Users of mobile banking apps will be increasingly targeted by cybercriminals attempting to steal their credentials and take over their accounts according to a new alert from the FBI.
The agency’s Internet Crime Complaint Center (IC3) published the alert which warns that increased use of mobile banking apps during the pandemic could lead to more exploitation attempts targeting their users.
As banks were closed while US cities were in lockdown, Americans relied on mobile banking apps to make payments, transfer funds and cash checks. In fact, studies of US financial data indicates a 50 percent surge in mobile banking use since the beginning of this year.
Fake apps and banking trojans
The FBI believes that cybercriminals will use fake banking apps and banking trojans among other techniques to target mobile banking customers.
Banking trojans are malicious programs that disguise themselves as other apps such as games or tools. However, when a user launches a legitimate banking app, the trojan, which has been lying dormant on their device, is triggered and creates a fake version of a bank’s login page and overlays it on top of the legitimate app. To avoid detection, the trojan passes the user to the real banking app after they enter their credentials into the false login page.
Cybercriminals also create and circulate fake banking apps online in order to steal users’ credentials. These apps are designed to impersonate legitimate apps from major financial institutions. They also provide an error message after a user tries to login and use smartphone permission requests to obtain and bypass security codes sent to users via text.
To prevent falling victim to fake apps and banking trojans, the FBI recommends that users only install mobile banking apps from official app stores such as the Google Play Store or Apple App Store, enable two-factor authentication (2FA) and use strong and unique passwords for their banking accounts.