This year marks a decade since the global financial crisis. Although the biggest financial institutions still dominate the landscape, banking has undergone some changes. The proliferation of smartphones means mobile banking now plays a significant role in how we manage our money. A 2016 Fed survey found that over half of smartphone users with bank accounts used their devices to access their money.
What hasn’t changed since 2008? Con artists.
Ten years ago, identity theft was the No. 1 complaint logged by the Federal Trade Commission. Today, the number of complaints is 20% higher than in 2008. The research-based advisory firm Javelin Strategy & Research identified a record high of nearly 17 million victims of identity fraud last year. And many of today’s fraud and identity theft breaches involve mobile devices. The rise of mobile banking in the past decade means it’s easier and more convenient to keep up with your bank accounts, but it could also make it easier to be scammed.
Financial institutions invest in technology and cybersecurity expertise to fight back, but your bank or credit union needs your help. Here are ways hackers try to access your bank information and how you can avoid swiping your money into a criminal’s trap.
How hackers work
Phishing. This happens when hackers use websites, emails or other means of contact to trick customers into submitting personal information. The practice isn’t new, but it has gotten more sophisticated.
“Ten years ago, phishing was rudimentary. Fake sites were not authentic looking. There were a lot of typos,” says Adam Levin, founder of Cyberscout, a Scottsdale, Arizona-based cybersecurity company. “Now, the criminals have gotten much more sophisticated and the sites look real.”
According to the not-for-profit Anti-Phishing Working Group, phishing attacks increased by a whopping 5,700% over the 12 years ended in 2016, and the latest data suggest attacks continue to increase.
Keylogger software. These programs may install on phones via apps that aren’t secure, such as one that’s not from your device’s approved app store. The software records keystrokes, such as when you enter a bank username or password on a website, then sends a record of what was typed to the hacker.
How to protect your accounts
Ask your bank or credit union about security. The safest banks for consumers use the latest cybersecurity protocols to protect your accounts from breaches and large-scale identity theft. “You’ll want to make sure your bank is up to par,” Levin says. If not, it may be time to switch to another institution. Make sure your bank provides the following — and use these services:
- Two-factor authentication. When you attempt to log on to your bank’s secure online webpage, the bank or credit union will contact you through some other means — by sending a text, for example — to ask you to confirm the login request. Not every bank has two-factor authentication. But if you choose one that does, your accounts have an extra layer of protection, says Neal Stern, CPA and member of the American Institute of CPAs’ National Financial Literacy Commission.
- Transaction alerts. Sign up for these alerts, which are generally text or email messages your bank sends to your mobile device when large purchases are made on your account or if your balance drops below a certain amount. (For a deeper look at transaction alerts, here are five mobile banking alerts that help fight fraud.)
- Fraud monitoring. Many banks monitor transactions to detect unusual spending patterns. The bank might send you a confirmation text if it detects an odd purchase attempt, such as an online purchase worth thousands of dollars from a vendor you’ve never used before. You would have to reply before approval of the transaction.
Keep mobile device software up to date. Your device provider likely sends periodic updates. Some of them may help stop the latest hacker attempts, so it’s important to install updates.
Have a rock solid sign-on. When it comes to logging on to your bank’s website, use “long and strong passwords” that are hard to guess, Levin says. That way, even if you lose your phone, the next person who picks it up won’t be able to figure out how to log in to your bank accounts. In addition, lock your mobile device screen and use a different password to unlock it. (Read more about how to create passwords that are hard on others but easy on you.)
Be careful with other contacts. Fraudsters may try to trick a customer by calling and saying an account has been compromised, then asking for sensitive information, such as a password or Social Security number, to confirm their identity.
“Why would you need to authenticate yourself to someone who contacts you?” Levin says. If you’re unsure about whether a call is legit, hang up and try to reach the bank or credit union at a number you’re familiar with.
Today, customers can deposit checks, transfer money between accounts and pay bills from the convenience of their smartphones. But with convenience comes risk. Take steps to eliminate the risk of identity theft by partnering with your financial institution to protect your hard-earned money.