Mobile banking is more essential than ever due to the coronavirus pandemic, and the Federal Bureau of Investigation is warning people that an increase in hacking attempts and scams may follow.
The FBI’s online fraud wing said in a PSA published yesterday that it “expects cyber actors to attempt to exploit new mobile banking customers using a variety of techniques, including app-based banking trojans and fake banking apps.” Mobile banking was already on the rise before the pandemic, and the lockdowns that followed made it all the more essential. Banks saw a 200% spike in mobile banking sign-ups at the beginning of April, and mobile banking traffic rose by 85% at the same time, according to Fidelity National Information Services.
The FBI urged users to be on the lookout for fake banking apps as well as trojans that disguise themselves as free tools—such as third-party flashlight apps—and sneakily steal your login info when you open a legitimate banking app. Here’s what the feds had to say about what you can do to prevent these exploits.
- Download apps from official app stores: “The FBI recommends only obtaining smartphone apps from trusted sources like official app stores or directly from bank websites.”
- Use multi-factor authentication: “Enable two-factor or multi-factor authentication on devices and accounts to protect them from malicious compromise. Use strong two-factor authentication if possible via biometrics, hardware tokens, or authentication apps. Layering different authentication standards is a stronger security option.”
- Look out for phishing: “Don’t click links in emails or text messages; ensure these messages come from the financial institution by double-checking email details. Many criminals use legitimate-looking messages to trick users into giving up login details.”
- Guard your credentials: “Don’t give two-factor passcodes to anyone over the phone or via text. Financial institutions will not ask you for these codes over the phone.”
- If you reuse passwords, now’s a great time to stop: “Cyber actors regularly exploit users who reuse passwords or use common or insecure passwords. The FBI recommends creating strong, unique passwords to mitigate these attacks.”