Increased Use of Mobile Banking Apps May Lead to Cyber Attacks, FBI Warns

The Covid-19 lockdown and stay-at-home orders have changed the way we work, shop and handle our finances.

As mobile banking tools become a go-to alternative for customers who continue in the struggle of social distancing, the FBI anticipates a surge in banking trojans and fake banking apps.

Financial gain is at the top of cybercriminals” agenda, and targeting mobile banking apps to steal credentials and take over banking accounts makes for an easy paycheck.

In a Public Service Announcement published on the Internet Crime Complaint Center (IC3), the FBI advises the public “to be cautious when downloading apps on smartphones and tablets, as some could be concealing malicious intent.”

Banking trojans often disguise themselves in mobile apps that look genuine, such as a game, messaging platform, a handy tool or even a flashlight. But the malicious program is secretly after your personal and financial information. Most of the time, this type of malware remains dormant on your device. When you launch your banking app, the malicious program creates “a false version of the bank’s login page and overlays it on top of the legitimate app,” the FBI said.

Cyber criminals also create fake banking apps that mimic official platforms. For example, a 2018 study revealed that around 65,000 fake apps were detected on popular app stores.

“These apps provide an error message after the attempted login and will use smartphone permission requests to obtain and bypass security codes texted to users,” the agency added.

How can you avoid becoming the next victim?

The FBI also listed a number of tips that can help protect your devices and private information from malicious activity, including:

• Download apps from trusted sourced only – many financial institutions often provide a link to their mobile banking app directly on their website. You can also scan a QR code that will direct you the official app store where you can download and install the corresponding app.

• Enable two-factor or multi-factor authentication – this will help safeguard your account from malicious activity.

• Never access links from untrusted sources – good cyber hygiene mandates not to click on links from untrusted sources. Monitor your inbox and text messages, and delete any suspicious correspondence.

• Use strong passwords – when creating your mobile banking account, use unique credentials that are not shared with any of your other accounts.

• Report any suspicious apps – should you stumble upon any suspicious apps, report them immediately to your financial institution.