Mobile Banking App Users: Beware Malware Scams

08 September 2023

Mobile banking has been gaining in popularity, and the pandemic only intensified the interest. Many people are increasingly willing to use mobile banking apps to cash checks, transfer funds and perform various other tasks instead of visiting physical branches of their financial institutions.

However, multinational cybersecurity firm Kaspersky notes that cybercriminals are targeting mobile banking users by actively investing in the creation of new malware, which can unleash a variety of dangerous viruses on a device. The FBI has warned that malware associated with mobile banking apps can lead to major financial losses for victims. Here's how to reduce your risks when mobile banking.

The Risks

The FBI has highlighted two risks in particular:

1. App-based Trojans, and

2. Fake banking apps.

In 2022, Kaspersky uncovered almost 200,000 new mobile banking Trojans, marking a twofold increase from the prior year's figures. These Trojans often disguise themselves as other apps you might download, such as games or tools.

When a victim launches a banking app, the Trojan hunts for data related to online banking and e-payment systems. For example, a Trojan might create a false version of your bank's login page and overlay it on top of the legitimate app. After you enter your login credentials in the fake page, the Trojan directs you to a real banking app login page, and you're none the wiser. Meanwhile, your credentials have been compromised.

Fake banking apps also have become more common. Cybercriminals create fake apps to impersonate the legitimate apps of major financial institutions to trick users into providing their login credentials. The fake app then displays an error message and uses your phone's permission requests to obtain and bypass the security codes texted to users.

5 Tips for Safer Mobile Banking

If you use mobile banking apps, you should take several steps to help protect your financial data and, ultimately, your finances. Here are five highly effective anti-fraud measures to consider:

1. Watch where you get your apps. Rather than going straight to an app store to download a mobile banking app, go to your bank's own website. It will likely have a link that takes you where you can download the app from a reliable source, such as the Apple App Store, Google Play or Amazon. These app stores don't guarantee safety, but they do have more built-in protections than lesser-known forums. You also should check the listed owner or developer of the app and read reviews to increase the odds that it's your bank's official app.

2. Keep an eye out for phishing scams. Malware often is downloaded as a result of a phishing scheme where victims are fooled into providing personal information (including login credentials) or clicking on links in emails that infect devices. The sender poses as a colleague, acquaintance or organization the victim recognizes — such as your bank. Phishing has evolved over the years, and now you also have to look out for similar "social engineering" schemes. Variations include vishing (which uses voice communication to, for example, induce a victim to call a number and share sensitive information) and smishing (text, or SMS, messages with dangerous links).

3. Use multifactor authentication. This requires to you authenticate your identity more than once when you log in to the app. Typically, you first provide a password and then receive a text with a confirmation code that you also must enter to gain access. Alternatively, the app might employ biometric verification or ask you to identify an image. Yes, it can be a frustrating hassle when you're in a hurry — but the extra layers of authentication are among the most proven cybersecurity tools.

4. Take advantage of the alerts and notifications your bank offers. If a bank has a mobile banking app, chances are it also provides customers with the option to receive alerts sent to their phone or email account. You could enroll to get alerts when certain things happen. For example, alerts can tell you if:

  • Your balance drops below a certain threshold,
  • A new account is opened in your name,
  • An external account links to your account, or
  • A withdrawal, transfer or transaction exceeds a threshold.

You also could receive alerts summarizing daily transactions and flagging failed login attempts and password updates. These types of notifications can help you identify trouble early on.

5. Heed the advice on strong passwords. You've probably been told about the need for strong passwords for as long as you've been online. But it bears repeating, especially considering how many people continue to use easily hacked passwords, such as 123456 or PASSWORD. Your banking password should instead be at least 8 characters, with a mix of random upper and lower case letters, numbers and symbols (not $) — and you should update it at least every six months. A trustworthy password manager can simplify matters.

Suspect Something, Say Something

Finally, it's always advisable to trust your instincts when using mobile banking apps. If something seems off to you, contact your financial institution before proceeding. The potential costs are too great to ignore red flags.

Back to News