In a public announcement released on June 10th, the Federal Bureau of Investigation (FBI) warned that bad actors are now aiming at mobile banking users. Because of the pandemic, more and more people are looking for an alternative to physically visiting branch locations, so hackers will be looking for ways to exploit the new trend. The law enforcement agency said there had been approximately 50% surge in mobile banking usage in the USA since the beginning of 2020. The increased reliance on online banking tools will undoubtedly attract the attention of hackers.
According to the FBI, cybercriminals will use two main tactics to attack online banking users. Bad actors will infect apps with banking trojans and will try to lure potential victims into installing fake banking apps. The ultimate goal would be for users to unintentionally give-up their online banking login information.
- What is an app-based banking trojan?
After a trojan finds its way to a mobile device, it gets triggered when a user prompts a banking app. The malicious software then redirects the user to a fake login portal. Once the login information is entered, the software records the entry and shares it with the hackers. At the same time, the mobile user gets redirected to online banking without realizing that login information has just been stolen. Those fake login portals are so clever that they log the user to the intended online banking after entry – this way, the user never realizes that its account has just been compromised.
- Fake banking apps explained
Cybercriminals develop banking apps that aim to trick users into entering login information if not careful enough. If a phony banking app somehow makes its way to a smartphone, banking users can try to access internet banking through it, and while doing it, they end up giving up their login credentials. Like spoofed URLs, a spoofed app gives an error message that the entry is wrong, inviting the user to try again. This is how users sometimes give up not only one password, but multiple passwords that hackers can then use to commit fraud. FBI says that in 2018, approximately 65 000 fake apps were detected on major app stores, making this one of the fastest-growing sectors of smartphones-based fraud.
How to protect yourself?
- Antivirus software
Antivirus protection solutions help users identify if apps are fake or contain malicious code. Keeping your smart devices protected with high-end antivirus software will significantly decrease your chances of even coming across infected or counterfeit apps. Having such software on your smartphone is a must for everyone, especially people who do not consider themselves tech-savvy and are more likely to fall into any of the traps left by criminals.
- Password hygiene
Reusing your password on multiple websites is not advisable. Practicing password hygiene is strongly recommended. Use a unique password for every account you create and change it every three months. If you have trouble remembering tens and sometimes hundreds of passwords, use a password manager. High-quality antivirus software solutions usually offer such services as a bonus – take advantage of those options.
- Multi-factor authentication
Enable two-step or multi-factor authentication where possible. While this would not guarantee that you won’t get hacked, it certainly increases the amount of work cybercriminals have to do to hack you. Even if they end up getting your login information, your additional authentications will stop them from entering your account, and your banking institution would most likely detect the unusual activity and will inform you about the login attempts made on your account. This would give you time to change your login credentials before the hackers make their way in them.
The fraudsters are adjusting to the trends, so if you believe that you’ve just given up your password information, or you’ve downloaded an app that you think is fake, call your banking institution. Make sure that the app you are using is the legit one. Better safe than sorry.