/ Money

Through the hacker’s eyes: how to bank safely online

Password screen

Our latest test of online banking security found many have improved since last year. That’s not to say you should rest on your laurels. Here’s Ken, one of the hackers who helped us, on how to protect yourself.

Every year Which? looks at the security of online banking for the largest UK retail banks.

Here’s the thing; they’re all pretty good nowadays and successfully hacking your account is getting harder. Hence hackers are targeting the easiest way into your account; you!

So here’s some advice on what you can do to protect yourself:

1. Install anti-virus software

Make sure you have some decent anti-virus security software installed. Some even include safe browsing tools and link scanners that can stop you clicking on dodgy web sites that could infect your computer and steal your banking password.

2. Keep your computer and phone up to date

This is really, really important. No really! Every time an update comes along, say for Windows/Mac or iPhone/Android, Adobe Acrobat, Java or whatever applications you have installed, install them.

The software vendor tells you ‘here’s an update with new whizzy features’. But what they could mean is ‘we made a mistake and there’s a security flaw in the version of software you’ve got currently, so here’s a version that fixes that’.

Puts a different light on updates, doesn’t it! It’s estimated that 90% of successful hacks are a result of someone forgetting to install an update.

3. Sort your passwords out

They’re such a pain to remember, aren’t they? The problem is that people re-use passwords all over the place. Is your password for Facebook the same as for another website? Do you use the same password for Amazon, or somewhere else?

You might have a really complicated password, that has nothing to do with your cat’s name or anything else about you. Here’s the problem though; retailers keep getting hacked, and your passwords get stolen. The hacker steals one password and tries it on loads of other sites you might use the same password on. Bingo, they’ve got access to your account. Pray you have a different password for your bank account.

One easy way to fix that is to use a ‘password vault’. This is a software application or service that manages your passwords for you. It creates complicated, unique passwords for you, then manages the log-in process for you. So much easier! You just need to set one complicated password to make it work and the rest is easy. There are some minor downsides (like putting all your eggs in one basket) but this is usually way better than re-using passwords.

4. Watch out for phishing emails

If the email has a scary tone – ‘your account has been hacked’, ‘urgent action required’, ‘click here immediately to check if these transactions are fraudulent’ sort of thing then there’s a high chance it’s a phishing scam. If you’re worried, phone your bank or the retailer involved using the number you usually use. Just make sure you don’t click on the links!

5. Dodgy phone calls

I don’t care how legitimate or official they sound, hang up. If you’re concerned, phone up whoever they claim to be using their official number. And use another phone to the one you were called on, as a common scam involves fraudsters staying on the line when you think you’re talking to your bank.

6. A technical recommendation

It’s a good idea to try using Google Chrome or Firefox, and not because Internet Explorer isn’t a good web browser. It’s because most home users use it. Hence, when hackers write tools to hack browsers, they generally write them for IE because that’s one of the most common browsers.

Do you trust your bank’s online security? Has your account ever been hacked? Do you have any tips of your own to share?

Which? Conversation provides guest spots to external contributors. This is from Ken Munro, a senior partner at Pen Test Partners, the ethical hackers who helped analyse bank’s online security in our test. All opinions expressed here are Ken’s own, not those of Which?.

spencer says:
27 December 2014

HAcker don’t need your password for hack your account

13 February 2018

[Sorry, your comment has been deleted for breaching Community Guidelines. https://conversation.which.co.uk/commenting-guidelines/ Thanks, mods.]