Keep your computer secure
One of the biggest threats to online banking are viruses that capture your password as you type. These viruses, known as 'keyloggers', are often sent out in phishing emails, although they can spread by other means too.
Whilst banks do have some defences against these, the best thing you can do is to protect your computer by following a few simple tips:
- Don't open unexpected email attachments: This is a common way for criminals to spread viruses.
- Keep your computer software up to date: Viruses work by finding weaknesses in your computer's software. Developers regularly push out software updates so make sure your computer is set to install these automatically.
- Install a good antivirus program: Some banks even provide antivirus programs for free; ask in branch or check your bank's website.
- Follow your bank's advice: Some banks also offer a free program called "Rapport" by Trusteer. This little program sits in your browser and detects if any other program (such as a virus) is listening for and sending away your bank details.
It's also advisable to avoid doing online banking from a public computer too; you never know how up-to-date the antivirus or the computer software is. Logging in from your own PC, or one from your place of work, is much safer.
Be aware of fake websites and phishing
An example of a phishing email - not all are as obvious as this one!
Another popular trick amongst criminals is to fool us into simply giving them our banking login details.
How often do you receive emails claiming to be a security alert from your bank? These emails - a type of 'phishing' - try to scare you into taking action, often asking you to log in and confirm your details.
The links provided in these emails though take you to a spoofed version of your bank's website - one which the criminals control - where they can record everything you type. They then simply re-use your password and log in to your real account.
To avoid becoming a victim it helps to remember the following (we also have several pages dedicated to spotting phishing emails):
- Never trust an email or text message just because it claims to be from your bank. That may sound obvious, but with our busy lives it can be easy to let our guard down. Whilst these emails are sent at random, every so often you'll receive one that by chance will look to have come from your bank.
- Be alert to scare tactics. These emails will often have a sense of urgency to scare you into acting quickly, before you have time to properly think.
- Check where any links in an email takes you. Hover your mouse over a link to see the address it points to. If it looks suspicious don't click it.
- Double check the address of the website. Banks will use their name - and their name alone - as their web address, for example www.hsbc.com. Be suspicious of any variations you see such as www.hsbc-online.com or www.hsbc-securityalert.com.
Whenever you receive one of these emails simply delete it - genuine banks will never ask you to follow a link in an email to login. If you're ever in doubt contact your bank; call the phone number on the back of your bank card or on your statement (don't rely on any contact details in the email).
See our Phishing pages for more tips & examples, and see if you can spot the fakes yourself!
Money transfer scams
Another type of email scam involves fraudsters trying to trick you into transferring your money directly to them.
This could be by impersonating your CEO, hacking the email of the solicitor dealing with your house purchase, or phoning you up and claiming to be from the bank's fraud team.
Check out our guide to some of these common tricks here, and always verify who it is that you're sending any money to.
Keep your connection private
All banks try to keep the communication between your computer and their website private by scrambling up any data passing between you and them; this is known as 'encryption'.
If you're using a web browser on a PC (as opposed to a dedicated banking app on your phone) then always check the connection is secure by looking for https:// at the start of the web address (the 's' stands for 'secure'), as well as a padlock symbol in the address bar.
Look for the padlock symbol and 'https' in the address bar. This example screenshot was taken whilst using the Chrome browser, but you'll see similar details on all web browsers.
If you're using a mobile phone (where there's not the screen width available to display everything) then note that some browsers may not always show the "https". Do however always make sure that a padlock is showing!
How secure websites appear on mobile browsers
Using public wifi
Letting your browser protect your web traffic is secure. Or at least, it normally is.
In practice, https (which scrambles your data) is not perfect, and in some circumstances it can be silently broken - and your data read - by people with the right tools and know-how.
This can only be done by someone sharing the same internet connection as you, and so for this reason - where possible - you should avoid doing online banking on any public wifi connection such as in a coffee shop or hotel. The vast majority of the time you will be fine, so go ahead and use it if you absolutely need to, but if you can wait until you get home then it's certainly advisable to do so.
If you know how, and are in a position to do so, then using your phone as a mobile hotspot is generally more secure than using public wifi.
If you use public wifi a lot then you might want to consider installing some software called a 'VPN' (Virtual Private Network). This wraps a strong tunnel around your connection, preventing any nearby hackers from intercepting and reading your data.
We have a full page of other advice too for using public wifi securely.
Using a mobile phone or tablet?
Banking from your phone or a tablet is becoming common these days, with most banks offering dedicated apps. These can be more convenient than using a simple web browser, and are theoretically more secure too. But again there's a few top tips to help you stay safe:
- Only install genuine apps from the official app store. For iPhones use Apple's App Store, or if your phone is an Android use the Google Play store. Ensure you only install the official app from your bank - follow links from their website, or ask for help in branch.
- Keep your phone software up to date. Just as with your PC, your phone manufacturer will occasionally send out software updates to fix any known issues. Try to keep your phone as up to date as possible.
- Don't use "rooted" phones. The act of "rooting" a phone can give a user more control over their phone, but removes many inbuilt security protections. Never heard of "rooting"? That's a good thing - there's no need to worry about this issue in that case. If your phone was rooted you'd almost certainly know.