FBI issued warning to Mobile Banking App Users

FBI issued warning to Mobile Banking App Users

The U.S. Federal Bureau of Investigation (FBI) issued warning to mobile banking app users that they will be increasingly targeted by hackers trying to steal their credentials and take over their banking accounts. The alert was published on the agency's Internet Crime Complaint Center (IC3), which says that the increased usage of such apps during the pandemic could lead to more exploitation attempts targeting their users. The FBI is anticipating that attackers will focus their attacks on mobile banking customers since most peoples are using such services for making payments, transferring funds, and cashing checks.

App-based banking Trojans and Fake Banking Apps

The FBI says that threat actors will try to exploit new mobile banking customers using a wide range of techniques, including but not limited to fake banking apps and app-based banking trojans. Mobile banking users who download an app-based banking trojan onto their smartphones and tablets are usually asked to give it the permissions it requires to steal their information. Such malware will stay dormant and will only surface when the user opens a legitimate banking app on his device. At that time, the trojan creates a false version of the bank's login page and overlays it on top of the legitimate mobile banking app. Once the user enters their credentials into the false login page, the trojan passes the user credentials to the real banking app login page so they do not realize that their credentials have been compromised.

On the other hand, Fake banking apps are impersonating the bank's real mobile apps, and once installed on a victim's device then it will collect the users' credentials when they try logging in. These apps provide an error message after the login attempt and further, will use smartphone permission requests to obtain and bypass security codes texted to users," FBI explains ". In 2018, nearly 65,000 fake apps were detected on major app stores which were reported by US security research organizations, making this one of the fastest-growing sectors of smartphone-based fraud.

Mitigations

FBI says that users and organizations can easily defend against such kind of attacks by taking several measures that will thwart the hacker's attempts.

  • Always download mobile banking apps straight from legitimate sources like your bank's website or official apps stores such as Google's Play Store or Apple's iOS App Store.
  • Always use two-factor authentication (2FA) or multi-factor authentication (MFA) if available because it will protect you against the vast majority of attacks.
  • Always use strong and unique passwords because it preventing your banking account from being hacked and also it will block hackers from brute-forcing their way into your account by trying passwords you used for other online services and social media platforms.
  • Immediately call your banks whenever you spot any suspicious behavior while using a mobile banking app.

Alex Weinert (Director of Identity Security at Microsoft) said that "your password doesn’t matter, but MFA does. Based on our studies, If you use MFA then your account is more than 99.9% less likely to be compromised. Alex Weinert also added that the use of anything beyond the password significantly increases the costs for attackers, which is why the rate of compromise of accounts using any type of MFA is less than 0.2% of the general population. Also by following these mitigation measures makes you stay safe from banking frauds at this pandemic situation COVID-19.

Does this article being helpful to you? Let us know your thoughts in the comments section and share it with us on Facebook, Twitter, or our LinkedIn Group.

0/Comments

Previous Post Next Post