person using a mobile banking app A new warning finds the dangers of malicious mobile banking apps. (Source: Shutterstock)

It’s no surprise that the use of mobile banking apps is on the rise. After all, who doesn’t like the convenience of banking from home — you can easily pay bills, transfer money between accounts, deposit checks using the phone’s camera, or send money to your children who are (or were) away at college — especially during the COVID-19 related lockdown.

In a recent report, the Federal Bureau of Investigation said more than 75% of Americans used mobile banking apps in 2019, and the number of users is expected to surge even higher by the end of 2020, according to estimates by the financial tech industry. With that increased usage comes the increasing threat of cyber attacks, “using a variety of techniques, including app-based banking trojans and fake banking apps,” the alert, posted on the bureau’s Internet Crime Complaint Center (IC3), said.

“As mobile banking activity in the U.S. has surged during stay-at-home orders, attackers are following the money and even the FBI notes the risk,” Sam Bakken, product marketing manager at OneSpan, a digital identity and anti-fraud company, said.

The FBI’s alert was issued to warn consumers to be cautious when downloading mobile banking apps, as they can contain Trojans that create false pages of the app to capture login information. Moreover, the apps themselves might be fake, and users might enter their banking information without realizing it. According to the alert, nearly 65,000 fake apps were detected in 2018.

Protect Your Organization

The FBI’s alert provided several tips on how to protect yourself and your organization:

  • Only download apps from trusted sources, such as official app stores or directly from bank websites.
  • Use two-factor or multi-factor authentication, including biometrics or authentication apps.
  • Use strong passwords and good password security.
  • If a banking app appears suspicious, call the financial institution.

“I was pleased to see them recommending biometrics and other methods rather than known-to-be-vulnerable codes sent via SMS,” Bakken said. “It doesn’t stop with users, though. App developers also need to take additional steps to ensure the security of their apps, even in potentially hostile environments such as compromised, jailbroken or rooted phones.”