Internet commerce is fast and convenient, but as with the old-fashioned ways of doing business, it pays to take precautions
Online banking, bill paying and shopping are conveniences that most people want to enjoy. And most of the time, high-tech transactions are completed quickly and without a glitch. However, just as with other transactions, in a small percentage of cases something goes wrong. That's why you need to take precautions against theft and errors.
In particular, even as banks and merchants tighten up security, Internet thieves devise new, sophisticated ways to trick consumers into sending money or into revealing information that can be used to commit fraud. "Today's Internet threats wear many different disguises, from fake Web sites to fraudulent text messages on cell phones," warned Michael Benardo, Chief of the FDIC's Cyber-Fraud and Financial Crimes Section. "That's why online consumers need to be aware that they may be targeted and they should always be on guard."
David Nelson, an FDIC fraud specialist, added: "Online fraud is an ongoing game of cat and mouse. Crooks continuously hunt for security holes, banks and merchants plug those holes, and then the criminals find new ones to slink through. But consumers play an important role in keeping crooks at bay by being aware of the potential risks, taking precautions and remaining vigilant."
FDIC Consumer News, which periodically issues guidance to consumers regarding online precautions they can take, offers our latest collection of top tips. Note: Not all financial institutions offer each product or service described here.
1. If you bank online, frequently check your deposit accounts and lines of credit to spot and report errors or fraudulent transactions, just as you should with traditional banking. "Your ability to monitor your accounts online has gotten easier, faster and more convenient now that banking by cell phone is starting to mature alongside banking online," said Michael Jackson, Associate Director of the FDIC's Technology Supervision Branch. "This is important, because the sooner you can detect a problem with a transaction, the easier it should be to fix."
Nelson suggested checking your accounts online about once or twice a week, but he also noted that "more and more banks are making it easier for their customers to keep an eye on their accounts electronically. For example, many banks offer e-mail or text message alerts when your balance falls below a certain level or when there is a transaction over a certain amount."
Federal laws generally limit your liability for unauthorized electronic funds transfers, especially if you report the problem to your financial institution within specified time periods, which will vary depending on the circumstances. A good rule of thumb is to check your statements promptly and report unauthorized transactions to your bank as soon as possible.
2. Never give your Social Security number, credit or debit card numbers, personal identification numbers (PINs) or any other confidential information in response to an unsolicited e-mail, text message or phone call, no matter who the source supposedly is. Chances are an "urgent" e-mail or phone call appearing to be from a government agency (such as the IRS or the FDIC), a bank, merchant or other well-known organization may be a scam attempting to trick consumers into divulging personal and account information. It's called "phishing," a high-tech variation of the concept of "fishing" for personal information.
Also watch out for phishing scams that involve bogus text messages sent to cell phones claiming that a bank account has been "blocked" and the recipient must call a certain number to fix the problem. If you make that call, you likely will be asked to enter your account number and PIN. The criminals can use this information to make counterfeit debit cards and drain your account.
"Real bankers and government officials don't contact people asking for this kind of information," said Benardo. "Your bank will already have your account numbers and only you should know your log-in credentials, and a government agency won't have a need for this information."
3. Don't open attachments or click on links in unsolicited e-mails from anyone you don't know or you otherwise aren't sure about. Sometimes these attachments or links can infect your computer with "spyware" that can change your security settings and record your keystrokes. "Spyware can secretly steal your passwords, bank or credit card numbers, and your answers to security questions like your mother's maiden name or your high school," Benardo advised. "Online thieves can use this information to log into your account, make changes and transfer money, leaving your bank account empty."
In one recent example, criminals sent out fake IRS e-mails warning recipients that they were being investigated for unreported income and asking them to click on an attachment for more information. The file launched a program that allowed hackers to install spyware and other unwanted programs on personal computers (PCs) to access bank accounts.
4. Watch out for sudden pop-up windows asking for personal information or warning of a virus. This is called "scareware" because it frightens people into providing information, downloading malicious software or paying for removal. If you get an e-mail or pop-up window saying your computer has a virus and it offers a program to clean your PC - and the warning window won't go away - your first step is to use the computer's "task manager" function and click "end task" or "force quit" to shut down the pop-up window. Scareware can be a nuisance to clean off your computer, so call your anti-virus software company if you need help.
5. Use a mix of security tools and procedures. "Staying safe online is like protecting your home with lighting, locks, alarms and fire extinguishers," explained Nelson. "You can't rely on just one layer of defense to protect you from all online threats."
At the top of the list of security tools to use - and keep updated - are anti-virus software to detect and block spyware and other malicious attacks, and a "firewall" to stop hackers from accessing your computer.
Even if your computer seems fine, Nelson said, schedule an automatic anti-virus scan to run at least once a week but preferably every day. Call or e-mail your anti-virus vendor right away if you get a warning message and you don't know what to do next.
Also consider these extra precautions as you use the Internet:
Don't log into your bank account while using public computers, such as at a library, or free wireless connections at coffee shops and similar places. Criminals often try to intercept Internet traffic, including passwords, from these locations.
Pay attention to the toolbars at the top of your screen. Current versions of the most popular Internet browsers and search engines often will indicate if you are visiting a suspicious Web site.
Choose "strong" user IDs and passwords that will be easy for you to remember but hard for hackers to guess. The strongest ones have a combination of letters, numbers and other characters, and are at least 10 characters long. For your online banking, choose IDs and passwords that are not the same as those you use for e-mails or social networking sites, just in case they get into the wrong hands. Also change your online banking password about every 90 days. And if you remove a computer virus from your PC, immediately change your password.
Have each person in your household bank and shop online and send e-mail through his or her own "standard user account." Not conducting these online activities through the computer's "administrator account" - the one that makes changes affecting all users - reduces the likelihood that a hacker can install unwanted programs on your PC. Limit the use of the administrator account to special tasks needed for your computer, such as adding or removing software and installing updates to your operating system.
Consider using a separate computer solely for online banking or shopping. A growing number of people are purchasing basic PCs and using them only for banking online and not Web browsing, e-mailing, social networking, playing games or other activities that increase the chances of downloading malicious software. You can also consider using an old PC for this limited purpose, but you should uninstall any software you no longer need and follow up with a scan of the entire PC to check for malicious software.
Only use security products from reputable companies. Nelson said one way to check out these products is by reading reviews from computer and consumer publications. "Look for a product that has high ratings for detecting problems and for providing tech support if your computer becomes infected," he said.
Kathryn Weatherby, a fraud specialist at the FDIC, also cautioned that banks normally don't ask their customers to download software updates. "If you get an unsolicited request to update your banking software," she said, "independently verify it by calling your bank using a phone number from your bank statement, not the phone number that appears in the request, which could connect you to a scam operation instead of your bank."
6. Beware of check scams. With unemployment high, con artists are preying on people who need cash. One common check scam involves attractive offers - usually originating in e-mails or online job postings - involving part-time work from home. As the new "employee," you will be sent a check to deposit (which will be counterfeit) and told to forward cash from your own account (to the crooks). Another scam involves "mystery shopper" programs where the new hire is given fake money orders or checks and asked to wire funds to the criminals. And unlike electronic transfers that are covered by consumer protection laws, fraudulent check scams often leave consumers suffering the loss.
7. When shopping online, deal with reputable merchants and be wary of unbelievably low prices. "There is no guaranteed way to ensure that an online merchant you're unfamiliar with is reputable, but there are ways to avoid doing business with an unreliable one," cautioned Jeff Kopchik, an FDIC Senior Policy Analyst specializing in technology matters.
First, he said, ask your friends and family if they've had good experiences with a merchant you're considering using. "If people you know have used and can recommend an online merchant, that's a strong indicator," he added. Second, you may already know and like some online merchants from their retail outlets, mail order catalogues or other services. They are likely to be a safer bet than an unfamiliar merchant that doesn't list a physical address or a phone number on its Web site.
If you are uncertain about an online merchant, check with the Better Business Bureau Online (www.bbbonline.com). You can also search online for complaints about the business. Similarly, if you have a problem with an online merchant, file a report with the Better Business Bureau. The Bureau will notify the merchant about your concern and ask you if the issue was resolved. A legitimate merchant will attempt to fix the problem, while a crooked company may have many unresolved issues.
8. Using a credit card generally offers more purchase protection than a debit card or other electronic forms of online payment. "Unlike paying with a debit card and the money being immediately transferred out of your account, with a credit card you generally have weeks to pay your bill," Kopchik said. "So if the merchant does not deliver as promised, you have time to dispute the transaction and even enlist the help of your credit card company." He also noted that federal law gives you certain rights, in areas such as dispute resolution, when buying with a credit card.
However, watch your budget when using your credit card to shop online. Kopchik said studies have shown that people spend more when they use a credit card instead of cash, a gift card or a debit card.
9. Be on guard against scams hiding behind online coupon offers. Web sites for legitimate coupons will only ask consumers to provide an e-mail address in order to use their service to search for online specials and discounts. Beware of any coupon site that asks for personal, financial or payment information, which can be misused by criminals.
10. Be careful if you download banking software onto a cell phone. Many cell phones called "smart phones" allow consumers to add computer-like features ranging from video games to "mobile" banking. But cell phone users need to be aware of an emerging threat from criminals selling malicious software for mobile banking, some even falsely displaying bank logos. "These applications may contain spyware, and downloading them could be giving a hacker access to your bank account or payment card information," reported Nelson.
His advice? "Only download mobile banking applications from a safe site, such as your wireless provider, phone manufacturer or your bank." When in doubt, he added, "contact your bank before downloading any banking applications to your cell phone."