Have you ever done any of your banking online? Online banking
allows you to check your finances, pay your bills, and transfer money
at any time from the safety of your own home. But, how safe is online
banking really? I'm sure you've heard the horror stories of people whose
identities were stolen due to phishing scams
or computer malware, and maybe you've even wondered if your online
activities might make you susceptible to these kind of attacks, as well.
Well, don't fret because today we're going to learn how to keep
ourselves and our banking information safe online.Stefan Neagu has posted an excellent article on MakeUseOf.com entitled "How To Connect To Your Online Bank Account Safely." In the article, Stefan describes some of the threats we might face while doing our online banking and how we can combat those threats. So, what are these threats and how can we protect ourselves? Well, according to Stefan:
Phishing, by far the most common vector of attack, is often an email, text message or even call, that, through a technique called ‘social engineering’ fools you into believing that the bank contacted you. Social engineering is, according to BinarySEC:
Art of manipulating persons in order to bypass security measures and tools. The purpose is to obtain confidential information from users through phone, e-mail, snail mail or direct contact and secondly use these data to gain illegal access.Malware, spyware and other types of computer viruses, present a major risk especially on Windows platforms.
- The easiest thing to do in order to protect yourself is to never click on links in emails pertaining to be from banks and other financial institutions. Even if you believe the message might be from a trusted source, go directly to the bank website by typing the web address yourself, or even better call the bank directly. Remember to always report phishing attempts.
- If possible, work on Linux or Mac computers day-to-day. It is widely believed that the security system for those operating systems, both Unix-based, is more robust.
- Use a Linux Live CD from any major available distribution. A perfect example is the Ubuntu Live CD. Available for free via the ShipIt program or easily downloadable from mirror servers around the world, it guarantees that you have a uncompromised environment for working with sensitive information.
- Make sure your software is always up-to-date. New vulnerabilities are discovered every day and the developers are usually pretty quick to patch the hole. Update your anti-virus, anti-spyware, and leave Windows Updates on automatic check every day.
- Security through obscurity isn’t very well regarded by security researchers but it will protect you from exploits targeted at mainstream software. An example of this could be Google’s Chrome, which remained unscathed at the recent Pwn2Own security contest, although it is based on the same underlying code base, WebKit.
- Some malware will try to route your request for a bank website to a malicious one. Remember to always check the security certificate of the webpage you’re visiting. Even if the connection is SSL secured (https://) and the site presents a security certificate, you should still verify the issuer, the owner and the expiration date to ensure it belongs to a bank.
- To prevent DNS exploits and redirects, you should use OpenDNS or a VPN service you trust to have up-to-date software. A VPN service also ensures your traffic will be encrypted, out of reach of network sniffers and packet capturing and reconstruction; A VPN is extremely useful on an open wireless connection. For example, I use Witopia’s personalVPN service.
Extra security measures are usually provided by your bank. You should check with your bank’s website to find out if they have software solutions like NatWest’s Rapport and multi-factor authentication using tokens, SMS or other means of verification.
* * Keep your personal data and banking information secure people!
Thank You!
0 comments:
Post a Comment