Skip to navigationSkip to loginSkip to content
BlogSupportContact us
English
Become a client
Back to blog

Good online practices are your best protection against cybercriminals

Keytrade Bank logo

Keytrade Bank

keytradebank.be

October 20, 2025 

3 minutes to read

We are investing billions in firewalls and encryption, but you yourself remain your strongest defence. By changing your habits in a few small ways, you can avoid falling prey to cybercriminals. Here’s how.

In this year alone, global spending on cyber security is expected to exceed EUR 170 billion (source). Despite these huge investments, cyber incidents can often be traced back to something other than the technology involved. 95% of cyber incidents are caused by human behaviour (source).

That may sound bad, but it’s actually good news. If one wrong click or careless download can cause problems, one conscious reflex can also prevent them. Cybercriminals rely on trust and routines, which is why changing your habits breaks that pattern. Humans remain the essential link in every security chain, making them the key to improvement as well.

1. Password reuse: dangerously convenient

My password? It’s very easy to remember. It’s the name of my dog plus my daughter’s birth year. Sound familiar? You’re not the only one.

Password reuse is one of the most underestimated security risks. Using the same password for your email account and your favourite online store can have a domino effect. A single data breach at that online store would be enough to give criminals access to your email account – often the gateway to all your other accounts. Once criminals have access to your inbox, they can reset other passwords, take over your identity and even authorise financial transactions.

The problem increases if you are using different versions of the same password, e.g. Password123 on one site and Password456 on another. Hackers can crack these in seconds by systematically trying out variations on the password already in their possession.

Fortunately, this is one of the easiest risks to mitigate: simply use a password manager. This tool will generate unique, complex passwords for each website and store them all for you. All you need to remember is the master password. Although it may take some getting used to, this is the most effective step you can take to protect your passwords.

2. Public Wi-Fi: your data up for grabs

You are sitting in a hotel lobby, enjoying your well-deserved holiday. The hotel’s Wi-Fi is free and fast. Why not check your bank account?

Public Wi-Fi networks are goldmines for cybercriminals. Attackers use a strategy known as man-in-the-middle to intercept all the data traffic passing back and forth between your device and the internet. Passwords, bank account numbers, personal messages – they can capture it all. Some criminals use what is known as a 'Wi-Fi pineapple': a device the size of a smartphone that impersonates a trusted network. Your phone connects automatically because it ‘recognises’ the network, and before you know it, all your data has been compromised.

The scary part is that you won’t notice a thing. Your banking app works as always and websites load normally, yet every move you make is being recorded. Sometimes criminals even create fake Wi-Fi networks with names like 'Hotel_Free_WiFi', which are specifically designed to lure unsuspecting guests to connect.

Even in seemingly safe environments such as cafes or airports, you are at risk. The network itself may be legitimate, but with dozens of strangers using it simultaneously, there’s no way to know who’s watching. The golden rule is to never use public Wi-Fi for financial transactions. Have no choice? In that case, use a VPN (Virtual Private Network) to encrypt your data traffic. And deactivate the setting on your phone that allows for automation connection to known networks. That way, you stay in control.

3. Trusting in technology: your bank would never call - or would it?

Good afternoon, this is your bank’s fraud department. We have detected suspicious activity on your account. The voice sounds professional, there are call centre noises in the background, and they know your name and even your account number. You are happy to do as they say.

Fraudsters count on you to be overly trusting of technology and authority. In fact, modern technology makes it child’s play to spoof a phone number and come across as professional. Criminals use social media, data breaches and public sources to conduct extensive investigations. That way when they call, they know enough about you to sound convincing.

The same applies to emails and text messages. Phishing emails are no longer poorly designed or riddled with spelling mistakes. Nowadays, these can be perfect replicas of official bank communications, complete with logos, disclaimers, and, ironically, even security warnings. Links lead to websites that look just like the real ones.

Deepfake technology exacerbates the problem. A video call by an ‘employee’ who looks and sounds exactly like someone from your bank? It might just be a fake. Audio can be cloned, faces replaced digitally, and it’s all done in real time.

Your most important line of defence is a healthy dose of suspicion. Banks will never call to ask for your login details, PIN or password. Does an interaction feel off somehow? End the call, then make your own call to your bank’s official number. Don’t click on links in an email, type the address into your browser manually instead.

4. Invisible risks of smart homes and connected devices

Devices such as smart speakers, smart doorbells and fitness trackers often have minimal security. Many manufacturers only care about functionality and price. Default passwords are rarely changed, software is not updated, and vulnerabilities remain open for years. Hackers could use an unsecured smart thermostat to gain access to your home network. Once they are on that network, they can also access the laptop where you do your banking.

Luckily, these problems are easily addressed. Always change any default passwords. Update your devices’ firmware regularly. If you can, sequester smart devices on a separate network, away from the devices you use for banking. Ask yourself, does my fridge really need a built-in camera and internet access? By adopting these practices, you can close countless digital back doors.

5. Social media: a public journal read by criminals

Off we go to Bali! Two weeks of holiday bliss! 🌴 #blessed – along with a photo of your flight ticket displaying your full name and booking code. Welcome to the world, sweet Max! with a birth announcement including the date of birth. Enjoying my new car! with a clearly legible number plate.

Each message is another piece of the puzzle. Together, they create a complete profile criminals can use for targeted attacks. Your name, the name of your first pet, your date of birth and answers to common security questions – all inadvertently shared on social media.

Moreover, you are announcing to the world when there will be nobody home, where you are and how much money you probably have. Expensive holidays, purchases and restaurant visits combine to offer insight into your finances.

Criminals use this information for social engineering purposes by approaching you with specific knowledge that inspires trust. I see you just bought a new car. This insurance policy could be of interest… Before you know it, you have given away your personal information to a scammer.

You needn’t avoid social media altogether, but do practice vigilance. Don’t share your location in realtime. Be reticent about personal details. Check your privacy settings. And every time you make a post, ask yourself: could anything here be misused by someone with bad intentions? Transform yourself from an unwitting target into a mindful user.

6. “That only happens to others, not to me”

The biggest threat may be psychological: the belief that you aren’t a target. I don’t have much money, I’m no-one important, I’m always careful. This is why vigilance is actually your greatest weapon.

Modern cybercrime is largely automated. Bots are scanning hundreds of computers for vulnerabilities simultaneously. Phishing emails are sent to millions of people. No need to be special - you just have to be unlucky enough to click on the wrong link at the wrong time. 86% of Belgians have (almost) fallen for an online scam at some point (source).

Victim of a scam?

Take action as soon as you can:

Back to blog

This article does not contain any investment advice or recommendation, nor a financial analysis. Nothing in this article may be construed as information with a contractual value of any sort whatsoever. This article is intended for information only and does not constitute in any way a commercialization of financial products. Keytrade Bank cannot be held liable for any decision made based on the information contained in this article, nor for its use by third parties. Every investment entails risks such as a possible loss of capital. Before investing in financial instruments, please inform yourself properly and read carefully the document "Overview of the principal characteristics and risks of financial instruments" that you can find in the Document centre.

Other articles that might interest you