75% of Americans used mobile bank apps to some degree for their personal banking needs. This fact has not been lost on hackers and scammers who have in recent years increasingly focused much of their attention on scams and hacking of mobile phones. One of the more effective tactics used by hackers is to create malicious apps called banking trojans which appear to the targeted victim to be a legitimate app such as a game or tool which the victim downloads.
Once downloaded, the malicious app stays dormant until the victim goes to use their legitimate banking app at which time it creates a phony version of the victim’s bank’s login page which appears on top of the legitimate app. The victim then inputs his or her username and password into the malicious app thereby providing this information to the hacker. Making this crime even more devious is the fact that once the victim has inputted his or her information, the banking trojan sends the victim to the real banking app login page so the victims do not become immediately aware that they have been hacked .
Another technique used by hackers is to create phony banking apps that appear to be the banking apps of major banks and offer them on major legitimate app stores. People using these counterfeit apps think that they are providing their username and password to their bank when they use these apps, but instead are providing them to a hacker. Despite the best efforts of the major legitimate app stores to police their sites, according to the FBI in 2018 there were close to 65,000 phony banking apps that were available on the legitimate major app stores.
As you can see, it can be very easy to become a victim of a mobile banking app attack. Although the major legitimate app stores try to vet the apps that are offered on their sites, they are not perfect. I suggest that when possible you obtain the banking app for your particular bank directly from the website of your bank. Most banks will provide a link to their mobile banking app on their website.
As I often suggest, you also should use dual factor authentication whenever possible to protect the security of your online activities, particularly banking. Through the use of dual factor authentication using biometrics, hardware tokens, authentication apps or text messages to your cell phone you can protect the security of your transaction even if someone is able to hijack your username and password.
Also, remember your bank will not call you or text you asking for dual factor passcodes. Hackers often pose as your bank and will call you or text message you and ask for this information under some pretext. Don’t give it to them.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address in the tab that states “Sign up for this blog.”