Protect Your Online Bank Account from Phishing and Malware

Online bankers need to make their computers vault-like

Some people were duped into believing the Boston Firefighters Credit Union was giving away $99.99 to customers who answered a few online survey questions.

It, of course, was too good to be true. The credit union, which serves past and present fire department members and their families, was the target of a scam. In September, Boston area computer users - including non-Firefighters Credit Union members - received an email asking them to answer five questions. For their time, the survey takers were to be rewarded with a deposit a penny shy of $100. After they answered the survey, the users were asked for their bank account number and password so that the deposit could be made.

Of course, the Boston Firefighters Credit Union was not actually this generous. The emails are an example of phishing scams. This growing cybercrime is a fraudulent attempt to steal personal information via email by pretending to be a trustworthy company or institution. In the case of the credit union, the email included a link to a realistic-looking website that featured a logo similar to the bank's.

"People doing Internet crime don't have a lot of scruples in terms of whom they target," credit union chief Bernie Winn was quoted as saying in a Sept. 14 Boston Herald article. "[Criminals] aren't stopping to think about all of the good that firefighters do."

What the criminal minds are thinking about is luring you into giving them important information. David Ulevitch of PhishTank.org told the Herald "these scams are done by smart criminals who tend to be extremely organized and technically proficient." The thieves are hard to catch as they often filter the emails through innocent users' compromised machines.

Unfortunately, phishers are not the only would-be thieves looking to prey upon online bankers. Other cyber-criminals try to use keyloggers or other spyware to steal PINs. However, online banking clients can take steps to make their PCs like a vault:

• Common sense is a major weapon against fraud. If something just doesn't seem right, either call to check it out or run away. Credible companies will not ask for you to email your information to them.
• Do not use links in emails to go to your bank's website. Type in the address yourself and double-check to make sure it is right. You might also want to consider bookmarking your bank's homepage.
• When a page does ask you to enter personal information, make sure it is secure. Check to see if the URL states "https" and/or there is a yellow padlock icon shown at the bottom of your browser.
• Choose a unique PIN or password and have a different one for each account. Using your daughter's name for everything makes you an easy target. Consider changing your passwords every three to six months.
• Don't ask your browser to save your password. Type it in each and every time.
• Keep an eye on your accounts. Make sure that you know what each and every withdrawal is.
• Install an anti-virus product that can scan your machine for keyloggers, spyware and other malicious malware. Products that use Real-Time Blocking to thwart threats are great at keeping potentially dangerous code from even getting onto your computer.
• Consider using a program designed to permanently delete private information from your PC.

Online banking is convenient and, for many people, a necessity. Following these simple guidelines will help protect you and your money while you make use of this increasingly popular banking method.