The FBI recently posted a Public Service Announcement about the increased use of mobile banking apps. They anticipate that cyber criminals may take advantage of this to conduct attacks and scams through app-based faking trojans and fake banking apps:
“The FBI expects cyber actors to attempt to exploit new mobile banking customers using a variety of techniques, including app-based banking trojans and fake banking apps.
App-Based Banking Trojans
The FBI advises the public to be cautious when downloading apps on smartphones and tablets, as some could be concealing malicious intent. Cyber actors target banking information using banking trojans. Banking trojans are malicious programs that disguise themselves as other apps, such as games or tools. When the user launches a legitimate banking app, it triggers the previously downloaded trojan that has been lying dormant on their device. The trojan creates a false version of the bank’s login page and overlays it on top of the legitimate app. Once the user enters their credentials into the false login page, the trojan passes the user to the real banking app login page so they do not realize they have been compromised.
Fake Banking Apps
Actors also create fraudulent apps designed to impersonate the real apps of major financial institutions. Their intent is to trick users into entering their login credentials. These apps provide an error message after the attempted login, and will use smartphone permission requests to obtain and bypass security codes texted to users. US security research organizations report that in 2018, nearly 65,000 fake apps were detected on major app stores. This one of the fastest growing sectors of smartphone-based fraud.”
The FBI recommends the following to help protect you:
- Only download and use apps from trusted sources
- Use two-factor authentication
- Use strong passwords and good password security
- If a banking app appears suspicious, then call the bank at the customer service number posted on their website.
Click here to read the complete FBI Public Service Announcement.