Look for the real thing. Your safest bet is going with a major player like Wells Fargo, Citibank, or Bank of America, whose top-rated Web sites offer a wide range of services. If you choose an Internet-only bank, proceed with caution: It can be hard to distinguish legitimate sites from cleverly designed imposters set up by scam artists who want to lure you into revealing your user name, password, and credit card and Social Security numbers so they can run up charges or take out loans. Check the site for a telephone number that connects you to an agent; if there isn't one, it's a red flag that the site is bogus. Even if you can reach someone, go to fdic.gov before you open an account to confirm that the Federal Deposit Insurance Corporation covers the e-bank's deposits.
Bookmark it. Don't use a search engine or type a URL in your browser to go to your e-bank. Thieves set up sites with addresses similar to those of real banks -- usually with just one different keystroke -- and clicking on a bad link or making a typo will steer you there. The sites look so authentic -- down to the bank's logo -- that you'd never know they're bogus. Similarly, never click on links embedded in e-mail claiming to be from your bank asking you to confirm private information or "renew" your account; banks don't request this -- only spammers and phishers do. "If it were a legitimate notification, your bank would ask you to close the e-mail and go to its Web site on your own," says Christiansen.
Expect strict security. Accessing your account should involve several hurdles. A user ID and password are just the start; many places also require you to select an image -- animals, a landscape, a personal photo downloaded from your digital albums -- and write a phrase for it that will appear every time you try to log on; by clicking "OK," you and your bank are verifying each other's identity. Sometimes you have to input more personal details (mother's maiden name, hometown, your first pet). Once you've logged on, you should be notified that you're about "to view pages over a secure connection." Clicking "OK" should change the URL from "http" to "https," which indicates that all communication is now encrypted.
Ask to be forgotten. Don't tell your computer to remember your ID and password and automatically fill them in. "Your teen's friends, repairmen, the nanny -- could try to access your accounts and write themselves an e-check," says Christiansen. Logging off after you're finished isn't good enough, since your session could still be live and accessible with a few back clicks. For added protection, delete your browsing history, then close the browser.
Steer clear of hotspots. Logging on to your bank via Wi-Fi at a coffee shop or bookstore is asking for trouble. The wireless network you're hooked up to could be an "evil twin" set up by a hacker to look like a legitimate signal so he can monitor and record every move you make. Another ploy is the "man in the middle," where crooks offer deceptive Wi-Fi signals that funnel you to a real network. You never know they're there, so they can literally rob you blind.
Keep your guard up. Make sure that your firewall, antivirus, and antispyware software are up-to-date to prevent scam artists from planting codes in your computer that enable them to steal personal data or break into programs that store financial information by tracing your keystrokes. Always shred hard copies of statements or any correspondence containing your Social Security and account numbers so thieves can't dig them out of your trash.