With the arrival of the pandemic, the use of online banking intensified and with this the attacks on the security of these platforms, however, many of these violations occur due to the recklessness of the users themselves.
Phishing and social engineering attacks continue to top the list of top breaches and data theft.
Phishing, one of the most used methods, refers to computer fraud through email, it is a fraudulent process that seeks to obtain passwords or financial information through deception.
They pretend to be legitimate emails and supplant the identity of companies or government agencies , therefore, banks should be concerned about creating a correct digital culture for both their collaborators and customers.
These types of threats mainly seek to steal credentials for the subsequent sale of sensitive personal information , so users must be aware of threats in the cybersecurity field that will continue to intensify with the development of digital transformation.
However, rather than reducing the use of online banking, it should be a motivator to take the necessary measures to keep our bank accounts safe and to be aware of the information we release when using various devices to connect to these platforms.
Here are the following security recommendations to keep your information safe and mitigate vulnerabilities, without having to dispense with the convenience that online banking brings us:
Identity theft: through phishing campaigns, a fraudulent link is included that seeks to take the user to a fake website to steal their credentials such as users and passwords.
Bank Phishing by email always meets the following characteristics:
- The emails can appear identical to the type of correspondence that real banks send.
- They copy the logos , design and style of the actual emails.
- They use language that conveys a sense of importance and urgency .
- They ask you to download an attachment or click the link .
For this reason, it is recommended to be suspicious of any email from your bank that requests confidential information, always compare the sender of the email with the usual one from your bank, do not click on links or download attachments and always keep your antivirus and operating system updated.
Suspicious links: images are provided through email that users inadvertently or quickly click without any verification, in most cases they ask to enter certain account information on a false page that seems identical to the real one or that includes malware.
To avoid this attack, access directly by entering the bank's website from your web browser , without clicking on any link, especially if it is HTTP (non-validated web identity), instead of HTTPS (validated identity).
Ransomware attacks: they are a type of malware that hijacks data from a computer (computer or smartphone) to extract financial resources or valuable information for the market.
The user will be able to access his device and information again in exchange for a condition that is usually the payment of a ransom .
In order to avoid this mechanism, do not open unknown emails, be suspicious of any document they send you, check the senders of any link they send you, configure spam filters in the email.
Likewise, it is important to have at least two backup copies in case of being a victim of ransomware to be able to recover the files in this way.
In the same way, whenever you download a banking application, make sure that it is the official one and comes from a secure source , as well as keep security solutions installed on the devices and only use reliable networks.
These types of applications with Trojans are even found in official stores, so it is vital to verify that the developer is trustworthy before downloading it.
In addition , it is never recommended to pay the ransom since this does not guarantee access to the stolen data blocked , attacks can be repeated when verifying that you are willing to pay and may even increase the amount of the payment.
Antivirus use: Even if no antivirus can track and remove all malware, you should make sure to keep your antivirus updated as new patches and fixes are released daily to protect discovered vulnerabilities that can be exploited by malware.
Access the bank account from a secure network: NEVER use public networks to check your account activity.
Any type of information that is transmitted through public networks can be compromised by a third party since any cybercriminal can create a router with the name of "X Free Wifi" so that you can connect to their device.
Deactivate Bluetooth when connecting to online banking: this function can be compromised by hacking since this type of connection can be used to steal personal data without you noticing.
This malicious action is known as bluesnarfing and the only way to prevent it is by deactivating the device's Bluetooth while accessing the bank account or even while bluetooth is not being used.
Do not enable automatic session services: it is necessary to deactivate this option in the case of online banking, since the saved passwords are stored in a file that may not be encrypted that cybercriminals can access since we cannot have security of the implemented measures of the browser and its effectiveness against threats.