Mobile Banking Apps Warning from the FBI

Mobile Banking Apps Warning
Mobile Banking Apps Warning

Mobile Banking Apps Warning

The FBI issued a mobile banking apps warning on June 10, 2020.  Many people are now switching over to mobile bank apps to limit visits to the bank during the Covid-19 pandemic.  The agency is concerned that this increased usage presents opportunities for exploitation from cyber actors.  The chief concern is that customers new to mobile banking may download fake or trojan apps.

Fake and Trojan Apps

Fake apps have become one of the fastest growing forms of cyber crime.  Fraudulent apps impersonate real apps to gather login credentials.  These apps show an error message after login and use permission requests to obtain and bypass security codes texted to users.

Trojan apps use codes concealed in apps unrelated to financial activities.  They can often be founds in games or tools that have been downloaded.  The malicious code will remain dormant until triggered by a legitimate banking app.  The trojan will then create a false version of the legitimate login page to collect credentials.  It then returns the user back to the authentic app so as to hide the data theft.

Important Tips for Protecting Your Information

Purchase Your App From a Reputable Source

The FBI encourages people to purchase apps from smartphone app stores or download them directly from a major U.S. bank website.  Smartphone app stores actively screen apps for malicious content. Additionally, most major US banks will provide a link to their mobile app on their website.  

Two Factor Identification

Most users of websites and applications do not enable two-factor identification.  Most people who don’t use this tool consider it an inconvenience.  Actually, two factor identification is easy to use and is very effective against cyber crime.  The FBI strongly recommends using two factor identification whenever possible.

Password Protocols

The FBI encourages people to engage in practices recommended by the National Institute of Standards and Technology (NIST).  These include:

  • Use passwords that contain upper case letters, lower case letters, and symbols.
  • Use a minimum of eight characters per password.
  • Create unique passwords for banking apps.
  • Use a password manager or password management service.
  • Use common passwords or phrases, such as “Password1!” or “123456.”
  • Reuse the same passwords for multiple accounts.
  • Store passwords in written form or in an insecure phone app like a notepad.
  • Give your password to anyone. Financial institutions will not ask you for this information over the phone or text message.

For more information concerning mobile device cybersecurity see the Cybersecurity & Infrastructure Security Agency’s (CISA) recommendations.

Challenging Times for Cybersecurity

An array of threats have entered our lives as new technologies emerge.  Cybersecurity is a challenge for individuals, businesses, and governmental agencies.  The banking industry is no different in addressing these vulnerabilities.  Recent breaches of Capitol One illustrate the massive dangers these vulnerabilities pose.  CVG Strategy is committed to helping businesses create and maintain viable Information Security Management Systems (ISMS).  Contact Us today to see how we can help you protect your vital data.