A June survey by digital payments provider Zelle found that 82 percent of consumers ages 55 to 72 who have a smartphone and a checking or savings account are doing more of their banking online. Fifty-five percent are using mobile tools to manage their accounts more often.
Fraud experts warn this new normal could create ripe opportunities for scammers to exploit the newer, older ranks of people banking electronically. Crooks posing as bank representatives email, call or text customers hoping to pry loose private information that gets them access to online accounts.
"We're all now digital bankers, whether you wanted to be or not,” says Donna Turner, chief operations officer at Early Warning, the parent company of Zelle. “What we see right now is this perfect storm for the bad guys to really focus and dive in."
Online banking scammers may target older people for several reasons, says Brian Krebs, a journalist who runs the respected cybercrime website KrebsOnSecurity. After decades of work, older adults are more likely to have higher incomes and greater assets. They are often perceived, fairly or not, to be less tech savvy and more inclined to answer the phone.
Isolation can also be a factor, particularly amid the pandemic, notes Amy Nofziger, director of fraud victim support at AARP. “When people are in crisis — and who's not in crisis or at an elevated emotional level right now with COVID — they actually want to connect and speak with somebody,” she says.
Phishing: Don't get hooked
The first defense against banking scams is knowing that a reputable bank will not contact you out of the blue and ask for your Social Security number, online account password or other personal information. It won't ask for money. Anyone that does is almost certainly phishing.
This type of scam isn't new, but “scammers have gotten really, really sophisticated” at it, says Kathy Stokes, director of fraud prevention programs at AARP.
These scams start with an email or text that appears to come from a real financial institution, down to an authentic-looking logo. These spoofed communications carry urgent but phony warnings about problems with an account or transaction.
You might be directed to call a supposed customer service line (where you'll be pressed for personal information like a Social Security number), or to click on a link that takes you to a fake banking website. That could be a trap to infect your device with malware that allows crooks to track your keystrokes and capture account credentials.
Signs of phishing can include misspellings and poor grammar; email or web addresses that resemble but don't quite match the real domain (look for a switched letter or extra punctuation mark); or generic greetings like “Dear Valued Customer."
But even these clues can be tricky, Stokes says: Some fraudsters purposely put them in emails to “weed out people that would be more aware” from clicking through or calling the bogus help line.
"It's akin to a marketing strategy. Get people who are sufficiently fraud-savvy to opt out by ignoring the lure,” she says. “Those who remain are the ones that will be easier to deceive.”
"Vishing,” or voice phishing by phone, has also gotten “orders of magnitude more sophisticated” and harder to detect, says Krebs.
For example, scammers may come armed with information about you, gleaned from social media or a prior data breach (a kind of targeted attack called "spear phishing"). They'll mention personal details like your birth date, where you work or the last four digits of your Social Security number to make their claim to be from your bank more convincing.
Know whom you're talking to
If you get a call like that, hang up immediately. Similarly, don't reply to an email or text that seems at all suspicious, and don't call a phone number listed in one.
Nor should you necessarily trust a number found via Google search, chat room or social media. For the same reason, don't ask Alexa on a smart speaker to connect you either, experts caution.
"Just about every major company is being targeted by the bad guys,” Krebs says. “They spam all these forums and you end up calling scammers for help."
To find out if there's an actual issue with your account, contact the bank via a channel you know to be legitimate, like the customer service number printed on your bank statement or the back of a debit card.
Here are some other ways to bank online safely and avoid scams:
Choose a unique account password. Don't use the same or similar passwords across multiple websites. That's “far and away the biggest source of cybercrime today. It's just epidemic,” says Krebs
Use two-factor authentication. With this extra layer of protection, you get a one-time code (via text or email) whenever you log into your online account. It's an additional way for the bank to confirm your identity and keep crooks out of your account. But beware: A scammer who has obtained your password through a hack or other means might try to persuade you to get a two-factor code and read it back to them — thus giving them access. “This is really, really common,” Krebs say.
Make sure you're on your bank's genuine website — especially if you got there via search, which scammers can game to usher you to a phony site. Check that the web address contains your bank's true domain, with no extra or substituted characters. Look for a padlock symbol in the browser's URL field; that's an indicator the connection is secure
Make sure you're using your bank's official app. Download it from a trusted source, like an official app store or your bank's website, and keep it updated. The FBI warns that rogue actors create lookalike apps that mimic those of major financial institutions in a bid to get your log-in credentials.
Read the security and privacy sections of your bank's site. Get to know about alerts and other protections the bank makes available for online customers, Turner recommends
Only bank using secure Wi-Fi, like your private home network. Public Wi-Fi is more susceptible to hacking.
Regularly review your bank statements and activity, and report anything that looks questionable to the bank, immediately.