Staying safe online with your money

Nowadays, everything seems to be done online, from your weekly food shop to buying clothes and even the big stuff like applying for mortgages. But how do you make sure your money stays safe online? Here are a few things to look out for.

By Joe Hickman

Created on: 19/02/2021

Updated: 06/09/2022

Reading time: 5 mins

Did you know that in the UK we spend more than a billion pounds a month online? That’s a staggering amount of money, and research shows that this number is increasing every year^[1]. With so many people spending money online, you may be shocked to hear that cybercriminals steal more than £190,000 a day^[2].

It’s extremely important to be vigilant online, although it can be surprisingly easy to slip into some bad habits which could compromise your security. Here are a few things that you could do to stay safe online with your money.

Check the website is secure
There are millions of websites out there, but not all of them are friendly. Some are created with the sole purpose of stealing your details and/or your money. Luckily, the legitimate sites know this and put in extra measures to give you increased confidence when inputting your details.

One of the things that you could look for is whether the website is secure. This is generally done through https, which will show you a little padlock in the URL bar. If you’re using a modern browser, it should alert you as to whether a site is secured, not secure, or even dangerous. It’s generally not a good idea to ignore these warnings.

Use strong passwords
Remembering your passwords can be a pain, but talk to any security professional and they’ll tell you that a strong password is important – using generic ones like ‘Password1’, or even trying to be clever with numbers and using ‘P455w0rD’ are extremely easy to crack. Back in 2012, an expert created a computer which could crack every possible windows password in six hours or less by trying every combination of upper and lower-case letters, digits and symbols^[3].

Things have moved on a lot since then, and the recommendations now are to make your passwords longer using both numbers and letters. But that doesn’t mean they have to be hard to remember, for example, if you’re at your desk you could use some nearby objects and today’s date with symbols thrown in to create your new password, such as Mug01/Dog06#BottlePhone2020. Try to use at least three words to create a strong password that’ll be hard to break

Don’t use the same password everywhere
Once you’ve created a really strong password, it can be tempting to use it everywhere, but that’s not always the best idea. While your password may be safe, the places where it’s stored may be compromised. This is because some cyber-attacks will go after the companies housing the information and not necessarily the individuals. Just look at EasyJet – they came under a ‘highly sophisticated cyber-attack’ in April 2020 and around 9million customers’ information was accessed, including emails addresses, travel details and even payment information^[4].

While this attack did not impact passwords, if the hackers had managed to steal both an email address and a password, then they could use this information to access any other websites or services where the customer used this combination. By having a separate password for each website or service you use, it can reduce the risk of this happening to you.

Be wary of your emails
This year, we’re expecting to see over 300 billion emails sent every day^[5] – these are emails between friends, co-workers, businesses, and automated emails. While many of these emails will be genuine, there will be a number designed to trick you into providing your personal information – these are called phishing emails.

There are three simple things you can check to avoid falling prey to these scams:

Check the email address – does it look legitimate and is it sent from the company it’s saying it is
How the email is written – bad grammar and poor spelling are tell-tale signs that the email is a scam
Suspicious attachments or links – every phishing email wants something from you, and the way they normally get this is by using malware, typically accessed by having you click a link or download an attachment

If the email ticks these boxes do not open, reply or click on anything within it.

Check app security
Just as websites have special measures put in for security, apps do too. A good rule of thumb is to not download an app outside of the official App Store or Google Play (depending on Apple or Android) as both these locations run safety checks before allowing you to download them.

It’s also important to check that you’ve downloaded the official app, as there can be copycat apps designed to trick you into thinking they’re what you’re looking for. Take a little bit of time to check the review, read the description, see the last time it was updated to make sure it’s the right one.

Once you’ve downloaded the secure app, you may find that they have extra security measures that allow you to unlock the app using your fingerprint or face. Provided that these have been correctly implemented, this can deliver a good level of security – just make sure nobody else can access your phone with their face or fingers.

Use Two Factor Authentication

Two-Factor Authentication (or 2FA) is an extra layer of security that you can use to keep your account safe. How it works is that you'll still log in to an account using your username or email and a password, but instead of being given access straight away, you'll need to provide a second bit of information to confirm it was you. 2FA comes in many different forms, it could be that you need to provide a PIN - either one that you've set up, or an automatically generated one from a 'trusted device' - or it could be a physical thing such as a keycard, token, or even a smartphone.

This approach could help to protect you from many types of cybercrime, as logging into your account becomes much more complicated than cracking your account nameand password.

For financial services
Unfortunately, there are many scams in the financial services industry too, although there are some warning signs that you can look out for:

Are they backed by the Financial Conduct Authority (FCA)? The FCA is there to protect you by authorising and regulating the UK’s financial system. This applies to banks, building societies, insurers, financial advisors and investment providers – you can search the full register here.
Are they a registered company? Before you do anything with your money, it’s worth checking that the financial services you’re thinking of using are a registered company with a physical address
Can you call them or have them call you? Just because everything is moving online doesn’t mean a company won’t be able to call you. While you can’t use them calling you as actual proof, if they refuse or claim they can’t then alarm bells should be ringing
Be very wary if they ask for security information as this is often what scammers are trying to access. Never give out your password, PIN or other personal information.
Don’t be rushed into transferring money, take a step back and a deep breath and think before making a decision. If it sounds genuine, then call the financial services in question using their registered telephone number and talk to their customer care team to ensure that the query is genuine. This simple step could help save you from fraudulent activity.
If something appears to be too good to be true, then chances are it probably is. If you’re being offered a high return for low risk, then you could be being lured in by a scam

Due to the high level of regulation in this industry, a bit of research will be able to confirm whether or not the company in question is legitimate or not.

Wealthify’s Security
At Wealthify, your security is of the utmost importance to us, which is why we take every possible measure to ensure that your information and money is kept safe.

All the information you provide on our website or app is encrypted end-to-end. Everywhere we store sensitive information (such as bank account numbers, for example) is protected by strong encryption algorithms, and we restrict access to only yourself and limited personnel within the company.

All of your data is stored in our secure cloud environment, which regularly undergoes rigorous security testing by accredited external agencies.

We recommend you always use a unique password (which is different to any you've used for any other websites or apps) that is of a decent length, and that you never share your password with anyone else, or let anyone else have access to your Wealthify account. We also enforce a minimum password length and complexity (meaning that it needs to contain upper and lower case letters, numbers, and special characters) to help you settle on a strong password.

Not only that, but we offer two factor authentication which you can enable to keep your account even more secure, and we'll notify you if your password is changed, or we notice you log in from a location or a device that we've never seen before.

References:

1: https://www.statista.com/statistics/380070/uk-internet-retail-monthly-sales-value/

2: https://www.bbc.co.uk/news/uk-47016671

3: https://arstechnica.com/information-technology/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/

4: https://www.easyjet.com/en/infoalert

5: https://www.statista.com/statistics/456500/daily-number-of-e-mails-worldwide/

Please remember the value of your investments can go down as well as up, and you could get back less than invested.

Wealthy does not provide financial advice. Seek financial advice if you are unsure about investing.