The US Federal Bureau of Investigation (FBI) today warned users who have and use banking applications on their mobile phones that they will be targeted by hackers who will try to steal their credentials and gain access to their bank accounts.
The notice was published in Internet Crime Complaint Center (IC3) and states that the increased use of such applications could lead to more exploitation attempts aimed at careless users.
The FBI expects that cyber criminals will focus their attacks on customers mobile devices banking, as more and more Americans use such services to make payments, transfer money and redeem checks. Financial data studies in the US show a 50% increase in mobile banking services from the beginning of 2020.
Banking services and fake applications
The FBI predicts that malicious people will try to exploit new customers who do mobile banking using a wide range of techniques, including fake banking and banking trojan.
Such malware does not monitor the victim's Android or iOS device, but instead will remain idle and will only appear when the user opens a legitimate banking application on their device.
At that moment, the trojan creates a fake version of the bank login page and overlaps it over the legal application.
Once the user enters their credentials on the fake login page, the trojan redirects the user to the actual login page of the banking application so that they do not realize that it has just been breached.
According to a Kaspersky report in February 2020, which describes in detail the evolution in 2019 of mobile malware, the average number of trojan attacks mobile devices banking in 2019 it was about 270.000 per month.
Monthly attacks trojan mobile devices banking in 2018 & 2019
Counterfeit banking applications, on the other hand, impersonate real-life mobile banking applications and, once installed on a victim's device, will collect users' credentials when they attempt to log in.
As the FBI explains, U.S. security investigators report that in 2018, nearly 65.000 fake apps were detected in major app stores, making it trojan mobile devices banking one of the fastest growing areas of smartphone-based fraud.
The FBI says users and organizations can easily defend themselves against these attacks by taking various measures to thwart the hackers' attempts.
First of all, you should always download applications mobile devices banking directly from your bank's website or from official app stores, such as the Google Play Store or Apple's iOS App Store, as all the apps included there are scanned and checked for malicious behavior and content.
Users are advised to enable it Two-factor authentication (2FA) or Multi-Factor Authentication (MFA), if available, as it will protect you from the vast majority of attacks.
According Microsoft Security Director Alex Weinert and based on their research, your account is more than 99,9% less likely to be compromised if you use MFA.
Weinert added that "using anything other than a password significantly increases the cost to intruders, so the percentage of compromised accounts using any type of MFA is less than 0,1% of the total."
Using strong and unique passwords is another way to prevent your bank account from being compromised, as it will prevent intruders from using brute force, a method they try to get into by trying out different passwords you have used for other online services.