How to Protect Yourself From the Latest Mobile Banking Malware
Mobile banking apps are convenient, but you should strengthen the security of your account before checking the balance on your smartphone. According to the recent government PSA for Cybersecurity , many people enjoy the convenience of mobile banking, but not all of them have taken the steps necessary to keep their accounts as secure as possible.
Some of these cyber attacks force users to install fake banking apps that mask their data-theft behavior with deceptive error messages that allow the app to bypass your phone’s security and hijack your login information. (The FBI reports that nearly 65,000 fake apps were found in 2018 alone.)
And then there are banking trojans, snippets of worm code embedded in email attachments or other seemingly legitimate applications. They’ll hang discreetly on your device until you download the banking app, then replace the banking app login screen with a fake one that records your username and password before bringing you back to the real banking app. Banking Trojans such as Anubis and EventBot have been used to steal thousands of accounts from over 200 mobile banking and payment applications. And those who develop these fake apps stay on top of current events to make their payload look even more convincing.
How to prevent banking malware attacks
The threat of fake banking apps and Trojan attacks is serious, but there are ways to keep your data (and your money) safe. Here are some tips from the FBI PSA and our own review of similar malware attacks:
- Download apps only from trusted sources or directly from your bank’s website and report suspicious apps you find in the Google and Apple app stores. Do not download apps to your phone, especially those that request access to your financial data, and do not alert your bank to any fake banking apps you might stumble upon.
- Don’t click on links or open unknown email / message attachments.
- Turn on two-factor authentication on your bank account (and all of your accounts, to be fair) and make sure you use a more secure technique for getting login codes – like a hardware token – instead of a text message.
- Never share your two-factor authentication codes. Your bank will never call or text you asking for this information. Also, don’t share your passwords.
- Be wary of sharing personal information if you are ever referred to as “your bank”. There is a big difference between confirming information they already have and giving that information to someone when asked.
- If you are ever unsure who you are talking to when your “bank” calls you to ask you something, tell the person on the other end that you are hanging up and calling the bank directly. They won’t mind.
- Create strong unique passwords for all your accounts,
- Use an encrypted password manager.
While this may seem like basic and straightforward advice, if you’re tech savvy enough, you’ll be surprised how many people don’t even use two-factor authentication to protect their accounts – an incredibly easy way to keep yourself safe if, for whatever reason, your login and the password belongs to another person. As the FBI writes :
“Since 2016, surveys of app and website users have shown that most users do not enable 2FA when prompted. These users cite inconvenience as the main reason for not using this technology. Cybersecurity experts emphasized that two-factor authentication is a highly effective tool for protecting accounts from hacking, and the inclusion of any form of two-factor authentication will be an advantage for the user. “