Produced 2006 by US-CERT, a government organization. Updated 2008.
Banking Securely Online
Online banking continues to present challenges to your financial security and personal privacy.
Millions of people have had their checking accounts compromised, mainly as a result of online
banking. If you are going to use online banking to conduct financial transactions, you should
make yourself aware of the risks and take precautions to minimize them. The following
practices, which are discussed further in this paper, can help you avoid common security
problems associated with online banking:
• Review all privacy and policy information.
• Use unique and hard to guess login information.
• Protect your computer.
• Check your account balance regularly.
• Pay using credit cards.
• Do not access your account from public locations.
• Verify email correspondence from bank.
• If your account is compromised, take swift action.
Attacks that Target Online Banking
Several types of electronic fraud specifically target online banking. Some of the more popular
types are described below:
Phishing attacks use fake email messages from an agency or individual pretending to represent
your bank or financial institution. The email asks you to provide sensitive information (name,
password, account number, and so forth) and provides links to a counterfeit web site. If you
follow the link and provide the requested information, intruders can access your personal account
information and finances (see “Recognizing and Avoiding Email Scams” for more information).
In some cases, pop-up windows can appear in front of a copy of a genuine bank web site. The
real web site address is displayed; however, any information you type directly into the pop-up
will go to unauthorized users (for a more technical discussion, see “Technical Trends in Phishing
Attacks” at http://www.us-cert.gov/reading_room/phishing_trends0511.pdf). (In a similar
scheme, called “Vishing,” a person calls you and pretends