The FBI recently issued a warning about threat actors targeting users with fake banking apps to compromise bank accounts, as more people are using online banking during the coronavirus pandemic.
In an official statement, the FBI stated that online and mobile banking apps witnessed a 50% surge in usage since the beginning of 2020. Citing the U.S. financial data study, FBI stated that 36% of Americans plan to use mobile applications for various banking activities, and 20% of them plan to visit branch locations less often. “With city, state, and local governments urging or mandating social distancing, Americans have become more willing to use mobile banking as an alternative to physically visiting branch locations,” FBI said.
Fake Banking Apps and Trojans
It is expected that cybercriminals try to abuse new mobile banking customers through app-based banking trojans and fake banking apps. The FBI advised the public to be cautious while downloading banking apps, as hackers spread fake apps concealing malicious intent in them. This incident reminds us about the detection of 65,000 fake apps on major app stores in 2018, by U.S. research organizations.
“Cyber actors target banking information using banking trojans, which are malicious programs that disguise themselves as other apps, such as games or tools. When the user launches a legitimate banking app, it triggers the previously downloaded Trojan that has been lying dormant on their device. The Trojan creates a false version of the bank’s login page and overlays it on top of the legitimate app. Once the user enters their credentials into the false login page, the Trojan passes the user to the real banking app login page so they do not realize they have been compromised,” the FBI said in a statement.
Preventive Measures
The FBI recommended certain security measures to defend against banking Trojan attacks, these include:
- Enable two-factor or multi-factor authentication on devices and accounts to protect them from malicious compromise
- Use strong two-factor authentication if possible, via biometrics, hardware tokens, or authentication apps
- Use multiple types of authentication for accounts if possible. Layering different authentication standards is a stronger security option
- Monitor where your Personal Identifiable Information (PII) is stored and only share the most necessary information with financial institutions
- Use passwords that contain upper case letters, lower case letters, and symbols.
- Use a minimum of eight characters per password
- Create unique passwords for banking apps
- Use a password manager or password management service