FBI Warns of Increased Mobile Banking App Cyber Attacks (2024)

Mobile Banking App Users Are at in Increased Chance for Cyber Attacks from Trojans and Fake Apps

The United States Federal Bureau of Investigation (FBI) issued a public service announcement warning consumers to be vigilant with the use of mobile banking apps. Consumers are increasingly using mobile banking apps rather than going into brick-and-mortar locations for routine bank transactions. There has been a surge in mobile banking app use since the beginning of this year.

With increased use comes increased opportunities for hackers to steal login information and money.

The FBI says that financial technology providers report that over 75 percent of Americans use mobile banking apps. This number has jumped significantly in the first half of 2020. it will only increase as people avoid going into retail locations and appreciate the convenience of baking from home. Banking apps offer the convenience of depositing checks and transferring money from home or work there convenient and easy to use.

According to the FBI report, studies of US financial data show that Americans have increased the use of mobile banking apps 50 percent since the beginning of this year. it’s logical to expect that hackers will attempt to attack these apps as the adoption rates increase mobile apps are exploited a variety of ways including malware attacks, phishing emails, and by tricking users with fake banking apps.

“Americans are increasingly using their mobile devices to conduct banking activities such as cashing checks and transferring funds,” states the FBI on their Internet Crime Complaint Center (IC3) site.

What are Banking Trojans?

Hackers use malicious computer code, called a Trojan, disguised another app. The Trojan can be dormant on your phone until it is activated by some other action. Games are used as an easy target for hackers as people are too willing to download a new game from within a game they’re currently playing. If you already have the malicious computer code or Trojan on your phone when you download the legitimate banking app the Trojan can take over.

Trojan banking apps work as an overlay. They are banded to look just like legitimate banking app, but in reality, are stealing all of your bank account information. The Trojan can steal your username and password by impersonating your legitimate banking app. The information is collected by the hackers who use it to steal your money.

EventBot Banking Trojan

In April of this year, hackers circulated a new baking trojan called EventBot. This Android malware stole banking login credentials on infected Android devices. It is especially dangerous because it can bypass two-factor authentication (2FA) by stealing authentication codes. EventBot infected devices as users downloaded games. It is capable of stealing credentials from over 200 banking and cryptocurrency apps.

Hackers Use Fake Banking Apps to Trick You

Hackers also create fake banking apps that scam users out of there bank account usernames and passwords. In 2018 almost 65,000 fake apps were detected on official app stores like Google Play and the Apple App Store. The apps have an error message informing the user they need to respond to a verification request. The fake apps exploit your smartphone to bypass an SMS text security codes.

“Actors also create fraudulent apps designed to impersonate the real apps of major financial institutions, with the intent of tricking users into entering their login credentials,” says the FBI.

READ: EventBot Android Malware Steals Banking App Credentials

Even if a hacker only steals your email address, they can use it to send a phishing email to you. If you are tricked by a phishing email and follow the instructions or click on a link, the hacker can steal your password or other sensitive information like Social Security number or birthdate. They can then use the stolen credentials to gain access to your bank account.

In February 2020a Coronavirus email phishing scam was used to launch a malware campaign to infect users’ devices with Emotet malware. Emotet is another baking trojan that downloads more malware to steal banking credentials and money.

How to Protect Your Money from Fake Apps

• Enable two-factor or multi-factor authentication (2FA) on your bank account
• If your device has it, use biometric login features such as fingerprint scans or facial recognition. If your phone is too old and does not have these features, consider upgrading to a newer model to protect your money.
• Use multi-factor authentication where possible. This is dependent upon your banking provider to allow this level of protection. Multi-factor authentication means users must complete more than two steps (like respond to an SMS text, email, or biometrics) to gain access to your bank account.
• Never click on links sent in emails to verify account ownership, reset passwords, or otherwise check on your financial information. Hackers will send phishing emails to you to try and fool you into giving them your passwords or other information they can use to take over your bank account. Go to your bank account in a web browser to check.
• Use a password manager to create strong passwords and store them securely. A password manager can be used to sync passwords across all of your devices.
• When in doubt CALL your bank with questions.
• Never download an app from outside an official app store. Most banks have a link on their website to their official apps.