The coronavirus pandemic continues to shape the way people around the world live their daily lives. Both social distancing and calls to stay at home to avoid unnecessary interactions have meant rethinking how you approach daily tasks, including managing your money.
Amid the current uncertainty, banks have encouraged customers to take advantage of online, mobile and phone banking services in lieu of branch visits. According to a June statement from the Federal Bureau of Investigation (FBI), mobile banking use has surged by 50% since the beginning of 2020. While mobile and online banking offer convenience, increased reliance on mobile banking by both traditional brick-and-mortar banks and online-only banks brings more risk of cybercrimes.
The Federal Trade Commission (FTC) has stepped up its efforts to warn Americans about COVID-19 scams that may target you and your money during this already confusing time, including everything from offers for vaccines, to fake charities, to traditional email scams.
Unfortunately, times of genuine crisis bring out both the helpers and those who will try to exploit the unsuspecting. If you’re worried about what all of this means for your online banking security, there are several steps you can take to protect your information.
Get to Know Your Bank’s Security Procedures
The first step in keeping your online banking profile safe amid coronavirus concerns—and beyond—is knowing what measures your bank has in place to protect you.
Banks can implement multiple layers of security for online and mobile banking, including:
- Secure Socket Layer (SSL) encryption
- Automatic logout
- Antivirus and anti-malware programming
- Multi-factor authentication
- Biometric and/or facial recognition technology
Together, these can act as a strong defense against hackers who may try to crack into your accounts online. If you’re not sure what your bank is doing to keep your online banking details safe against coronavirus fraud threats, check the website or mobile app first. And, if it’s not immediately clear, don’t hesitate to contact your bank to see what security safeguards are in place.
Put Multi-Factor Authentication to Work
Multi-factor authentication adds another layer of security to your online and mobile banking login process. When you enable multi-factor authentication, you’re prompted to enter a unique code, in addition to your login name and password, to access your account.
If your bank offers multi-factor authentication, here are some best practices for using it:
- Do enable it across all devices that you use to access your online or mobile banking apps.
- Don’t share passcodes with anyone over the phone or via text, and remember that your bank should not ask you for these codes.
- Do pair multi-factor authentication with other security measures, such as fingerprint or facial scanning if your banking app uses that technology.
- Do monitor who has access to your devices and consider using identification codes or biometrics to lock them when unattended.
Verify That You’re Using the Correct App
Though it may seem far-fetched, the FBI cautions mobile banking users against fake banking apps. Scammers can reproduce seemingly legitimate-looking banking apps mimicking those offered by major financial institutions.
Unsuspecting customers download the app from their device’s app store and enter their login credentials, handing over vital information to fraudsters. In some instances, these fraudulent apps may trigger an error message when you attempt to login. You’re directed to then provide your login credentials via text or email, unknowingly making that information available to scammers.
It’s estimated that nearly 65,000 fake apps were present in app stores during 2018 alone and that number may grow as scammers get more creative during the COVID-19 crisis. The FBI recommends only downloading mobile banking apps using a link provided by your bank or from a trusted and secure app store.
If you come across a banking app that looks suspicious, contact the bank to verify whether it’s legitimate. Use the bank’s direct customer service number, rather than clicking on any phone numbers inside the app, as those could be fraudulent.
Skip Using Public Wi-Fi to Access Online or Mobile Banking
Working from home and doing schoolwork online became part of the new normal for many individuals and families amid the COVID-19 outbreak. In an effort to ensure that people who need access to the internet have it, a number of internet service providers have established, at least on a temporary basis, free Wi-Fi hotspots in cities around the country.
While that’s convenient, using public Wi-Fi can put your online banking information at risk if the connection is unsecured. Public Wi-Fi can easily be hacked in multiple ways, including man-in-the-middle attacks, in which a scammer is able to essentially pull your banking information out of virtual thin air as it’s being transmitted from your device to the website or app you’re sending it to.
The safest bet is to avoid public Wi-Fi altogether and rely on secure internet access at home. But if the coronavirus pandemic has you leaning on public Wi-Fi for any reason, check to make sure the connection is secured before logging in to any online or mobile banking.
You can take security a step further by using a Virtual Private Network or VPN to log in to mobile and online banking over public Wi-Fi. A VPN allows you to use public Wi-Fi to get online but it creates an encrypted secure pathway for doing so.
Here are a few more tips for using public Wi-Fi in as safe a way as possible:
- Disable the automatic connection feature in your mobile device so you don’t connect to a public network accidentally.
- Make sure your firewall is enabled and file-sharing is turned off if you’re connecting via a laptop.
- Check website URLs to make sure they’re secured (i.e., https or the visible lock icon) and avoid those that aren’t.
Update Your Online and Mobile Banking Passwords
This is a simple way to protect your online banking details at any time, but it may be particularly important during the current coronavirus situation. When people are distracted by the news, as many are now, that’s a prime opportunity for hackers and identity thieves to attempt to access your accounts by guessing at passwords.
If you haven’t updated your passwords recently, add that to your to-do list. And remember to make your passwords as unique as possible. These tips can help:
- Create passwords using a combination of lowercase and uppercase letters, numbers and symbols.
- Don’t assume changing one letter or digit of an old password is enough.
- Consider using a phrase or acronym instead of a word.
- Avoid common phrases or number sequences.
- Make passwords a minimum of eight characters but ideally, choose passwords that are 15 characters or longer.
The FBI encourages consumers to think about using an online password manager if you struggle with remembering the passwords to your bank accounts. Going forward, establish a habit to update your passwords every three to four months for online and mobile banking.
Monitor Activity With Banking Alerts
Banking alerts can be a helpful tool in managing online security, especially if you don’t have time to log in to your bank account every day or multiple times a day.
With banking alerts, you can get an email or text notification when there’s new activity on your accounts. The types of alerts you can set up include:
- Transaction alerts for debits and credits above an amount you specify
- Failed login attempts
- Password or personal information updates
- Wire and ACH transfers
- Daily balance tracking
Having alerts in place means you don’t have to constantly worry about whether your online banking details are in danger. If you get an email notifying you of a new debit transaction, for example, you can log in to verify that it’s something you authorized.
This can be a huge help in stopping identity thieves and hackers from draining your accounts without your knowing it. If you see an unauthorized transaction, you can contact your bank immediately to notify them of suspected fraudulent activity.
If you want added reassurance, you can still check in with your bank accounts daily through online or mobile banking. As you’re scanning your account activity, take note of anything that might look suspicious, such as a small purchase you don’t remember making. It’s not uncommon for hackers to send through a small transaction or two to see if they’re noticed, before making a bigger attack on your account.
Also, read through the messages in your online banking message center if your bank offers that feature. Your bank may send an automated confirmation for account updates or scheduled transfers from your account. If you see a message for a transaction you didn’t authorize, you can quickly follow up with the bank.
Be Cautious About Granting Access to Your Account
Financial apps can make managing money during a pandemic situation easier. For example, instead of having to withdraw cash at the ATM to pay back a friend, you can use a person-to-person payment app to send it electronically.
The catch is that many financial apps require access to your online banking information. This is how many budgeting apps work; you sync up your bank accounts and the app tracks your spending and deposits for you automatically.
That can make running your financial life easier when you’re stressed over COVID-19, but it could put your information at risk if you’re authorizing access for apps that aren’t secure or are at risk of being compromised. While your bank may be perfectly safe and taking steps to secure your online information, the payment or shopping app you’re using could be a target for hackers.
A simple way to minimize risk is to avoid using untrusted financial apps altogether. At the very least, it’s important to check the various layers of security protection a financial app offers. You also can apply that same rule to other apps that aren’t associated with mobile banking.
Banking trojans are apps that look like one thing—a game, tool, streaming service, etc.—but they’re designed to track your movements online. When you launch a legitimate banking app on your device, for instance, these trojan apps can record your login credentials without your realizing it. Again, being cautious when downloading apps is a way to protect yourself against such bad actors.
And don’t overlook the features and functions your bank’s mobile app offers. For example, many banks now offer their own person-to-person payments, so you don’t need to download another app to send and receive money. Other banks may offer budgeting tools that you can access online to keep tabs on spending. Bottom line, if you’re worried about banking security during COVID-19, less can be more when authorizing third-party apps.
Don’t Fall for Phishing Scams
During a crisis like the coronavirus, email, phone and text phishing scams often abound. For example, the FTC has identified at least one phishing scam involving fake emails that appear to be from the World Health Organization.
Phishing scams can have different aims. Some, like the WHO scam, attempt to get you to click on a link within the body of the email. When you click the link, you unknowingly download malware or tracking software to your device that allows scammers to steal your information.
Other scams can take a more direct approach to try and get at your money. For example, you might get an email or text from a seemingly legit charity asking for donations. You’re asked to provide your debit card number or bank account number to make a donation. Feeling charitable, you go along with it, only to find out after the fact that it was a scam.
Also, be on the lookout for emails or other communications from your bank that aren’t the real thing. A common tactic scammers use to phish is sending out emails from an address that at first glance makes it seem like it came from your bank. You assume it’s safe and click a link or reply with information that’s requested in the email. But it turns out that you’ve just shared your details with a scammer.
If you get any emails or texts from your bank that ask for personal or banking information, hit the pause button on replying. Instead, contact your bank directly to ask if they sent out the email. If the bank seems oblivious, that’s a clue that you’ve been targeted by a phishing scam. If you suspect a scam, report it to the FTC and the Anti-Phishing Working Group. And keep an eye out for suspicious emails going forward, to stay safe with online banking.
Let Your Bank Help You
As early as March, banks began adding individual coronavirus help pages to their websites—and displaying COVID-19 info banners on their mobile apps—to give their customers a definitive source for accessing the help they need.
In many cases, what started as a basic expression of concern (with or without a few contact phone numbers) has turned into a detailed repository of both bank-specific and health-specific information resources for banking customers, which can help safeguard you, your family and your money—both during the COVID-19 crisis and beyond.