The FBI warns users who use mobile banking applications about an increased risk of breach and the possibility of losing money.
The US Federal Bureau of Investigation (FBI) today warned users who on mobile have their phone and use banking applications, that they will be targeted by hackers, who will try to steal their credentials and gain access to their bank accounts.
The alert was posted on the Internet Crime Complaint Center (IC3) and states that the increased use of such applications could lead to more exploitation attempts aimed at careless users.
The FBI expects that Cybercriminals will focus their attacks on mobile banking customers, as more and more Americans use such services to make payments, transfer money and redeem checks. Financial data studies in the US show a 50% increase in mobile banking services from the beginning of 2020.
Banking services and fake applications
The FBI predicts that malicious people will try to exploit new customers who make mobile banking using a wide range of techniques, including fake banking applications and banking trojans.
Mobile phone users who download a trojan banking hidden inside an application are usually asked to give it the rights they need to steal their information.
Such malware does not monitor the victim's Android or iOS device, but instead will remain idle and will only appear when the user opens a legitimate banking application on their device.
At that moment, the trojan creates a fake version of the bank login page and overlaps it with the legal application.
Once the user enters their credentials on the fake login page, the trojan redirects the user to the actual login page of the banking application so that they do not realize that it has just been breached.
According to one Kaspersky report in February 2020, which details the 2019 evolution of malware for cell phones, the average number of attacks by mobile banking trojans in 2019 was around 270.000 per month.
Monthly trojan mobile banking attacks in 2018 & 2019
Counterfeit banking applications, on the other hand, impersonate real-life mobile banking applications and, once installed on a victim's device, will collect users' credentials when they attempt to log in.
According to the FBI, US security investigators report that in 2018, nearly 65.000 fake applications were detected in major app stores, making trojan mobile banking one of the fastest growing areas of smartphone-based fraud.
Protection measures
The FBI says users and organizations can easily defend themselves against these attacks by taking various measures to thwart the hackers' attempts.
First of all, you should always download mobile banking applications directly from your bank's website or from official app stores, such as the Google Play Store or Apple's iOS App Store, as all the applications included there are scanned and checked for malicious behavior and content.
Users are advised to enable it Two-factor authentication (2FA) or control ID cardMulti-Factor Authentication (MFA), if available, as it will protect you from the vast majority of attacks.
According τον Διευθυντή Ασφάλειας στη Microsoft κ. Alex Weinert και με base τις μελέτες τους, ο λογαριασμός σας έχει περισσότερες από 99,9% λιγότερες πιθανότητες να παραβιαστεί εάν χρησιμοποιείτε MFA.
Weinert also added that “the use of anything beyond code access, significantly increases the cost to attackers, which is why the percentage of compromised accounts using any type of MFA is less than 0,1% of the total”.
Using strong and unique passwords is another way to prevent your bank account from being compromised, as it will prevent intruders from using brute force, a method they try to get into by trying out different passwords you have used for other online services.
Finally, the FBI asks users to call their banks immediately, whenever they detect suspicious behavior while using a mobile banking application.