These days, you can do almost every financial transaction online, from buying things with your credit card, paying your bills, to transferring money to your accounts. While technology makes it easier to perform these transactions, it’s also becoming easier for phishers and hackers to steal your personal information to gain access to your finances.
Phishers and hackers use online social engineering techniques to manipulate people into giving up their passwords, bank information, or access to their computers. These social engineering techniques are effective primarily because they aren't obvious to most people. And these scams will just keep becoming harder to spot over time. But, the good news is you can take steps to ensure that your personal and financial information is secure, as well as avoid falling prey to these scams.
Before diving into how you can prevent hackers from stealing your data, let’s take a look at some of the most common social engineering attacks that phishers and hackers use. This way, you know what you’re really fighting against.
If a hacker hacks into a person’s email account, he can gain access to that person’s contact list. And because most people use the same password for most of their online accounts, a hacker can probably gain access to that person’s social networking contacts, too. In this case, the hacker might send you an email posing as your friend to get you to divulge your personal information.
Alternatively, a hacker may pose as your friend and send you a link via that friend’s email address, or social media account. Once you click on the link, the hacker could infect your computer with malicious software (malware) that gives him control of your computer from which he can collect your data.
A phisher typically sends an e-mail, direct message, comment, or text message that appears to come from a legitimate, popular company, bank, school, or institution. The email can look legitimate because phishers often copy the exact logo, format, and content of the emails sent by the institutions that they’re pretending to be.
For instance, a phisher could send you an email posing as your bank. The email would say that there’s a problem with your bank account and prompt you to verify your information by clicking on a link. The link could bring you to a website that looks exactly the same as your bank’s website. Once on the website, you’re asked to provide your personal information, or log in with your username and password. People who take the bait could have their bank account hacked into, or have their computers infected with malware.
Phishing scams could also claim, for instance, that your bank account was hacked into, or that your account will soon be deleted. Phishers use this tactic to create a sense of urgency and get you to act quickly without thinking.
Spammers want you to act first and think later. Don’t let the sense of urgency in an email influence your judgement.
If an email is unsolicited, cross-check the contact information and the links in the email even when the email comes from a company, or person you trust. If the sender requests for your password, contact number, log-in details, ID number, or any other sensitive information in the email, it’s likely a scam.
You should also ignore any junk or chain emails.
Once you open an email, hovering over the links in the email will show you the actual web address, or URL that you’ll land on if you click on a link. With most email services, you can see the web address on the bottom corner of your screen. But, some fake URLs can still look legitimate. So, instead of clicking on an email link directly, use a search engine to search for and click through to the company’s website.
If you don’t know what the email is about, don’t click the links in it. Similarly, never call or text the phone numbers from the email; it’s easy for a scammer to make it sound as though you’re talking to a bank teller.
If you weren’t expecting a file from someone, or if a file is attached in an email from a sender you don’t know, don’t download those files.
Use anti-virus software, firewalls, and email filters on your web browser and computer, and keep them up-to-date to prevent malware from infecting your computer. In addition, you can use anti-phishing tools offered by your web browser or a third-party application to alert you of potential phishing threats.
You should also update the software on your devices from time to time because these software updates often include security fixes to the software.
Turn on Disk Encryption on your computer. This way, if someone gains access to your computer and extracts the disk drive, they won’t have access to the data stored on it without your password. You should also back up the data on your devices every month, or at least, every quarter.
To perform financial transactions, only use a trusted computer or device, and never use public, or internet cafe computers. And, make sure that you turn off file and printer sharing on your devices, especially if your devices are connected to the Internet.
Even if you’re using private Internet networks, always log out of your accounts and clear your browser’s cache after performing online transactions.
At StashAway, keeping your data and financial information secure is one of our top priorities. Not only do we encrypt your personal data and manage your data on a secure server, but we also make sure that hackers can’t access your funds if your account, password, or one-time password (OTP) is compromised. For instance, we only allow withdrawals to bank accounts registered with the legal name you used when signing up with us. Learn more about how we keep your data and funds secure.
StashAway Malaysia Sdn Bhd (201701046385) is licensed by the Securities Commission Malaysia (Licence eCMSL/A0352/2018).