Richard Hudson is a Senior Manager with Treliant. He has over 25 years of experience in information security, compliance, risk management, business continuity and information technology. He has worked on staff and as a consultant for companies in the financial services, insurance, healthcare, information technology, and asset management sectors. Prior…
- Source: ic3.gov
The Federal Bureau of Investigation (FBI) continues to emphasize that individuals need to remain vigilant for malware related to the “Increased use of Mobile Banking Apps could lead to exploitation”, partially due to the COVID-19 pandemic forcing many firms to do remote working.
According to the FBI, studies of US financial data indicate a 50 percent surge in mobile banking since the beginning of 2020. With city, state, and local governments urging or mandating social distancing, Customers are becoming more willing to use mobile banking as an alternative to physically visiting branch locations. The FBI expects cyber actors to attempt to exploit new mobile banking customers using a variety of techniques, including app-based banking trojans and fake banking apps.
Treliant helps firms to prepare for potential cyberattacks targeting their Mobile Banking application environment.
Our professionals include, but are not limited to, former Chief Information Security Officers (CISO) and Internal Auditors. We understand how to make cybersecurity programs work and to prepare firms for regulatory exams which may include these areas of focus, especially with many individuals now working from home.
App-Based Banking Trojans
- The FBI advises the public to be cautious when downloading apps on smartphones and tablets, as some could be concealing malicious intent. Cyber actors target banking information using banking trojans, which are malicious programs that disguise themselves as other apps, such as games or tools.
Fake Banking Apps
- Hackers also create fraudulent apps designed to impersonate the real apps of major financial institutions, with the intent of tricking users into entering their login credentials. These apps provide an error message after the attempted login and will use smartphone permission requests to obtain and bypass security codes texted to users.
Tips to Protect You and Your Organization
Obtain Apps from Trusted Sources
- Most major US banks provide a link to their mobile app on their website. The FBI recommends only obtaining smartphone apps from trusted sources like official app stores or directly from bank websites.
Use Two-Factor Authentication
- Cybersecurity experts have stressed that two-factor authentication is a highly effective tool to secure accounts against compromise, and enabling any form of two-factor authentication will be to the user’s advantage
Use Strong Passwords and Good Password Security
- The FBI recommends creating strong, unique passwords to mitigate these mobile banking cyberattacks.
CISOs and their teams need to be ready to respond in the event their firms/customers become victims of a mobile banking attack. If this occurs, there are regulatory requirements to report within certain timeframes. The FBI has also encouraged firms to notify them of such cyberattacks. Firms will need to demonstrate compliance and be ready for a thorough look at the underlying processes by the regulators.