Cookie policy
Follow this topicFollow this topic Knowledge » Current accounts

Online banking: How to stay safe

lovemoney staff
by Lovemoney Staff lovemoney staff on 07 September 2012  |  Comments 18 comments

If you bank online, follow these top tips to keep your money safe from fraudsters.

Online banking: How to stay safe

Common online banking scams

Phishing

Phishing involves sending hoax emails which attempt to extract your bank details and personal security data. Often the sender will claim to be from your own bank and will ask you to verify your current account details by clicking on a link. But this link actually takes you through to a fake website which looks exactly like your bank's own site. Once you have inputted your details they are available to the fraudsters who set the fake site up.

Read Eight ways to spot a phishing scam for more.

Vishing

Vishing is where the fraudsters cold call you, pretending to be from your bank's fraud or security department. They'll claim that a suspicious transaction has been flagged up or that you may be due a refund. They are attempting to gain your trust in an effort to glean more of your personal details, and even your passwords.

Text phishing

Much like phishing, but this time with the use of a text message. The text will be designed to try to trick you into sharing some personal information with the fraudsters.

Malware

Malware - or malicious software - is a computer virus which can be installed on your PC without you even realising it. Fraudsters will encourage you to open an email attachment, but in doing so you'll have unwittingly unleashed a Trojan virus which can monitor your PC activity, allowing fraudsters to steal your passwords and other personal information.

Money mules

Where the perpetrator is based abroad it can be very difficult to move the proceeds of fraudulent activity in the UK back to the perpetrator's country. This is where a money mule comes in.

Fraudsters usually make contact by email and try to persuade you to accept money into your bank account for a seemingly legitimate reason. You are then asked to wire the funds overseas, sometimes in return for a fee. Money mules can be prosecuted even if they weren't aware the transaction was illegal.

Top tips for protecting against online banking fraud

Now you've got a good idea of what typical online banking scams look like, let's take a look at the best ways of protecting yourself against them with these top tips:

  • Always install up-to-date anti-virus software and a firewall to protect your PC.
  • Always download the latest security updates for your system.
  • Always set your browser at the highest level of security notification.
  • Delete suspicious emails immediately.
  • Treat all emails claiming to be sent from your bank with caution, even if they appear legitimate.
  • Remember your bank will never ask for your login details or personal security data by email.
  • Never open an email attachment from an unknown source.
  • Don't open an attachment from someone you know unless you're expecting to receive it. Their PC could have been taken over without them knowing.
  • Scam emails often ask you to click a link which takes you through to a fake website. This may look identical to your bank's own website - don't fall for it.
  • If you think you might have received a scam email, report it to reports@banksafeonline.org.uk.
  • Only complete online transactions where the URL in the address bar says 'https' and not just 'http'. The 's' stands for secure.
  • Never reveal your passwords or your PIN to anyone.
  • Never leave your PC unattended when you're logged into an online banking service.
  • Check your accounts regularly for suspicious activity. Alert your bank immediately if you come across a potentially fraudulent transaction. 

A safe way to bank online

Our MoneyTrack service is a great way to manage your money, as it keeps all your bank accounts and credit cards in one place, allowing you to keep track of your income and expenditure easily. In other words, the days of managing multiple account details are over. With our service everything is in one place, with one set of details.  

It enables you to monitor your accounts frequently. That way you can spot any transactions you don't recognise quickly, and report fraudulent activity to your bank where it can be investigated.

Note that no transactions can be made or money moved using MoneyTrack. The service is designed to allow you to see where your money goes in a 'read-only' format. So it's a safe way to check what's going on with your accounts.

Of course, just as with your own bank, security is our number one priority too. You can find out how we protect your personal information by checking out the security FAQs

This is a lovemoney.com classic article that has been updated.

More on banking:

Your essential banking guide

Does free banking still exist?

The best student bank accounts

Enjoyed this? Show it some love

Twitter
General

Comments (18)

  • ohmigod
    Love rating 2
    ohmigod said

    Thank you for advising of the possible online banking scams, together with tips for protecting against such occurrances.  I applied to operate my bank account online but so far I haven't done so.  After reading your article I am now inclinded to give it a try. Many thanks.

    Report on 20 January 2010  |  Love thisLove  0 loves
  • eLJay
    Love rating 76
    eLJay said

    I don't see how this can increase security? All I see is an extra layer that can be exploited to gain information useful for someone commiting ID theft. Nice being able to check all those accounts but really think it must be more a security risk if your system was compromised.

    Try Harder D-

    Report on 20 January 2010  |  Love thisLove  0 loves
  • RedundantHippie
    Love rating 14
    RedundantHippie said

    Also look out for the traffic light system that now oprates from all UK on-line banking sites. If you are using a legitimate URL then your Web Browser will display a GREEN band in the URL bar. If it's RED then don't log on as its a fraudulent web site. If an AMBER appears it means that the URL has not been checked by the security, this should not happen with an on-line Bank URL? This works with all the latest Web Browsers so make sure yours is up to date.

    Report on 20 January 2010  |  Love thisLove  0 loves
  • LateDeveloper
    Love rating 22
    LateDeveloper said

    I have been using on line banking for years and had no problems.

    Always commit username and passwords to memory, never let any package store those details.

    Always choose a Username which has nothing to do with you or your family, but one that you can remember.

    The longest password the harder it is to decrypt is a myth, never use the full amount of charachters allowed, use a few less. Most people will use the maximum thinking it is safer.

    Any email that is sent from a bank does not contain links to your account or ask for details, it will merely ask you to not use any link and log in as normal to get statements etc.

    Sorry but never use any on line banking service to store any details of any accounts, let alone what money you have/have not :)

    By all means use an off line account manager, of which there are plenty, including some decent free ones. If any package requires you to be connected to the internet to use it, reject it and find something that will work completely off line.

    Report on 20 January 2010  |  Love thisLove  1 love
  • nosbort
    Love rating 125
    nosbort said

    In the article:

    Phishing

    Phishing involves sending hoax emails which attempt to extract your bank details and personal security data.

    Then you send us to your on-line banking system and tell us to trust you and enter ALL the username and password information that accesses ALL of our accounts. What exactly are you trying to do? I don't care HOW safe you believe all your servers to be, all that information in one place can only be a security risk. The price of getting the information in one place for 'easy access' is just too high if that is necessary.

    Report on 20 January 2010  |  Love thisLove  1 love
  • nosbort
    Love rating 125
    nosbort said

    And to add a piece of advice to the article:

    Never use Internet Explorer for Online banking or shopping, it has more security holes than a collander.

    Report on 20 January 2010  |  Love thisLove  1 love
  • Gooner
    Love rating 0
    Gooner said

    I agree with both LateDeveloper and nosbort regarding the use of an on-line Money Manager. I used a similar product from Egg a few years ago, and although nothing untoward happened - I had this constant worry that it might so I deleted them. Some time later I did hear that Egg security had been breached. No idea if this affected their Money Manager, but at least I didn't have to worry about it.

    I don't however agree with nosbort regarding IE and this is actually scaremongering. Internet Explorer 8 is as safe if not safer than either Firefox or the Apple equivalent if used correctly. I have used IE for many years for online banking with no issues whatsoever (touch wood) and as long as I am careful I expect the same going forward.

    There are a lot of myths about "security holes" usually spread by people who have heard it from someone else rather than experienced anything themselves, and whilst they do occur infrequently, they are quickly spotted and repaired. It is always easy to bash Microsoft, indeed I have done it myself in the past, but always best to have facts right before issuing statements such as above,

    As long as you obey the "rules" there is very little danger in online banking. It is important to remember that no system is perfect in any industry, but used correctly any imperfections can be minimised.

    Report on 20 January 2010  |  Love thisLove  0 loves
  • kybosh909
    Love rating 6
    kybosh909 said

    I once received phishing emails from i bank whom i do not even bank with. The mail asked me to verify my details and re-confirm my password by way of following a link.

    i followed the link, but of course i did not enter anything, i could see from the address in the resulting page that the mail was fraudulent BUT i followed the link so that i could copy it and send it as further information.

    I went to the banks website, got the security contact details and mailed the banks security team directly with a copy of the mail and a copy of the fruadulant web page.

    This is a good thing to do as well as reporting to the goverment body since the more information you give to the bank themselves, the more tools their team have to combat the situation.

    I received a thankyou letter from the banks security director for my help. OK this wasnt my bank but if everyone did this and my bank received the same then the whole system would be a lot securer, a lot more effeciently.

    Report on 21 January 2010  |  Love thisLove  0 loves
  • patch
    Love rating 0
    patch said

    I had an issue last week regarding online banking. I bank with HSBC and when I go to the homepage to log in it asks for your 'IB' number only then sends you to the next page for your DOB and certain numbers of your security number. However last week it had an extra box underneath on the first page asking for the whole security number which it showed everthing you tyed in. Ignoring the box would prevent you getting to the following page to enter your DOB etc.

    After speaking to HSBC they said i had a trojgen on my computer which would be recording what i typed in. They were very good and gave me some sites to remove it and ensure my system was clear (sorry can't remember them at moment). They also advised me that HSBC offer FREE McCafec security software to all customers by clicking on a link while logged onto your account. They do this to ensure their own security as well as ours. Just thought this would be usful if anyone else is or was in the same boat.

    Report on 21 January 2010  |  Love thisLove  0 loves
  • LateDeveloper
    Love rating 22
    LateDeveloper said

    Don't use IE it is one of the worst browsers for security holes. Ask Google or Adobe + a number of other companies that were hacked last week using a security hole that MS has known about since last September. Account information was stolen in this attack.

    IE along with Google Chrome are about the worst browsers for security according to all the experts.

    Report on 23 January 2010  |  Love thisLove  1 love
  • LastChip
    Love rating 92
    LastChip said

    On the whole, good solid advice from this article.

    However, there is some less sound advice in one or two of the comments.

    Please don't suggest security in Microsoft software is safe. Undoubtedly, it's more leaky than an open colander and if you believe anything less, you're just deluding yourself. When Microsoft can admit to a 17 year old bug (yes, you read that right), 17 years old, reported to them 7 months ago and they've failed to do anything about it, don't dream of trying to tell me it's secure. And that includes Windows 7!

    http://www.myfoxny.com/dpp/news/scitech/microsoft-admits-to-17-year-old-bug-in-operating-system-100121

    To suggest smaller passwords are safer than longer ones, is simply outrageous. If I have a password that consists of two numbers (1 and 2), there are four possible combinations; 1,1; 2,2; 1,2; and 2,1. By adding a third number 3, I now have 1,1,1; 2,2,2; 3,3,3; 1,2,2; 1,2,3; etc. Clearly then, just one extra characture, makes the possible combinations far more difficult to crack. Don't take my word for it, just ask any security professional. Add into the equasion, charactures like &, ^, and $ for example, and you have the beginnings of a very secure password.

    Personally, I've used on-line banking for many years now (almost from it's inception) and so far, never had a problem. But I do use very secure passwords and being a Linux user, I wouldn't dream of accessing my accounts from anything in the Windows world. That's not to say you can't, but you are at a greater risk. However, you can mitigate that risk by taking sensible precautions.

    Report on 26 January 2010  |  Love thisLove  0 loves
  • PoohBah
    Love rating 18
    PoohBah said

    Under no circumstances should you use a third-party service such as Money Track to access all your accounts. Doing so will almost certainly be in contravention of your bank's terms of service (definitely in the case of RBS Group), and could result in your online banking service being withdrawn. Furthermore, should you suffer fraud on your account, even though it was by other means, the bank might justifiably refuse to compensate you because you have shown that you are prepared to breach security by divulging your access codes to a third party (the Money Track software) - they can easily detect that it was an automated third party log-in.

    I have not checked the terms for Money Track, but in the case of Egg Money Manager, their terms specifically stated that they could see the details of your transactions and might use the information for marketing purposes, which explains their enthusiasm for promoting the service; just remember that there is no such thing as a free lunch.

    Report on 13 September 2012  |  Love thisLove  0 loves
  • Ginnymay
    Love rating 36
    Ginnymay said

    I use a macbook pro. I have been told that the operating system is much more secure than Windows, and no need to buy extra security software - is this true, can anyone advise?

    Report on 15 September 2012  |  Love thisLove  0 loves
  • killick_becki
    Love rating 58
    killick_becki said

    Ginnymay - I would ALWAYS advise security software regardless of the operating system you are using.

    This rumour has come out of the fact that the majority of viruses out there are made specifically for Windows machines. But, that isn't to say that in the future, especially with the growing number of Mac users, that a virus won't be made specifically for macs. At the moment it isn't worth the time to produce one as it won't get far.

    In reality all operating systems have holes in them, they were man made afterall! I would say it is better to be safe than sorry.

    Report on 15 September 2012  |  Love thisLove  0 loves
  • PoohBah
    Love rating 18
    PoohBah said

    Ginnymay - even though Macs (and computers using Linux, which is closely related to Mac's OSX) are certainly less vulnerable than Windows machines, they are definitely not totally secure. Google "Mac viruses" for info. Recently a trojan called Flashback infected hundreds of thousands of Macs, and it's not the first by any means.

    Many Mac users still claim that their computers are invulnerable, but they may find that their complacency is their downfall. Whether a weakness lies in OSX itself, or in something else such as Java, the end result is the same.

    Report on 15 September 2012  |  Love thisLove  0 loves
  • tuttogallo
    Love rating 75
    tuttogallo said

    I have a linux live CD which I boot from everytime I do online banking. The Operating system and browser are loaded from the CD every time and hence cannot be infected.

    It's slow, but secure.

    Also, I connect my PC directly to the ADSL modem router by cable. I'm not having all of my information broadcast to my neighbours even if it is encrypted. The first wireless LAN encryption system known as WEP has been broken and is now discredited. Its replacement (WPA and WPA2) are much better but still not 100% bullet proof. I prefer wires!

    Report on 16 September 2012  |  Love thisLove  2 loves
  • Abigail Thornton
    Love rating 11
    Abigail Thornton said

    @tuttogallo This is a great solution but even this has a problem - most linux live CDs come with a root/guest password already configured which is an open invitation to anyone wanting to install an exploit, if someone chose to target you.

    Report on 17 September 2012  |  Love thisLove  0 loves
  • Soruk
    Love rating 8
    Soruk said

    @Abigal Thornton

    Yes, the root password might be "well known" - but the CD is by its nature read-only, so an exploit cannot be installed in any way that would survive a reboot.

    Report on 21 September 2012  |  Love thisLove  0 loves

Post a comment

Sign in or register to post a reply.

Related content

Our top deals

Provider & account name Credit rate (AER)
Based on £1		 Overdraft
rate
Based on £1		 Apply
now

Santander 123 Current Account

0.0% 0% plus £1.00 per day usage fee Apply

Barclays Bank Account

N/A Up to £200 – 0% interest pa (variable). Over £200 and up to £5,000 – 19.3% interest pa (variable) Apply

first direct 1st Account

N/A 0% Apply
W3C  Thank you for using CGWEBLIV2