Mobile banking apps are convenient, but you should tighten up your account security before checking your balance on your smartphone. According to a recent U.S. government cybersecurity PSA, a lot of people enjoy the convenience of mobile banking, but not nearly as many have taken the steps they need to keep their accounts as secure as possible.
A number of these cyber-attacks dupe users into installing fake banking apps, which disguise their data-stealing behaviour with misleading “error” messages that let the app bypass your phone’s security and snag login info. (The FBI says that nearly 65,000 fake apps were discovered in 2018 alone.).
And then there are the banking-themed trojans, worming bits of code included in email attachments or other seemingly legit apps. They’ll quietly hang out on your device until you load up a banking app, and then swap out your banking app’s login screen with a fake one that records your username and password before returning you back to the real banking app. Banking trojans like Anubis and EventBot have been used to steal thousands of accounts from over 200 mobile banking and payment apps. And those developing these fake apps stay updated with current events to make their payloads appear even more convincing.
How to prevent banking malware attacks
The threat of fake banking apps and trojan attacks is serious, but there are ways to keep your data (and your money) safe. Here are some tips from the FBI’s PSA and our own coverage of similar malware attacks:
-
Only download apps from trusted sources or directly from your bank’s website, and report suspicious apps you find on Google and Apple’s app stores. Don’t sideload apps onto your phone, especially those asking for access to your financials, and alert your bank to any fake banking apps you might stumble upon.
-
Don’t click on links or open unknown email/message attachments.
-
Enable two-factor authentication on your bank account (and all your accounts, if we’re being honest), and make sure you’re using a stronger technique to get your login codes—like a hardware token—instead of a text message.
-
Don’t ever share your two-factor authentication codes. Your bank will never call or text you to ask for this information. Don’t share your passwords, either.
-
Be wary about what personal information sharing if you’re ever called by “your bank.” There’s a big difference between confirming information they already have and providing that information to someone when asked.
-
If you’re ever unsure who you’re talking to when your “bank” calls you to ask about something, tell the person on the other end that you’re hanging up and calling the bank back directly. They won’t mind.
-
Create strong, unique passwords for all your accounts,
While this might sound like common, well-understood advice if you’re fairly tech-savvy, you’d be surprised at how many people don’t even use two-factor authentication to secure their accounts—an incredibly easy way to save your security if, for any reason, another person has your login and password. As the FBI writes:
“Since 2016, surveys of application and website users have identified that a majority of users do not enable two-factor authentication when prompted. These users cite inconvenience as the major reason to avoid the use of this technology. Cybersecurity experts have stressed that two-factor authentication is a highly effective tool to secure accounts against compromise, and enabling any form of two-factor authentication will be to the user’s advantage”
Leave a Reply
You must be logged in to post a comment.