Safety & Fraud Prevention
FBI ALERT: Be On The Lookout for Mobile App Fraud
(Source: FBI, https://www.fbi.gov/scams-and-safety )
The FBI anticipates an increase in mobile app fraud, as Americans are increasingly using their mobile devices to conduct banking activities such as cashing checks and transferring funds.
Studies of US financial data indicate a 50 percent surge in mobile banking since the beginning of 2020. With city, state, and local governments urging or mandating social distancing, Americans have become more willing to use mobile banking as an alternative to physically visiting branch locations. The FBI expects cyber actors to attempt to exploit new mobile banking customers using a variety of techniques, including app-based banking trojans and fake banking apps.
App-Based Banking ‘Trojans’
The FBI recommends caution when downloading apps on smartphones and tablets, as some could be concealing malicious intent. Scammers target banking information using banking ‘trojans’, which are malicious programs that disguise themselves as other apps, such as games or tools. Once the user enters their credentials into the false login page, the trojan passes the user to the real banking app login page so they do not realize they have been compromised.
Fake Banking Apps
Scammers also create fraudulent apps designed to impersonate the real apps of major financial institutions, with the intent of tricking users into entering their login credentials. These apps provide an error message after the attempted login and will use smartphone permission requests to obtain and bypass security codes texted to users. In 2018, nearly 65,000 fake apps were detected on major app stores, making this one of the fastest growing sectors of smartphone-based fraud.
TIPS TO AVOID MOBILE APP FRAUD
Obtain Apps from Trusted Sources
The FBI recommends only obtaining smartphone apps from trusted sources like official app stores or directly from bank websites.
Use Two-Factor Authentication
Since 2016, surveys of application and website users have identified that a majority of users do not enable two-factor authentication — a second layer of security — when prompted. Security experts identify two-factor authentication as a highly effective tool to secure accounts against compromise, and enabling any form of two-factor authentication will be to the user’s advantage
- Do enable two-factor or multi-factor authentication — via biometrics, hardware tokens, or authentication apps — on devices and accounts to protect them from malicious compromise, whenever possible.
- Do monitor where your Personal Identifiable Information (PII) is stored and only share the most necessary information with financial institutions.
- Don’t click links in e-mails or text messages; ensure these messages come from the financial institution by checking email credentials and calling the bank. Many criminals use legitimate-looking messages to trick users into giving up login details.
- Don’t give two-factor passcodes to anyone over the phone, email or via text. Financial institutions will not ask you for these codes over the phone.
Use Strong Passwords and Good Password Security
Cyber actors regularly exploit users who reuse passwords or use common or insecure passwords. The National Institute of Standards and Technology’s most recent guidance encourages users to make passwords or passphrases that are 15 characters or longer.
- Do use passwords that contain upper case letters, lower case letters, and symbols and a minimum of eight characters.
- Do create unique passwords for banking apps.
- Do consider using a password manager or password management service.
- Don’t use common passwords or phrases (EX: “Password1!” or “123456”) or reuse the same passwords for multiple accounts.
- Don’t store passwords in written form or in an insecure phone app like a notepad.
- Don’t give your password to anyone. Financial institutions will not ask you for this information over the phone or text message.
If a Banking App Appears Suspicious, Call the Bank
If you encounter an app that appears suspicious, exercise caution and contact that financial institution. Major financial institutions will never ask for your login username and password over the phone. If the phone call seems suspicious, hang up and call the bank back at the customer service number posted on their website.
Need to reach us? Please contact us at the number below and our team will gladly assist you. If you would like to open an account or speak to a personal banker visit us at any of our locations located in the Greater Kansas City Metro Area.