to remember a simple password, it is much easier for fraudsters to guess them if you use simple number combinations or other common passwords like your birthday month.
- It is best not to store personal information like tax records or documents containing login and password information on your computer. If you do, make sure that you store sensitive information in password protected files.
- If your only computer is a laptop that you carry around with you, use the Clear Private Data option under the Tools menu on the toolbar of your internet search engine on a frequent basis. This will clear out your browsing history which could direct a thief to your online banking accounts, as well as any passwords that you may have inadvertently automatically saved.
- Be careful of visiting unfamiliar websites, especially if you are introduced to them by pop-up ads, banners or by a link in a spam email. Accessing these websites, or downloading anything from them, can introduce your computer to malicious software programs that can permanently damage your computer or scan your computer for information that can be used to access your banking and credit accounts.
- Never download an email attachment if you are not familiar with the sender. These attachments can also be portals for malicious software.
- If you use a wireless internet connection in your home, make sure that it is password protected. If not, anyone within range of your internet signal could easily access your computer when you are online. Also…pay attention when doing anything involving sensitive information like social security numbers or online banking information that you are actually still on your wireless server. If there is another strong, unencrypted wireless signal nearby, your computer might have slipped onto the other network.
- Do not bank online from your laptop at wireless hotspots like coffee shops. There are lots of other people using the same server and your information is not secure.
- Make sure that the antivirus software on your computer is up to date. Sometimes the frequent requests to perform updates from your antivirus and computer software providers can be annoying and time consuming, but it is important that your computer is protected from the latest threats.
- Be careful of the information that you share on social networking websites. Often people inadvertently give away enough information on these websites for fraudsters to correctly guess your login and password information, especially if you are using common passwords like the names of pets or children. This sort of information can also be used by identity thieves.
- Never give out online login and password information of your bank accounts or any other personal information like your social security number via a website questionnaire or email. If your bank wants to contact you about an issue with your account, they will call you or send you a letter. They would never conduct urgent business regarding your account via email. There is no legitimate reason why you would ever need to give out personal information in such an anonymous fashion.
- If you suspect that your banking account has been tampered with by a fraudster, via online access or other means, contact your bank immediately and have them shut off access to the account.