In 2019, 75% of Americans used mobile bank apps to some degree for their personal banking needs. However, since the Coronavirus pandemic hit, even more people are using these apps to conveniently do their banking. This fact has not been lost on hackers and scammers who have in recent years increasingly focused much of their attention on scams and hacking of mobile phones. One of the more effective tactics used by hackers is to create malicious apps called banking trojans which appear to the targeted victim to be a legitimate app such as a game or tool which the victim downloads. Once downloaded, the malicious app stays dormant until the victim goes to use their legitimate banking app at which time it creates a phony version of the victim’s bank’s login page which appears on top of the legitimate app. The victim then inputs his or her username and password into the malicious app thereby providing this information to the hacker. Making this crime even more devious is the fact that once the victim has inputted his or her information, the banking trojan sends the victim to the real banking app login page so the victims do not become immediately aware that they have been hacked .
Recently the security software company, Kaspersky discovered two spam campaigns distributing two banking Trojans designated as IcedID and Qbot. These particular trojans were distributed through attachments in phishing emails that lured people into opening the tainted file and run the macro in it thereby downloading the banking trojans. Both of these banking trojans are readily sold by cybercriminals to other less sophisticated cybercriminals on the Dark Web, that part of the Internet where criminals buy and sell goods and services.
Another technique used by hackers is to create phony banking apps that appear to be the banking apps of major banks and offer them on major legitimate app stores. People using these counterfeit apps think that they are providing their username and password to their bank when they use these apps, but instead are providing them to a hacker. Despite the best efforts of the major legitimate app stores to police their sites, according to the FBI in 2018 there were close to 65,000 phony banking apps that were available on the legitimate major app stores.
As you can see, it can be very easy to become a victim of a mobile banking app attack. Although the major legitimate app stores try to vet the apps that are offered on their sites, they are not perfect. I suggest that when possible you obtain the banking app for your particular bank directly from the website of your bank. Most banks will provide a link to their mobile banking app on their website. As I often suggest, you also should use dual factor authentication whenever possible to protect the security of your online activities, particularly banking. Through the use of dual factor authentication using biometrics, hardware tokens, authentication apps or text messages to your cell phone you can protect the security of your transaction even if someone is able to hijack your username and password. Also, remember your bank will not call you or text you asking for dual factor passcodes. Hackers often pose as your bank and will call you or text message you and ask for this information under some pretext. Don’t give it to them.
As for these two particular banking trojans, IcedID and Qbot, the lesson is the same as always – Trust me, you can’t trust anyone. Don’t click on links or download attachments and run macros unless you have absolutely confirmed that they are legitimate.
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.”
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”