When was the last time you went to your bank, chatted with the teller or stood in long queues to pay bills? If you don’t remember doing any of this in the recent past you can very well call yourself a ‘Smart Online banker’. With hectic schedules and long working hours, Online Banking has become a boon for working individuals. But with growing internet user landscape, socially engineered online security threats like Malware and Phishing too are evolving. As per a recent CERT-In report, 901 websites have been defaced in March as compared to 500 in February this year.
Stats like this reinforce the need for consumers to protect themselves when surfing online. If not protected it will be easier for hackers to source your personal information, damage your PC with Malware or rob you off your hard earned savings.
By taking some simple steps, you can dramatically reduce these online threats. And can be rest assured that your hard earned money will be protected.
How to do Internet Banking ‘safely’?
1. Be aware always. It is a good idea to register yourself to your banks Mobile Banking service so that you keep receiving alerts whenever there is a significant transaction made in your account. This will also help you identify and report any transactions that are not legitimate.
2. Know which website is safe. Malware attacks are rampant on the internet and can compromise your data, privacy, and identity while also damaging your computer and valuable personal data. By default Internet Explorer 8 runs SmartScreen Filter that protects your computer better by warning you when you attempt to view sites or download files that are potentially unsafe. If the SmartScreen Filter is active and you attempt to visit a website that isn’t considered safe, the address bar turns red and prompts you to take alternative actions. If it detects a malicious website, Internet Explorer 8 will block the entire site. It can also provide a “surgical block” of malware or phishing hosted on legitimate websites – blocking just the malicious content without affecting the rest of the site. IE8 has done over 560 million malware blocks till date which only goes on to show the quantum of the problem consumers face.
Figure 1: IE 8 warns you about phishing scams. The title bar includes the name of your bank, but the highlighted domain is not the bank’s URL.
Figure 2: What you see when SmartScreen blocks sites and downloads that have been reported as unsafe.
3. Identify fake web addresses. To overcome phishing threats you should be very particular about the web addresses (URLs) that you are typing on the address bar to avoid deceptive and phishing sites into tricking you with misleading addresses. The Web address might look very similar to the address of a legitimate business, with a minor change. For example, instead of www.bankofindia.com, the scammer might use www.bankofinda.com. The intent is to lure you into clicking onto their Web site and giving your personal information, such as your account number and password. Always check to see that you have typed the correct Web site address for your bank before conducting a transaction. Internet Explorer 8 users are aided by the feature Domain Highlighting that lets you easily interpret web addresses (URLs) to help you avoid deceptive and phishing sites. It does this by highlighting the domain name in the address bar in black, with the remainder of the URL string in gray, making for easier identification of the sites true identity.
Figure 3: IE 8 highlights the domain in links you visit, so you know where you’re really going.
4. Protect yourself from emerging threats. Cross-site scripting attacks are one of the increasingly sophisticated methods online criminals use to get your personal information. Cross-site scripting attacks try to exploit vulnerabilities in the websites you use. In this attack, you might receive an email that contains a tampered website address. Once you click on the link, you are directed to a legitimate website that has been compromised to contain malicious content that can capture keystrokes and record your login and password. By default Internet Explorer 8 helps protect you against these attacks by detecting and disabling the harmful scripts with a built-in Cross Site Scripting (XSS) Filter that is always on.
Figure 4: IE 8 detects potential cross-site scripting vulnerabilities and disables harmful scripts.
5. Browse more privately. When you’re using a public computer to check your bank account or for online payments, it’s a good idea to use InPrivate Browsing – a feature that helps prevent your browsing history, cookies, and other information from being saved on the computer. If you’re using a public computer, InPrivate Browsing can prevent information about your online usage from being abused by third parties. An alarmingly growing phenomenon on the internet is tracking of keystrokes typed into the browser you use, that allow for aggregation of a record of browsing habits, and personal information. The InPrivate Filtering option in IE8 enables users to gain greater control and choice over what is displayed.
6. Always completely log off. It is important to completely log off from your Internet banking session; simply closing the window you performed the transaction in may not close the banking session. This could mean that your session may become hijacked by a criminal and can be used for illegitimate financial transactions. It is also advisable to disconnect from the Internet if you are not planning to use it.
7. Know your mail. Never respond to unsolicited e-mail offers or requests for information. Most of the banks do not use e-mail to communicate any personal information or ask you to share your personal data over email. Messages like “Verify your account”, “If you don’t respond within 48 hours; your account will be closed” are all likely to be identity-theft phishing scams. Be cautious about such mails and do not provide your personal or financial information online. So, the next time you get a mail from a bank asking you to update your credit card information do not respond: this could be a phishing scam.
8. Make sure your bank Web site uses encryption. To confirm that a site uses encryption when processing credit card information, look for:
o An “s” after http in the Web address – it should read “https”
o A green address bar – Internet Explorer 8 uses this to indicate a trustworthy site
Figure 5: Example how you can confirm the site uses encryption in IE8.
9. Keep your Software Up-To-Date. The software you use and the Internet itself can impact the security of your online activities. Therefore, you should watch for security bulletins that warn you of various security “holes” or “bugs” that may impact the software and web browser you are using. It is very important to check the websites of your operating system and web-browser for software “patches” and “updates”. Some operating systems and software can be configured to automatically check for new updates. At Microsoft, we continue to make improvements to our software to help protect your computer. Visit Microsoft Update to scan your computer and install any high-priority updates that are offered to you.
10. Install & Update Anti-Virus Software. Your first level of defence against phishing scams and other malicious humans or software is to secure your computer. Always protect your computer by using up-to-date anti-virus software that is capable of scanning files and e-mail messages for viruses. Microsoft Security Essentials is a free download which provides real-time protection for your computer against viruses, spyware, and other malicious software.
11. Browser cache: You should be aware that Web browsers will store information on your computer even after you are finished conducting your online activities, this is called caching. Therefore, you should close your browser once you are finished using the Internet, particularly if you visit secure sites to conduct financial transactions, check account balances or view any other information that you regard as private and confidential. To clear your browser cache, follow the below process:
o On your Internet Explorer
§ Go to “Tools”
§ Go to “Internet Options”
§ Select “General”
§ Click on “Delete Files” at “Temporary Internet files”
12. Change your password regularly. To protect your banking data, it’s a good idea to create strong passwords and keep them secret. Also, you should always change your online banking passwords periodically at least every month.
The key is to be aware when you are surfing online and keep these tips in mind. So, by upgrading your browser today, making sure the other software on your PC is up to date, and learning how to identify and avoid common attacks, you can better protect your computer and your personal information.
[Thanks To Microsoft Consumer & Online For All The Information]