Banking Securely Online

Oct 28, 2016

Online banking has become a convenient, everyday part of having a balanced “checkbook.” Unfortunately some fraudsters have taken advantage of today’s consumers’ online habits.

The following is an excerpt from a publication by the US Department of Homeland Security’s Cybersecurity Library. Click here to view the entire article.

Phishing Attacks

Phishing attacks use fake email messages from an agency or individual pretending to represent your bank or financial institution. The email asks you to provide sensitive information (name, password, account number, and so forth) and provides links to a counterfeit web site. If you follow the link and provide the requested information, intruders can access your personal account information and finances.          

How to Spot a Phishing Attack

If you receive suspicious-looking email correspondence about a financial account, verify its authenticity by contacting your bank or financial institution. You should not reply, provide any information or click on links in email requests for security information, warnings of an account suspension, opportunities to make easy money, overseas requests for financial assistance, and so forth.

Editor’s Note: Washington Federal will never ask you to provide your account or social security number over the phone, via email or on a website. If you do receive an email or phone call asking you to provide private information, please do not respond and call us right away.


Malware is the term for maliciously crafted software code. Special computer programs now exist that enable intruders to fool you into believing that traditional security is protecting you during online transactions. For example:

  • Account information theft. Malware can capture the keystrokes or other authentication steps used for your login information.
  • Fake web site substitution. Malware can generate web pages that appear to be legitimate but are not. They replace legitimate web sites with a page that can look identical, except that the web address will vary in some way. Editors Note: Always look for in your browser’s address bar to be sure you’re on our legitimate website.

Avoiding Malware

With malware, you must be tricked into performing actions you would not normally do. You would have to install the malware on your computer either by running a program, such as an email attachment, or by visiting a web site through email or instant message link. Then, you would have to submit your bank login information. Your financial information would be at risk only after you performed all these steps.

To help stay safe, install anti-virus, firewall, and anti-spyware programs on your computer and keep them up to date.


Pharming attacks involve the installation of malicious code on your computer; however, they can take place without any conscious action on your part. In one type of pharming attack, you open an email, or an email attachment, that installs malicious code on your computer. Later, you go to a fake web site that closely resembles your bank or financial institution. Any information you provide during a visit to the fake site is made available to malicious users.

Watching for Pharming Attacks

With pharming attacks, you must open an email, or email attachment, to become vulnerable. You then visit a fake website and, without your knowledge, provide information that compromises your financial identity. By ensuring you stay up-to-date on your anti-virus programs and double-checking the validity of emails you receive from your financial institutions, you can help keep your information safe.

More Tips for Safe Online Banking

  • Review your bank’s information about its online privacy policies and practices. You may also want to use a service such as the Better Business Bureau to view any existing history of outstanding consumer complaints about privacy violations.
  • For security purposes, choose an online personal identification number (PIN) that is unique and hard to guess.
  • Regularly check your online account balance for unauthorized activity.
  • Consider using a credit card to pay for online goods and services. Credit cards usually have stronger protection against personal liability claims than debit cards.
  • Avoid situations where personal information can be intercepted, retrieved, or viewed by unauthorized individuals.
  • You should conduct online bank transactions using non-public or shared devices and avoid using unsecured or public network connections (for example, at a coffee shop or library).

What should I do if I’ve been a victim of cybersecurity?

Start by filing reports with the following organizations:

  • Your financial institutions
  • Local police
  • Federal Trade Commission –
  • Internet Crime Complaint Center –
  • Three major credit bureaus – Equifax, Experian, and TransUnion 

Women with iPad