Expert advice on protecting your bank accounts from hackers

Online banking is convenient and popular. Around 87 percent of Americans use their banking app at least once a month, according to a study released by Chase in 2023. With increased usage, however, comes a higher risk of cybersecurity problems.

Cybercriminals are getting more and more convincing with their phishing and malware attacks. They often create fake bank websites and banking apps to steal money or personal information.

If you’re worried about how to secure your bank account from hackers, we’ve interviewed four cybersecurity experts to give you the best tips on keeping your accounts safe.

Tips to avoid getting hacked

Paul Benda, executive vice president, risk, fraud and cybersecurity at the American Bankers Association

• Make sure you’re actually on your bank’s website or app. This is because hackers have been known to set up imposter sites. “Check your statement or the back of your bank card for the right website, bookmark it, and use that to ensure you are on your financial institution’s official website,” Benda says.
• Only download verified apps from reputable websites such as the App Store and Google Play. “Trojans are really pernicious,” Benda says. “People need to be careful about what apps they install and where they install them from.” Fraudulent activity can often occur through sideload apps, or those downloaded from unofficial sources, he says.
• Don’t reply to a text from your bank if you’re unsure whether it’s legitimate. “Instead, verify the message by contacting your bank at the number on the back of your card or through the mobile banking app,” Benda says.

Teresa Walsh, chief intelligence officer and managing director, EMEA, at Financial Services Information Sharing and Analysis Center

• Be aware of ways artificial intelligence (AI) can be used to put your personal information at risk. “Along with newer threats like deepfakes, AI is also being used to mask some of the traditional warning signs of cyber threats,” Walsh says. For example, while it used to be easier to identify a scam text by its poor spelling and grammar, threat actors are now utilizing generative AI tools to fix the errors in phishing messages and make them appear more legit.
• Be alert to potential fraud and challenge anything that doesn’t seem right. “The use of [generative AI] and machine learning by threat actors continues to develop, as fraudsters and adversaries employ the tools across the entire cyberfraud life cycle to enable their exploits,” Walsh says. “If something doesn’t seem right, take a moment to question it.” 
• Use different passwords across banks. This also applies to your credit cards and peer-to-peer apps for sending money. “If one password becomes compromised, suddenly a cybercriminal can potentially access the full spectrum of your financial information,” Walsh says.

Need a new savings account? See Bankrate’s picks for the best high-yield savings accounts

Donald Korinchak of CyberExperts.com

• Use two-factor or multifactor authentication. This security measure offers greater protection by requiring you to provide at least two methods for verifying your identity. “There are three categories of authentication,”  Korinchak says. “One, something you know, like a password. Two, something you have, like your cellphone — this is validated when you receive the text code. And three, something you are — biometrics.”
• Set up alerts via email, text or your bank’s app to monitor fraudulent activity. “In the old days, customers often were unaware of fraud until they got their monthly bank statements,” he says. “Because of this delay, the fraudulent activity could continue for up to four weeks. With alerts, the customer is notified very quickly and can work with the bank to swiftly rectify the issue.”
• Use your device’s security functions to protect data. “Be sure to set up the ability to track your stolen device, disable it and wipe it remotely,” says Korinchak.

Compare: See Bankrate’s picks for the best online checking accounts

Eric Kraus, vice president and head of products and services, fraud risk and compliance at FIS, a fintech company

• Beware of messages that could be from scammers. “Consumers should never respond to unknown messages and embedded web links,” Kraus says. “Everyone should understand your bank or credit union will not contact you asking for sensitive information they already have, such as your account number. When in doubt, contact your bank or credit union directly for clarification before providing anything via text or web.” Kraus advises being particularly cognizant of messages that aim to create a false sense of urgency around requests for your information. “This is a popular tactic of criminal fraudsters,” he says.
• Set up mobile payment controls and account alerts. “Timely notification of account activity can help consumers identify suspicious activity quickly,” says Kraus, who recommends monitoring bank accounts as well as online shopping accounts and digital wallets. In can also help to set account spending controls and limits, he adds.
• Be careful when sharing your personal information on social media. “Everyone wants to tell everyone in the world about every little personal thing in their life,” Kraus says. “Be cognizant of not oversharing.” The more of your personal data a hacker has, the greater likelihood they can use that information to get into your account.

Bottom line

Consumers lost more than $10 billion to fraud in 2023, a 14 percent jump from the previous year, according to the Federal Trade Commission. You can help avoid being a statistic by being aware of the types of cybercrime and the ways to protect yourself.

“Hackers are constantly improving their game,” says Korinchak. “And it is up to all of us to be vigilant.”