Staying safe when mobile banking is partly about recognising potential hacker tricks that take advantage of human foibles. IT folk call one of these tactics “phishing” – it’s about fishing for a response from you and me.
Don’t get caught in the net
A popular strategy of scammers is to create an email or webpage that looks like it’s from an official authority or a company you deal with – such as your bank – and ask for your details. Sometimes a reward or prize is promised if you take action. Or a message might claim your account has been frozen, and that information is required from you to unlock it. But be very cautious.
If it’s too good to be true…
We can feel we may miss out sometimes if we don’t take a chance. A message with a sense of urgency can inspire a “hot state”, emotionally tempting recipients to act without thinking things through. And it can be so easy to believe what we want to believe – and fall into a thinking trap known as confirmation bias.
Phishing is similar in a way to “419 letter” or advance-fee fraud. This type of scam over the years has tricked many people into sending criminals money, believing they’ll receive a windfall in return. Fortunately, most of the time you can stay safe by following a few simple rules.
1. Don’t respond to unsolicited messages Years ago, such “phishing” emails were easy to spot because they were typically full of spelling errors and other mistakes – but now even experts can struggle to tell the difference. So the best option can be to simply ignore any unexpected message where the sender cannot be verified.
2. Don’t click on any links, attachments or photos in an unsolicited message – even if the website address looks genuine. Links can be disguised or have similar URLs; attachments and photos can hide malicious software that damages your mobile device or steals information. Even website security certificates can be faked.
3. Do regularly review bank accounts and online security Security software won’t catch every threat but it can fight off many common ones. And if you check your bank account regularly online, you can call your bank immediately should you spot anything wrong.
4. Do remain alert when you’re online It is easy to underestimate the chance something bad could happen. Many legitimate organisations – especially banks – would never send customers an email asking for personal information. Do not use any phone numbers or email addresses provided within a suspect email either – these might be fake too.
“It won’t happen to me”
A message may even address you by name, or know things you think only your bank or close associates would know. “Spear-phishing” is a variation where the criminal has found out genuine information about one or more people, perhaps by compromising a set of records or hacking into a different account, and targets specific individuals with a customised attack.
We should take the same precautions with mobile devices – laptops, smartphones, and tablets – we would for a telephone call out of the blue or knock on the door from a stranger. Learn more about phishing at the Anti-Phishing Working Group website, where you can also report an attack.