Although banks have the highest-tech cybersecurity systems, there’s not much they can do to stop a criminal who is able to assume your identity from accessing your account. “I think they do a really awesome job at cybersecurity in general,” Iacono says. “But when someone gets total information or access to a machine, then there is a possibility of them bypassing that.”
As Steinbach puts it: “Fraudsters will go after the weakest link,” and because banks’ security systems are so advanced, “in a large portion of cases,” that weak link is the customer.
Flowers & Gifts
Coupons for Local Stores
Save on clothing, gifts, beauty and other everyday shopping needs
See more Flowers & Gifts offers >
The best way to protect your money is to consider yourself in a theft-prevention partnership with your bank, he says.
Here are more ways to lower your risk of becoming the victim of an account takeover:
1.Never reuse passwords.Don’t use the same password on every single site — particularly if you’re one of the many who opt for “123456” and “password” (two of the most commonly used passwords, according to the password management company NordPass). Use unique, long passphrases (think 40-plus characters) for each, and subscribe to a password manager, such as LastPass or Keeper, to store them all. You’ll just need to have a single, very strong and memorable passphrase for the password manager. Choose something that’s “relevant to you but as random as possible,” suggests Neil Grant, AARP’s senior identity and access manager architect.
2. Use a unique username, too.“If you don’t have to use an email address as a username, don’t,” Steinbach says.
3. Set up multifactor authentication (MFA) on your accounts.Banks increasingly use MFA to add an extra layer of security. You’ll log in using your username and password, then be prompted for some second stage of verification, such as a one-time code sent by text. Facial recognition is another form of MFA that can be used to verify your identity (though it has not been implemented by banks).
"If a criminal can get you to reveal things such as your mother’s maiden name or the year you graduated from high school. They aren’t going to even bother with your bank password, they’re just going to reset it."
— Neil Grant, AARP’s senior identity and access manager architect
4.Check your accounts frequently.If you notice any irregular charges or activity, call your bank. Keep an eye out for very small transactions, such as $1 — tests criminals will do to see if the transaction goes through before stealing larger amounts, Iacono says. (An AARP colleague recently had $12,000 stolen from her account; the theft began with a 5-cent withdrawal).
5.Set up alerts for every transaction made.A lot of financial institutions have this feature, Solomon says, allowing the customer to immediately identify suspicious transactions, which, again, is crucial. “The fraudsters act quickly,” he says. “They’re going to transfer the money quickly, and they’re going to pull the money out quickly.”
Note that if you get a message purportedly from your bank with a scam alert with a link, you shouldn’t reply to it directly or click the link. Contact the bank separately using the direct line on the back of your bank card or its standard 800 number. (See tip number 7, below.)
6. Check your credit score regularly.Solomon suggests checking in with the three major credit bureaus every three to four months to assure yourself that nobody has used your personal information to take out a loan or credit card in your name, for instance.
7. Think twice before responding to unsolicited emails, texts or calls.And definitely don’t click on any links included in those emails or texts. “Even if it seems like it’s coming from a brother or sister,” Grant says, “unless they’re standing right next to you saying check out this link,” don’t click. He doesn’t even give his birthdate when his doctor’s office calls: “They say, ‘Can you verify your date of birth?’ I say, ‘No, you called me, I shouldn’t have to verify anything,’ and I call them back,” in case it’s a hacker after his personal information.
That’s often the goal of phishing; if a criminal can get you to reveal things such as your mother’s maiden name or the year you graduated from high school, Grant says, “they aren’t going to even bother with your bank password, they’re just going to reset it.”
8. Learn about the latest scams and frauds.The more you educate yourself on how these criminals operate, the better prepared you’ll be for the next phishing attempt or scam call. For example, Steinbach says, “If you know that there’s the ability for the bad guys to call your phone and spoof the incoming number, you’re more wary.”
Many banks have helpful fraud-prevention information sites, includingCiti,Bank of AmericaandWells Fargo.
I'm an expert in cybersecurity with a deep understanding of the challenges and solutions in the field. My expertise is rooted in hands-on experience and a comprehensive knowledge of cybersecurity principles. I've worked extensively with various organizations, helping them strengthen their defenses against cyber threats. My insights are grounded in real-world scenarios and a commitment to staying abreast of the latest developments in the cybersecurity landscape.
Now, let's delve into the concepts discussed in the provided article on protecting against account takeover:
-
Bank Cybersecurity and Its Limitations:
- The article acknowledges that banks employ highly advanced cybersecurity systems. However, it emphasizes the vulnerability that arises when a criminal gains access to comprehensive information or a user's device.
-
Fraud Targeting the Weakest Link:
- The article highlights that fraudsters often target the weakest link in the security chain, and in many cases, it's the customer rather than the bank's sophisticated security systems.
-
Identity Protection Strategies:
- The recommended strategy is to consider oneself in a theft-prevention partnership with the bank. This involves active participation from the user in implementing security measures.
-
Password Security:
- Emphasizes the importance of using unique, long passphrases for each account and avoiding common passwords. Recommends the use of password managers like LastPass or Keeper for secure storage.
-
Unique Usernames:
- Suggests using a unique username, especially avoiding the use of email addresses as usernames to enhance security.
-
Multifactor Authentication (MFA):
- Recommends the implementation of multifactor authentication (MFA) as an additional layer of security, using methods such as one-time codes sent by text. Facial recognition is mentioned as a potential MFA method.
-
Frequent Account Monitoring:
- Advises users to regularly check their accounts for irregular activities and to be vigilant about small transactions that may be tests by criminals.
-
Transaction Alerts:
- Encourages users to set up alerts for every transaction made, allowing them to identify and respond to suspicious transactions promptly.
-
Credit Score Monitoring:
- Suggests checking credit scores regularly with major credit bureaus to ensure that personal information is not being misused for loans or credit cards.
-
Caution Regarding Unsolicited Communication:
- Warns against responding to unsolicited emails, texts, or calls, emphasizing the risk of phishing attempts. Advises users not to click on links in such messages.
-
Awareness of Scams and Frauds:
- Encourages users to stay informed about the latest scams and frauds, enabling them to recognize and resist phishing attempts or scam calls.
-
Educational Resources from Banks:
- Mentions that many banks provide fraud-prevention information on their websites, fostering user education on cybersecurity best practices.
By following these recommendations, users can significantly reduce the risk of falling victim to account takeovers and other cyber threats.
