If the NSA can hack your bank account, who else can?
Who's watching you as you log into your bank account?
Revelations that the National Security Agency can break through web site encryptions and access huge amounts of personal data has raised questions about how safe our day-to-day financial dealings really are.
Many people carry out their entire financial lives online -- doing everything from paying their bills to managing their investments. And while financial institutions have put layers of protections in place to prevent fraud and hacking, security experts say that if the NSA is able to find a way in, other sophisticated cybercriminals could do the same.
But because of the skill, time and money needed to launch such large-scale attacks, getting your bank account drained by a big hacker group like the Syrian Electronic Army or Anonymous is a lot less likely than getting targeted by a small-time fraudster or identity thief, says Credit.com chairman Adam Levin, who specializes in privacy and identity theft.
Even without multi-million dollar encryption-breaking technology, these crooks can pretty easily get the information they need. A hacker can send you an email containing malware that is automatically downloaded as soon as you open it -- giving them access to your computer and all the information on it. Use an unsecured Wi-Fi network in the airport, and your bank account information can be compromised as soon as you log in. Or a scammer claiming to be from your credit card company can call and say there is an emergency with your credit card and ask you to confirm your card number, Social Security number and date of birth.
There goes your identity.
"The capability to get your information is there," said Carl Herberger, president of security solutions at IT security firm Radware. "So it becomes less about who and the motive, but what are you going to do about it."
Instead of retreating from the online financial services world altogether and reverting back to snail mail and cash, there are a number of ways to protect your information. And while you may still be defenseless against some very sophisticated hacks, taking these steps will make it harder for anyone to crack into your financial life.
Create strong passwords: The more unique your password is, the less likely it is to be guessed. Pick passwords with a variety of characters -- include letters, numbers and symbols -- the longer it is, the better, Levin says. And you've heard it before, but don't use "123456" or "password" as a password.
Don't use the same password for multiple websites: This should be a given, but many people still do it because it's so much easier to type in the same password everywhere you go. Problem is, that makes it a lot easier for hackers, too. Also, change your password frequently.
Check your accounts every day: By regularly monitoring your account, you can ensure that you see transactions you don't recognize. Many financial institutions also offer a free service that notifies you every time a transaction is made on your account. The sooner you contact your financial institution about a suspicious transaction, the more likely you are to get your money back, says Levin.
Don't e-mail financial information: E-mailing your financial information to your financial adviser or tax preparer is not a good idea, says Pam Dixon, executive director at the World Privacy Forum. While Dixon trusts the security of an FDIC-insured bank's website, e-mail accounts are more prone to hacks, she said.
Be wary of strangers: If you don't know who sent you the e-mail, don't click on the link inside of it. It could install software on your computer that gives a fraudster access to your online transactions. And if you get an e-mail or call from someone claiming to be a government organization or financial institution, don't respond with personal information.
"There might be nothing you can do about the NSA ... but we have to understand that we are vulnerable every minute of every day to people who are cybercriminals," said Levin.