As the use of mobile banking apps surges during COVID-19 lockdowns, so does the risk that these platforms will be exploited by cybercriminals, warns the FBI’s Internet Crime Complaint Center (IC3).
Citing estimates by US financial technology providers, the Bureau’s online fraud wing said that more than 75 percent of Americans used mobile banking in some form in 2019. Since the start of this year, a 50-percent spike in the usage of banking apps has been observed.
The move to mobile banking hasn’t escaped the attention of cybercriminals, and IC3 expects crooks to deploy various techniques to target mobile banking customers; mainly through app-based banking trojans and fake banking apps.
While both have the same goal – steal credentials for the victims’ bank accounts and ultimately money from them – their strategies in achieving it are quite different. ESET malware researcher Lukáš Štefanko recently drew a clear distinction between the two when bringing clarity to the murky waters of Android banking malware.
“Banking trojans are devious – they try to make users install them by pretending they are something fun or useful, but definitely totally harmless. Think games, battery managers and power boosters, weather apps, video players, and so on.” These apps bide their time before striking when a person least expects it, sliding a fake login screen over a legitimate banking app and stealing the credentials.
Fake banking apps, however, are more straightforward – they try to convince you that they are the real deal. “Once installed and launched, they lead with a login form, just like a real banking app would. And, as you probably already guessed, the credentials submitted into the form are harvested,” Štefanko notes.
How to stay safe?
To lower the chances of falling prey to the threat, there are a number of rules you should follow:
- First, you should always install apps from official stores, but before you do, check the rating, the reviews, and the number of installs.
- After you install an app, pay attention to the permissions it requests. If you are downloading a banking or finance app, check if it is the official application of your bank, either by contacting it or looking through its official website.
- Just as importantly, keep your device updated and use a reliable mobile security solution.
- Another great way to double down on your security is by enabling two-factor authentication (2FA).
Further reading
Navigating the murky waters of Android banking malware
How to protect yourself as the threat of scam apps grows
Scam iOS apps promise fitness, steal money instead