Financial institutions around the world have always been subject to attempts by criminals to try and defraud money from the institution and their customers. These attempts to defraud can occur via a number of methods e.g. credit card fraud, telephone banking and also Internet scams.
Two examples of common Internet scams are listed below:
• People will attempt to steal a customer’s login details by sending out emails which appear to be from a financial institution, and request personal details e.g. customer number and password.
• People create a website, which looks similar to a financial institution’s, but is in fact a ‘ghost website’ capturing the customer’s details, which may then be used to transact on the customer’s account.
Check you are connected to a legitimate banking website
It is important for you to be certain that your browser has connected to the real online banking site.
Every time you connect to online banking, the service sends your browser a piece of information called a ‘digital certificate’. This certificate securely identifies the site you are connecting to, and is used to establish the encrypted session. This certificate has been “digitally signed” by Verisign, the most recognised issuer of digital certificates in the world. Most browser software is written to automatically recognise any certificate signed by Verisign. You can view the contents of the certificate when you are connected to the Internet.
• In Microsoft Internet Explorer, the certificate details can be obtained by double-clicking on the <lock> displayed on the status bar (to the right in the address bar or in bottom right corner of your browser, depending on which IE browser you use).
• In Mozilla Firefox, you can verify the certificate by pointing your mouse cursor on the name just right of the address bar.
• In Google Chrome, you can verify the certificate by left clicking on the <lock> displayed to the left of the address bar.
Check the fields of the certificate to ensure that:
• The ‘Issuer’ field contains a reference to Verisign
• The ‘Subject’ field shows the organisation as your banking corporation
• The date specified is within a valid date range
Each certificate also has a ‘digital fingerprint’. Like any fingerprint, it is unique, but for security purposes, it is updated annually. You can verify the fingerprint’s authenticity by contacting your bank.
If the fingerprint displayed in your browser does not match the certificate’s fingerprint, you may have connected to an illegitimate or ‘fake’ site. Please do not continue, and do not enter your customer number or password. To obtain assistance, simply contact your bank.
Confirm that your data is encrypted
When you sign into online banking, a secure session will be established between your computer and the bank. You will not be able to connect to the online banking sign in page unless your browser connects with full 128-bit SSL encryption. You can confirm your online banking session is encrypted by ensuring a symbol of a lock appears at the foot of the browser.
Check your email has come from your bank
It is important that you only act upon instructions and advice from legitimate banking emails. Some criminals have access to certain technologies that allow them to send emails, which appear to be from a real bank, but are in fact from the fraudsters. You should be aware that all legitimate banking emails use the same style, layout, terminology and language. You should also be aware of the following actions you can take to ensure your security:
• A real bank will never ask for personal and login details via email.
• Under no circumstances should you send your personal details via return email.
• Delete junk emails and don’t open email attachments from strangers as they could contain malicious viruses.
• Familiarise yourself with your banks emails and how they should appear. Always keep a copy of a legitimate email to compare against any suspicious looking emails.
• All real bank emails will have a reference or link to security information.
• The language and text used should be professional sounding, use the correct terminology and grammar.
• Please remember to always contact your bank if you have any concerns about the authenticity of an email, or if you have received a suspicious looking email.
Financial records protection
• Always keep your tax records and other financial documents in a secure place
• When throwing out documents make sure your tax file number is not visible
• Don’t disclose your account information over the phone unless you made the call yourself
• Request your personal information be deleted from marketing databases
• Be wary of emails/websites which ask you to provide your personal or account information – they may be from a fake company
• Keep photocopies of your records in a secure place, and the contact numbers of each institution so
you can contact them immediately if you suspect fraud or theft
• It may be tedious, but ensure you check your bank statements for any transactions you didn’t make.
• Install appropriate anti-virus software on your computer, and keep it updated. We recommend you do not use online banking until you are sure your anti-virus protection is up to date
• Update the anti-virus and firewall products with security patches or newer versions on a regular basis
• Regularly scan your PC with your anti-virus software
• Always sign out of online banking and close the browser window
• Try to avoid using shared computers (e.g. at an Internet cafe) as you may be unable to check whether the latest anti-virus has been installed, or take precautions when using shared computers
• Use recommended software requirements to ensure the highest level of security
• Use the free security checks provided by antivirus companies to test your computer’s exposure to online threats including security intrusions and viruses
• Protect your PC from viruses and other malicious software.
• Don’t use your online banking password for other services, e.g. video account, email password, mobile phone service
• Change your passwords regularly and never write them down
• Do not record details on your computer in case a malicious computer virus enters your system
• Never disclose details to others. If you do, you may be liable to repay any losses due to fraud
• If you cannot memorise your password, and you need to keep it written down, store the information where other people wouldn’t think to look
• Keep photocopies of important contact numbers and your records, in a secure place, so you can quickly report suspected fraud or theft
• Change password regularly
• Destroy any notifications from the bank containing this information
• Do not use obvious passwords that others might be able to guess, such as names and phone numbers, birth dates, postcodes, or simple number sequences like 1234.
Ensure these companies protect your privacy by collecting only what is necessary and use this information only for reasons they disclose, i.e. they do not sell your personal details to marketing companies.
Thieves and fraudsters increasingly seek to use your personal and/or banking information to obtain credit and steal money in your name. If this occurs, it can be very difficult to prove your innocence and restore your credit rating. To protect yourself and your financial information, follow these guidelines:
• Do not disclose personal or banking details to anyone who approaches you and asks for them
• Ensure that your bank always has your current contact details, including work and mobile phone numbers
• Keep a record of important contact numbers and account details in a secure place, so you can quickly report suspected fraud or theft
• Thieves may sometimes complete a ‘change of address’ form on your home address to divert your mail to them. Monitor the mail you receive and contact the bank if you suspect your mail may have gone missing
• Ensure your letterbox is secure and only accessible by you, so that identity thieves cannot steal your mail before you get to it
• Don’t leave anything in your car that may be of use to identity thieves – e.g. bills, registration papers, licences and other identifying information
• Always check your statements and accounts for any transactions that look suspicious
• Always file tax records and other financial documents securely, especially if you live in shared accommodation
• When throwing documents out in the rubbish, make sure that tax file numbers and other identifying information are not visible
• Keep updating your anti-virus software and scan your pc regularly to prevent becoming a victim of online fraud, phishing emails or ghost websites. Cyber viruses can capture your personal, banking and business details
• Ask to have your personal information removed from marketing databases so you are safe if anyone hacks into those databases
• If you suspect any instance of misuse of your personal information, contact your financial institution immediately.