Nowadays almost every bank provide you with a Net banking username and password (or PIN) as soon as you open an account (savings, current or recurring) with them. e-banking can be considered very useful when you want to pay your bills online or want to do shopping on e-commerce websites like eBay, Amazon etc.
Last week one of my friend’s net banking account got hacked (accessed by some unknown person) because he entered his username and password on a phishing website. The very next day he got an SMS alert and email from his bank that someone is trying to login to his account using a suspicious IP address outside of India:
He immediately contacted his bank’s helpline and they were able to lock his account before any type of transaction can be made. The hacker was using a proxy server (can be easily obtained using VPN, TOR etc.) located in some other country, so the bank was unable to trace his exact location. Also the website he was using for phishing belonged to some other webmaster, whose account was also compromised!
If you do banking online, then let’s check out in this post some important security tips and precautions for safe banking.
Be very careful when you respond to or work with Emails
If you receive emails that appears to be coming from your bank, then you should always keep following things in mind:
1. Your bank will never contact you to ask about your account related information like your customer identity number, Credit or Debit card number, CVV, PIN, Date of Birth etc. If you receive any such email, then delete it OR forward its copy or print out to your bank’s security department.
2. There is always a tone of urgency in phishing emails like Login now or your account will be suspended, Your account has been temporarily disabled, enter your card details to reinstate your account etc. No bank in the world sends such emails to its customers. Report them as SPAM or phishing.
3. Never ever click on any link present in a suspicious mail. For example, I received following SPAM mail in my inbox which contains a hard to resist offer:
If I click on Generate Quote & Buy online, I will be redirected to a phishing website where I need to enter my credit or debit card related details. Hyperlink contained in such emails can also trigger malware (virus, trojan, key logger etc.) download, which may infect your whole computer.
4. If there’s an hyperlink in an email, then make sure it matches with the official URL of your bank’s website:
If the URL doesn’t match then you should discard such emails and report them as SPAM or Phishing:
5. Your bank should have a SSL certificate installed on their website, so that the connection between your computer and their server is fully encrypted. You should always check for a secure padlock icon in the URL bar or at the bottom of your browser:
If you don’t see a padlock icon, then try to load the secure version of your bank’s website by adding HTTPS:// (example: https://www.hdfcbank.com/) in the URL OR simply don’t login/transact over such insecure web pages. Fake websites generally don’t use a SSL certificate, because they are not issued one!
Ensure that your computer is fully protected
2. If you do lots of online transactions in a month, then it is also suggested to use a personal firewall on your computer. A firewall can control and protect both incoming and outgoing data packets (network traffic) by monitoring your Wi-Fi or Ethernet connection. It can also detect and block port scan as well as other type of network attacks.You can check out a useful list of best free firewalls here.
3. Free software are either limited or lacks functionalities. To overcome this problem, you can always purchase an all in one security suite either from Bitdefender or Kaspersky, which have features like anti-virus, firewall, parental control, anti-spam etc.
4. It is necessary to keep your computer’s operating system always up to date by installing latest security patches. In case you are using a pirated copy of your OS, then chances are very high that you will not get any security patches or updates and your computer will be prone to vulnerabilities. Either buy a genuine copy of your OS OR you may want to switch to Linux!
1. Use a Virtual keyboard for typing: Keystroke logging software or Keylogger is a type of malware that gets installed on one’s computer without any user knowledge. It silently monitors and records every keystroke that the user is typing on his keyboard and then pass the recorded data to its developer.
If the recorded data contains user’s bank account username and password, credit card number, card expiry date, CVV etc., then the developer can easily do transactions from his account. This type of software can be typically found on public computers used in cyber cafes and is also present on home computer, if its owner don’t care about security at all.
Virtual keyboard can be considered quite useful for entering important bank account related details over a website, as it uses mouse clicks for typing information. Mouse clicks are very hard to record as well as monitor.
2. Choose a strong password: It is very necessary to use a strong (a lengthy one with a mix of alphanumeric and special characters) login password for all accounts related to your bank. You can read more on this topic here.
3. Always logout: It is very necessary to click on the logout hyperlink or button to end your ongoing session. This will protect you from XSS exploits and session hijacking. You should also clear your browser cache/delete cookies either manually or use a software like CCleaner.
4. Don’t ignore browser warnings: If your browser warns you about a website, then don’t ignore the warning. For example, Chrome alerts its users with following Danger: Malware Ahead! message whenever they try to visit a webpage containing malware:
Google Chrome has blocked access to this page on domainname.com.
Content from domainname.com, a known malware distributor, has been inserted into this web page. Visiting this page now is very likely to infect your computer with malware.
Malware is malicious software that causes things like identity theft, financial loss, and permanent file deletion.
In case you still want to access the site, then it’s highly recommended to use a sandbox.
5. Use OpenDNS and Google DNS: Both of them may provide better security than your ISP’s DNS. Instructions for setting them up on your computer can be found in this post.
6. Set up alerts: Your bank must have an SMS or Email alert facility and you should subscribe to it (additional monthly/yearly charges may apply). Whenever a transaction is made from your account, you will receive a text or email alert within seconds.
7. Check your account statements regularly: You should make a habit of checking your bank account and card statements on a monthly basis. If you are suspicious about any type of transaction or charge, then you should immediately contact your bank and ask them about it.
8. Use 2 Step Verification: If your bank provides you with a security token device OR have mobile (Android and iOS) applications so that you can use 2 factor authentication feature, then you should make use of them.
If you have any more tips to share, feel free to post them in the comments section below.