Content, Distributed Workforce, Vertical markets

FBI Cautions Mobile Banking Users to Be Wary of Fake Apps

Perked up by the coronavirus (COVID-19) pandemic, cyber crews are exploiting mobile banking by using banking trojans and fake apps to steal victims’ money and credentials, the Federal Bureau of Investigation (FBI) warned in a new public service announcement.

Expect more bad actors to infiltrate mobile banking platforms, largely driven by a 50 percent spike in online banking use since the beginning of the year owing to COVID-19, the agency said, pointing to unnamed studies of U.S. financial data. Those studies, the agency said, also indicate that 36 percent of Americans plan to use mobile tools to conduct banking activities, and 20 percent plan to visit physical branch locations less often.

The bottom line: Cyber attacks are looking for people using online mobile banking to exploit. Without sufficient awareness and knowledge, those relying on mobile banking risk cyber crooks stealing their money and their credentials.

“With city, state, and local governments urging or mandating social distancing, Americans have become more willing to use mobile banking as an alternative to physically visiting branch locations,” the agency wrote. “The FBI expects cyber actors to attempt to exploit new mobile banking customers using a variety of techniques, including app-based banking trojans and fake banking apps.”

In addition to explaining to users how banking trojans and fake applications can victimize them, the law enforcement agency has offered a list of do’s and don’ts to help mobile users safely bank online:

Obtain Apps from Trusted Sources. Only download smartphone apps from trusted sources such as official app stores or directly from bank websites.

Use Two-Factor Authentication. Enabling any form of two-factor authentication will help secure your credentials with your bank.

Do:

  • Enable two-factor or multi-factor authentication on devices and accounts.
  • Use strong two-factor authentication if possible via biometrics, hardware tokens, or authentication apps.
  • Use multiple types of authentication for accounts if possible.
  • Know where your personal identifiable information is stored. Share only necessary information with financial institutions.

Don't:

  • Click links in e-mails or text messages. Cyber crooks use legitimate-looking messages to trick users into giving up login details.
  • Give two-factor passcodes to anyone over the phone or via text.

Use Strong Passwords and Good Password Security. Cyber bad actors exploit users who reuse passwords or use common or insecure passwords.

Do:

  • Use passwords that contain upper and lower case letters and symbols.
  • Use a minimum of eight characters per password.
  • Create unique passwords for banking apps.
  • Use a password manager or password management service.

Don't:

  • Use common passwords or phrases, such as "Password1!" or "123456."
  • Reuse the same passwords for multiple accounts.
  • Store passwords in written form or in an insecure phone app like a notepad.
  • Give your password to anyone. Financial institutions will not ask you for this information over the phone or text message.

If you encounter an app that appears suspicious, contact that financial institution.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.