Accessing internet banking can be dangerous if the user does not take certain precautions. According to the Central Bank, two-thirds of Brazil's banking transactions at the end of 2018 were already carried out via the Internet, a movement that has been accompanied by the growth of virtual attacks. An example is Banload, a banking trojan type that has been circulating in Brazil since at least 2015: according to ESET, 82.9% of malware victims between January and March 2019 were Brazilian.
READ: Deep Web: See if Your Crime Email
Precautions are not only about the security of the device where your account is accessed, but about password-related measures and even customer communication with the financial institution. Here are eight things you should not do to stay safe when transacting online.
Check out precautions to take on internet banking by PC and mobile Photo: Rodrigo Fernandes / dnetc
Want to buy a cell phone, TV and other discounted products? Meet the Compare dnetc
1. Use easy and repeated passwords
The first step to protect yourself is not to use too obvious passwords in your bank. Keep in mind the golden rules of passwords, especially for something as sensitive as your bank account: Don't use birthdays and other combinations that can be easily related to you, such as your license plate and phone number.
In fact, dates are often problematic because they make it easier for a trained robot to test the most likely ones, with fewer possibilities for matching, since months are between 1 and 12, and days from 1 to 31, for example. Password managers like LastPass help create strong passwords that are hard to guess.
Services like LastPass help create strong passwords Foto: Reproduo / Paulo Alves
It is also worrying to repeat the same bank code elsewhere. One of the main hacking tactics to steal data involves hacking into sites with weak security to steal passwords and then testing the same credentials on bank accounts. As hard as your internet banking password is, you are still at risk if you use the same string for email, social networking, and any other online account.
2. Fill in passwords automatically
When using LastPass or the browser password vault (Google Chrome, Edge, Firefox, Safari, and other browsers provide the feature), be sure to prevent your bank password from being recorded. Measures like this prevent an unauthorized person from accessing their bank account on their mobile phone at a time of distraction.
There is also a risk that hackers will exploit security holes to steal your browser recordings. Not to mention a possible hacking of the system servers that holds your password. It is therefore safer to write the information to memory, even if the code was originally created by a password manager.
Do not save bank passwords in browser Photo: Reproduo / Paulo Alves
Using internet banking on public Wi-Fi can be a danger even if banking sites have HTTPS. Open networks are more prone to vulnerability, facilitating the distribution of malware among connected devices. A compromised router can, for example, trick the computer and divert its traffic to a fake website that mimics the bank to steal data. Because of this, some applications even block operation on this type of connection.
If you need to use internet banking away from home, it is recommended to use mobile internet (3G or 4G) or launch a reliable VPN to broker the connection. The Opera browser, for example, offers integrated free VPN.
Always use VPN if you need to access the bank on public Wi-Fi Photo: Reproduction / Paulo Alves
4. Click on Bank Email Links
Banks generally do not send emails and, when they do, do not include links or request data from your account. Be wary of and immediately delete any message that has information of its kind and especially encourages you to enter an Internet or card password.
5. Use two-factor authentication with SMS
The two-factor authentication feature helps keep your account secure by providing an additional code for each new access or transaction. However, the measure can be dangerous if the second password arrives via SMS. With SIM Swap, hackers can access your mobile number and intercept the code midway to proceed with account hacking. Therefore it is safer to use PIN via application or even physical password card.
Two-step SMS verification can be fragile Photo: Divulgao / Apple
6. Use internet banking on computer
Always prefer to access your bank account via application over traditional internet banking on your computer. In general, smartphones are safer than PCs, either because they have a more controlled system or because apps are updated more often, offering ever-improved protections.
Good news is that major banks in Brazil offer bank account access via the application. According to a recent survey by Febraban, the mobile phone surpassed for the first time, in 2018, the volume of Internet transactions carried out via computer in the country.
7. Use outdated mobile app
In addition to giving preference to the mobile app, it is important to have the app always up to date to stay protected. Bug fixes and security enhancements are released in new versions. But these things don't usually appear in the description of the update on the App Store or Google Play. Just in case, update the bank app as soon as the update appears in your operating system's official store.
Android users need to take extra precaution when accessing bank app on mobile. The platform is known for the high volume of malicious apps available on the official store and, of course, several of them target the victim's bank information. In October 2018, ESET discovered some fake Play Store apps that accumulated thousands of downloads before being blocked by Google.
To avoid problems, it's important to take certain precautions before downloading, such as verifying apps are official, checking user reviews, and using Google Play Protect if you have any questions.
Via G1, ESET (1,2) and MakeUseOf
Chrome won't let you download Guarido from Ita; what to do? Ask questions on the dnetc forum.
How to Remove Virus on an Android Phone