The State Office of Criminal Investigation generally recommends the HBCI procedure using a chip card in conjunction with a chip card reader with integrated display and keypad (so-called class 3 readers). This procedure is currently considered to be the most secure. You can ask your bank about the availability of the HBCI procedure and the associated costs.
A virus scanner must be part of the basic equipment of a PC today. It is important that it is also updated regularly (daily if possible) so that it can also find the latest viruses on your PC. There are free virus scanners available on the Internet for private users, so you don't even have to incur any additional costs.
A firewall controls your PC's connections to and from the Internet. With the right settings, you can control which programs can access the Internet and which accesses from the Internet are permitted.
No credit institution will send you an e-mail asking you to enter your PIN/TAN combination via a link. Not even to switch to a new procedure for securing your online account. Confidently classify such emails as phishing attempts and delete them immediately.
These are encrypted connections. These can be recognized in the address bar of the browser (Internet Explorer, Firefox, etc.) by the initial letters "https:" in contrast to "http:" for unencrypted connections. In addition, such connections are indicated by a closed lock symbol at the bottom right of the browser window.
If you establish an encrypted connection with your bank, your browser checks whether the address to which you are connected has a certificate from a recognized certificate authority. If such a certificate is not available (e.g. for self-created certificates), it will display a warning message and show you the certificate for verification.
Assume that your bank has a certificate from a recognized certificate authority and do not simply ignore such a warning. When banking online, there is a good chance that you are falling victim to a phishing scam.
When surfing, only accept certificates that you absolutely trust. Once you have permanently accepted a certificate, you will no longer receive a warning when connecting to this website.
The fraudsters try to transfer as large an amount as possible from your account, usually in the four-digit range. If you only rarely transfer large amounts via online banking, it may make sense to set a limit. Many banks allow you to change the amount you can transfer via online banking online using a valid TAN.
Be particularly critical if your connection is interrupted during online banking or if you receive an error message.
If you suspect that you have become a victim of phishing, block your online banking access. If necessary, you can also do this by entering a false TAN three times.
Report to the police if you have lost money through a phishing scam.