FBI issues warning on banking Trojan surge: How to stay safe
Cyber crooks expected to capitalize on surging use of mobile banking apps
The FBI warned the public yesterday (June 10) that cyber criminals might exploit the increased use of online bank accounts and mobile banking apps as a result of coronavirus lockdown measures.
It believes that criminals will advantage of mobile banking apps in particular because more people have been using them during the last few months.
- VPN: keep your identity protected when using banking apps
- Best antivirus: stay protected when online at home and on mobile
- Just in: Feds probing hack-for-hire group
“With city, state, and local governments urging or mandating social distancing, Americans have become more willing to use mobile banking as an alternative to physically visiting branch locations,” said a public service announcement posted on the bureau's Internet Crime Complaint Center website.
“The FBI expects cyber actors to attempt to exploit new mobile banking customers using a variety of techniques, including app-based banking Trojans and fake banking apps.”
'Be cautious when downloading apps'
The FBI urges the public to “be cautious when downloading apps on smartphones and tablets, as some could be concealing malicious intent”.
It explained that cybercriminals are using banking Trojans, disguised as genuine apps and services, to get hold of people’s banking information.
The advisory warns: “When the user launches a legitimate banking app, it triggers the previously downloaded Trojan that has been lying dormant on their device. The Trojan creates a false version of the bank's login page and overlays it on top of the legitimate app.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
“Once the user enters their credentials into the false login page, the Trojan passes the user to the real banking-app login page so they do not realize they have been compromised.”
Only download apps from trusted sources
Users may also be tricked into handing over their banking details by downloading and entering personal information into fraudulent apps masquerading themselves as legitimate services from major banks.
“These apps provide an error message after the attempted login and will use smartphone permission requests to obtain and bypass security codes texted to users,” continues the advisory.
“U.S. security research organizations report that in 2018, nearly 65,000 fake apps were detected on major app stores, making this one of the fastest growing sectors of smartphone-based fraud.”
The FBI said people can protect themselves by only downloading apps from trusted sources, enabling two-factor authentication, using strong passwords, and calling their bank if they suspect a suspicious app.
- Read more: Stay protected on your mobile with the best iPhone VPN
Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Web, T3, Android Central, Computer Weekly, and many others. He also happens to be a diehard Mariah Carey fan!