The FBI warns users who use mobile banking applications about an increased risk of breach and the possibility of losing money.
The US Federal Bureau of Investigation (FBI) today warned users who have and use banking applications on their mobile phones that they will be targeted by hackers who will try to steal their credentials and gain access to their bank accounts.
The alert was posted on the Internet Crime Complaint Center (IC3) and states that the increased use of such applications could lead to more exploitation attempts aimed at careless users.
The FBI expects that Cybercriminals will focus their attacks on mobile banking customers, as more and more Americans use such services to make payments, transfer money and redeem checks. Financial data studies in the US show a 50% increase in mobile banking services from the beginning of 2020.
Banking services and fake applications
The FBI predicts that malicious people will try to exploit new customers who make mobile banking using a wide range of techniques, including fake banking applications and banking trojans.
Mobile phone users who download a trojan banking hidden inside an application are usually asked to give it the rights they need to steal their information.
Such malware does not monitor the victim's Android or iOS device, but instead will remain idle and will only appear when the user opens a legitimate banking application on their device.
At that moment, the trojan creates a fake version of the bank login page and overlaps it with the legal application.
Once the user enters their credentials on the fake login page, the trojan redirects the user to the actual login page of the banking application so that they do not realize that it has just been breached.
According to one Kaspersky report in February 2020, which describes in detail the evolution in 2019 of mobile malware, the average number of attacks by trojans mobile banking in 2019 was about 270.000 per month.
Monthly trojan mobile banking attacks in 2018 & 2019
Counterfeit banking applications, on the other hand, impersonate real-life mobile banking applications and, once installed on a victim's device, will collect users' credentials when they attempt to log in.
According to the FBI, US security investigators report that in 2018, nearly 65.000 fake applications were detected in major app stores, making trojan mobile banking one of the fastest growing areas of smartphone-based fraud.
The FBI says users and organizations can easily defend themselves against these attacks by taking various measures to thwart the hackers' attempts.
First of all, you should always download mobile banking applications directly from your bank's website or from official app stores, such as the Google Play Store or Apple's iOS App Store, as all the applications included there are scanned and checked for malicious behavior and content.
Users are advised to enable it Two-factor authentication (2FA) or Multi-Factor Authentication (MFA), if available, as it will protect you from the vast majority of attacks.
According Microsoft Security Director Alex Weinert and based on their studies, your account is more than 99,9% less likely to be compromised if you use an MFA.
Weinert added that "using anything other than a password significantly increases the cost to intruders, so the percentage of compromised accounts using any type of MFA is less than 0,1% of the total."
Using strong and unique passwords is another way to prevent your bank account from being compromised, as it will prevent intruders from using brute force, a method they try to get into by trying out different passwords you have used for other online services.
Finally, the FBI asks users to call their banks immediately, whenever they detect suspicious behavior while using a mobile banking application.