News of the Silentbanker Trojan seems tohave (rightfully) caused quite a few people to wonder if the computersthey use to access their online banking are secure. I’ve gotten someinteresting questions about the security of online banking since LiamO’Murchu’s blog about Silentbankerwas published last week.
Some people I talked to said that they’llnever use online banking again, but I don’t think that’s the answer(just ask anyone who has ever had their bank card skimmed). Instead, I think people are better off securing their computers andusing a few best practices to ensure that their transactions are safe.
So, here are a few tips for online banking:
• Use a strong password to access your online banking and change itoften. Strong passwords are always good to use, but remember that akeylogger can record any password. Also, don’t use the same passwordfor your online banking that you use for anything else.
• Don’t save your online banking password when your Web browser asksyou to. There are plenty of threats out there capable of stealing thepasswords your browser stores.
• Don’t get lulled into a false sense of security. Many people thinkthat because their bank uses two-factor authentication that they aresafe. Silentbanker proved them wrong.
• Do not access your online banking from any computer other than yourown. Don’t use your friend’s computer or even your work computer sinceyou don’t know for certain whom else has had access to it. And under nocircumstances should you ever access your bank from a public terminalat a library, Internet café, or anywhere along those lines. Just don’t.Seriously. Trust me on this one. You may as well post your account andpassword on a billboard in Times Square.
• Always manually type the Internet address of your bank into your Webbrowser. Never follow a link to it, especially not one that you receivein an email message.
• If you receive email from your bank and want to phone them to verifyits authenticity, dial the number located on your bankcard or look itup in the phone book. The phone number in an email message may be a “vishing” number.
• Don’t store your passwords in a file on your desktop (or anywhereelse on your computer for that matter). Some people believe copying andpasting passwords from such a file will defeat keyloggers. However,many threats are capable of stealing the contents of your clipboard –the service that stores copied text. Additionally, an attacker who hasremote access to your computer through a back door server program couldeasily steal this file.
While this list is by no means exhaustive, it’s a good startingpoint for most users. You should also follow other computer securitybest practices – install antivirus software and keep it updated, use afirewall in combination with an intrusion prevention system, and keepyour operating system and applications up to date with patches.