What Terrifies You?

What Terrifies You? That question isn’t intended to evoke images of psychotic clowns or weeping angels. I’m asking about things that can truly hurt you.

What Terrified Me: Yesterday I had just finished paying bills and my wife asked me why the accounts showed a balance of zero. “What do you mean?” I gasped. Phone in hand, she said, “My mobile app shows both accounts at zero.” Panic washed over me like the first time I saw empty pallets at Costco where the toilet paper should have been. I shakily snapped open the stiff MacBook lid and fumbled back into the account, sweat beading on my forehead. The money was there. It was just an error in her mobile banking app. Whew!

OK. Two things really scare me: Empty toilet paper rolls, and losing my money. If you are even mildly aware of these crimes, you may have had whispering thoughts haunting your indifferent attitude. If so, there are a couple things you can do right now to minimize the risk of the latter spectre ripping the digital dollars from your clutching fist. But before we get to the solutions, what’s the big deal?

Online Safety: First, it’s terrifyingly easy for someone to break into your bank account. Recently I was helping someone close to me secure the login process for their bank account. The bank provided a mechanism called 2-factor authentication. That’s where, in addition to your olde-timey username/password combo, you receive a text message with a one-time code. You then enter that code to access your account. Well, the web portal had a flaw, and instead of sending the code to her cell phone, she was prompted to call the bank’s 800 number. Upon calling, the “helpful” technician, without verifying her identity, promptly gave her the one-time code. So, if an attacker had compromised her password (trivial to do by the way), that second factor of security would have melted like clown makeup in the rain.

FBI Recommendations: In a public service announcement, the FBI recently recommended three ways to improve the security of your mobile banking:

  1. Use 2-factor authentication.
  2. Use strong passwords, and good password security.
  3. If your banking app appears suspicious, call your bank.

https://www.ic3.gov/media/2020/200610.aspx

Additional Thoughts: .

  • Only download banking apps from your phone’s app store, or directly from your bank’s website. Period.
  • Never click on links or open attachments from unexpected emails.
  • Enable two-factor authentication on your bank account (all your accounts really), and make sure you’re using a stronger technique to get your login codes.
  • If your “bank” calls you to ask about something, hang up the phone immediately. It’s not rude; It’s caution. Then call the bank with a known-good number.
  • Never participate in over-the-phone surveys. There is no prize waiting for you at the end. Just hang up.
  • Create strong, unique passwords for all your accounts. Don’t share. (Dental floss, remember?)

Multi-Factor Authentication: “So, Tom. What is this 2-factor thing you mentioned?” I’m so glad you asked. There are 3 ways (factors) to prove your identity when you log into a web application, like your bank account. They are categorized as: something you know (passwords), something you have (your cell phone), and something you are (fingerprint or face recognition). Two-factor authentication means using at least two of those factors to login. Most websites will support SMS or email. The least secure of which is SMS. Marginally better is email (also easy for a bad guy to break into). Better is an authenticator app (if you get it from a known-good source). Best is a hardware token like a Yubikey. The moral of this story is: use a second factor for logging into your bank account. You do that and you have effectively trapped two weeping angels face-to-face.  

Other things can hurt you. Just don’t blink.