Expert advice on protecting your bank accounts from hackers

10,000 hours/Getty Images

Consumers often prefer online banking for its convenience, including the ability to access account information and make transactions with just a few taps or clicks. A study released by Chase in 2023 found that 87 percent of Americans use their banking app at least once a month. However, with increased usage comes a greater risk of cybersecurity problems.

The Federal Deposit Insurance Corp. (FDIC) warned consumers about fake banking websites and banking apps designed to steal money or personal information. The agency recommends investigating banking websites to verify their legitimacy, as well as being wary of apps that ask for suspicious permissions.

Cybersecurity expert Paul Benda tells a story about the time hackers tried to break into his bank account and steal his money. “They figured out my login, but didn’t know my password,” says the senior vice president of risk and cybersecurity policy at the American Bankers Association.

Fortunately, the cyberthieves were foiled. “I called my bank and closed my account,” says Benda.

Tips to avoid getting hacked

Bankrate interviewed four cybersecurity experts to learn the best ways consumers can protect their banking and financial accounts.

Paul Benda, senior vice president, operational risk and cybersecurity at the American Bankers Association

Make sure you’re actually on your bank’s website or app. This is because hackers are known to set up impostor websites. “Check your statement or the back of your bank card for the correct website, bookmark it and use it to ensure you’re on your financial institution’s official website,” says Benda. Only download verified apps from trusted websites like the App Store and Google Play. “Trojans are really destructive,” says Benda. “People should be careful about what apps they install and where they install them from.” Fraudulent activity can often occur through sideloading apps, or those downloaded from unofficial sources, he says. Do not reply to an SMS from your bank if you are unsure if it is legitimate. “Verify the message instead by contacting your bank at the number on the back of your card or through the mobile banking app,” says Benda.

Teresa Walsh, Chief Intelligence Officer and Managing Director, EMEA, at Financial Services Information Sharing and Analysis Centre

Be aware of ways artificial intelligence (AI) can be used to put your personal information at risk. “Along with newer threats such as phishing, AI is also being used to mask some of the traditional warning signs of cyber threats,” says Walsh. For example, threat actors are using generative AI tools to correct the poor spelling and grammar in phishing messages that previously reliably indicated a malicious email or text.” Use different passwords across banks. This also applies to your credit cards and peer-to-peer apps for sending money. “If one password is compromised, a cybercriminal can suddenly gain access to the full spectrum of your financial information,” says Walsh. Choose a longer password. “A 16-letter password has exponentially more possible letter permutations than an eight-letter password, which makes the programs criminals use to try to guess passwords unable to,” says Walsh. “Many people use password managers to generate, store, and change passwords on a regular basis.”

Donald Korinchak of CyberExperts.com:

Use two-factor or multi-factor authentication. This security measure provides greater protection by requiring you to provide at least two methods to verify your identity. “There are three categories of authentication,” says Korinchak. “One, something you know, like a password. Two, something you have, like your cell phone — it’s validated when you receive the text code. And three, something you are – biometrics.” Set up alerts via email, text or your bank’s app to monitor fraudulent activity. “In the old days, customers were often unaware of fraud until they got their monthly bank statements,” he says. “Due to this delay, the fraudulent activity can continue for up to four weeks. With alerts, the customer is notified very quickly and can work with the bank to fix the problem quickly.” Use your device’s security features to protect data. “Make sure you set up the ability to track your stolen device, disable it, and remotely wipe it,” says Korinchak.

Eric Kraus, vice president and head of products and services, fraud risk and compliance at FIS, a fintech company:

Beware of messages that may be from scammers. “Consumers should never respond to unfamiliar messages and embedded web links,” says Kraus. “Everyone should understand that your bank or credit union will not contact you and ask for sensitive information they already have, such as your account number. If in doubt, contact your bank or credit union directly for clarification before providing anything via text or web.” Set up mobile payment checks and account alerts. “Timely notification of account activity can help consumers quickly identify suspicious activity,” says Kraus, who recommends monitoring bank accounts as well as online shopping accounts and digital wallets. Be careful when sharing your personal information on social media. “Everybody wants to tell everybody in the world about every little personal thing in their life,” says Kraus. “Be aware not to overshare.” The more of your personal data a hacker has, the more likely they can use that information to get into your account.

Bottom line

According to the Federal Trade Commission, consumers lost nearly $9 billion to fraud in 2022, which was a 30 percent increase over the previous year. You can help avoid becoming a statistic by being aware of the types of cybercrime and the ways to protect yourself.

“Hackers are constantly upping their game,” says Korinchak of CyberExperts.com. “And it’s up to all of us to be vigilant.”

– Barbara Whelehan contributed to an earlier version of this story.