Thank you for the advisory.
We shun online banking altogether, and we shun online credit card transactions except for a card that we consider disposable. One sign of trouble, and dump it. Open new account.
Automatic nothing. Absolutely avoid automatic deductions or payments by any means. Each new door that you add to your bank and credit account is a door that someone can break into.
Kaspersky. It’s one of the best.
Good advice on mouse-over of any links. If you shun electronic money transfers, you can rest assured that any email or phone attempts “pertaining to your account” are bogus.
Other passwords to avoid: drowssap, 123, 123456, qwerty, letmein, admin. Good passwords are nonsense syllables that are easy to remember but not part of any dictionary. Example (do not use): yombrangia.
Google Incognito is, well, just a good idea. Most sites don’t, but I know just how much tracking information can be gathered over time in a cookie.
If you have to use Facebook or Twitter, create an email account for that purpose and that purpose only.