The FBI on Wednesday warned that cyber criminals are targeting mobile banking apps in an attempt to steal money as more Americans have used online banking during the pandemic.
The FBI noted that it expects to see hackers exploit security loopholes in mobile banking platforms.
“With city, state, and local governments urging or mandating social distancing, Americans have become more willing to use mobile banking as an alternative to physically visiting branch locations,” the agency wrote in a statement on Wednesday. “The FBI expects cyber actors to attempt to exploit new mobile banking customers using a variety of techniques, including app-based banking trojans and fake banking apps.”
The federal law enforcement agency warned Americans to be cautious when downloading apps on tablets and smartphones.
“Cyber actors target banking information using banking trojans, which are malicious programs that disguise themselves as other apps, such as games or tools. When the user launches a legitimate banking app, it triggers the previously downloaded trojan that has been lying dormant on their device,” according to the statement.
The FBI added that the “trojan creates a false version of the bank’s login page and overlays it on top of the legitimate app,” and “once the user enters their credentials into the false login page, the trojan passes the user to the real banking app login page so they do not realize they have been compromised.”
Some bad actors created fake banking apps that mimic those used by major financial institutions, the FBI said, adding that these apps allow users to enter their login credentials, which are then used by hackers.
The warning noted, “These apps provide an error message after the attempted login and will use smartphone permission requests to obtain and bypass security codes texted to users. U.S. security research organizations report that in 2018, nearly 65,000 fake apps were detected on major app stores, making this one of the fastest growing sectors of smartphone-based fraud.”
To combat these threats, the FBI said Americans should only download banking apps from official app stores or via bank websites. They should also use two-factor authentication and use strong passwords.
“If you encounter an app that appears suspicious, exercise caution and contact that financial institution,” the FBI said. “Major financial institutions may ask for a banking PIN number, but will never ask for your username and password over the phone.”
During the CCP (Chinese Communist Party) virus pandemic, agencies have warned about a number of scams, including fake websites and fake charities to bilk people out of money.