The FBI warned yesterday (June 10) that cybercriminals could exploit the increased use of online bank accounts and mobile banking apps as a result of the Coronavirus lockdown measures.
The FBI believes that criminals will take advantage of mobile banking apps in particular because more people have been using them in recent months. [A public service announcement posted on the Bureau's Internet Crime Complaint Center website states, "With city, state, and local governments urging or requiring social distancing, Americans are turning to mobile banking instead of physically visiting a branch."
"The FBI expects cyber actors to attempt to exploit new mobile banking customers using a variety of techniques, including app-based banking Trojans and fake banking apps.
The FBI urges people to "exercise caution when downloading apps on smartphones and tablets, as some may have hidden malicious intent."
They explain that cybercriminals are using banking Trojans disguised as real apps and services to obtain people's banking information.
The advisory warns: "When a user launches a legitimate banking app, it launches a previously downloaded Trojan horse that was lying dormant on the device. The Trojan creates a fake version of the bank login page and overlays it on top of the legitimate app.
"When the user enters credentials on the fake login page, the Trojan directs the user to the login page of the real banking app, so the user is unaware that they have been compromised.
They can also trick users into handing over their banking details by downloading a fraudulent app that poses as a legitimate service from a major bank and then entering their personal information.
"These apps display error messages after attempting to log in and use the smartphone's permission request to obtain and bypass security codes that are texted to the user," the advisory continues.
"U.S. security research agencies report that approximately 65,000 fake apps were detected in major app stores in 2018, making this one of the fastest growing areas of smartphone-based fraud."
The FBI said people can protect themselves by downloading apps only from trusted sources, enabling two-factor authentication, using strong passwords, and contacting their bank if they see a suspicious app.
Comments