A Phishing Hole in Your Pocket?
In 2005 I was working at a Community Bank in the area and we were rolling out information about our online banking services. The conversation then is much as it is now…around how convenient it is to access your finances outside a brick-and-mortar branch. The major difference is that back then it was all based on a home PC connection. That’s right, the personal computer was the gateway to the web and to early online banking relationships! We offered a mouse pad as a gift for signing up – its message was cheeky and so appropriate for the time: “No shirt, no shoes – no problem!” At the time, I would not have imagined that most of us would be carrying our bank relationship in our purses and pockets via smartphone technology a mere fifteen years later.
Let’s talk today: There are roughly 5.22 billion unique mobile users worldwide in 2021. (GSMA Intelligence) Mobile app usage statistics show that the average person checks their phone 63 times a day, mobile banking included.
THINK LIKE A BANKER WHEN SECURING THE BANK IN YOUR POCKET
Value security over seconds. While it may add a moment of effort to unlock your phone, the payoff could be avoiding the costly implications of fraud.
At the bank, we have layers upon layers of security to protect the data associated with your accounts. Do you? If you have information or access to accounts via apps on your phone that could allow a criminal to access if they got ahold of your phone, you need to take a simple measure: Password secure your phone’s home screen! Of course, it is easier to swipe and type but when it comes to what is now available…think about it. Would you leave your Amazon account open for anyone to order from? How about your checkbook – would you leave it on the seat of your unlocked car? If the answer is no, take a step to add the layer of security on your phone.
Speaking of security, when it comes to apps that have accounts linked to them (Banking, Credit, Shopping, Subscriptions, etc.) be sure you are using best practices to protect those as well.
INDUSTRY BEST PRACTICES
Make Your Passwords and PINs Unique
Create a strong, unique password and PIN for every account and device. If one password or PIN is exposed, your other accounts and devices are safe.
Keep Your Credentials Secret
Don’t write down passwords or PINs and make sure not to share them. Shield your device screen when logging in.
Safely Store Your Credentials
Avoid saving passwords in your browser. Instead, consider a password manager to manage all those unique logins. (Check with your employer before using one at work.)
Add Multifactor Authentication (MFA)
Add MFA options whenever offered. This includes one-time passcodes that verify that it is in fact you logging in to the account – especially if you are doing so from a new or rarely used device. Aside from a mobile app for banking services – many of us are using a form of email on that same device, right? Emails can be a gateway for criminals to access your information too.
HERE’S WHERE THE TERM PHISHING COMES IN
Living near Lake St. Clair but haven’t heard of it? That’s okay because it has nothing to do with water-based activities – it is more about “taking the bait.” Phishing is defined as the fraudulent practice of sending emails purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords and credit card numbers.
Do your best to think before you open or click
- Make sure you know the sender is legitimate.
- Before clicking a link, always hover over it to reveal the true destination.
- Be suspicious of emails urging action and offers that are too good to be true.
Understand how Phishing Scams operate
- Tricking you into clicking a malicious link or opening an infected attachment.
- Disguising malicious links, often as buttons.
- Creating a sense of urgency by triggering strong emotions, such as fear, uncertainty, and doubt.
- Taking on the name and style of a well-known brand or trusted organization.
Look out for what is “Phishy”
Here are some tips on identifying what would be an attempt:
- Appearing to come from a legitimate email address, but with small changes. (swapping out letters or numbers, or adding extra characters)
- Spelling and grammar mistakes in the content.
- A greeting that is generic, incorrect, or that uses your email address. (e.g., “Dear, firstname.lastname@example.org”)
Amy Persyn is a lifelong Macomb County Resident. She is passionate about connecting families and entrepreneurs with information that can help them become empowered and financially literate.