This article presents statements from the FBI reporting an increase in attacks on mobile banking, all of them requiring the consumer to be tricked into loading a fake banking app or a Trojan that will intercept banking credentials. These attack vectors are infuriating because banks have little control over what their customers download:
“ ‘The FBI expects cyber actors to attempt to exploit new mobile banking customers using a variety of techniques, including app-based banking trojans and fake banking apps.’
The FBI specifically pointed to threat of banking trojans, which involve a malicious virus hiding on a user’s mobile device until a legitimate banking app is downloaded. Once the real app is on the device, the banking trojan then overlays the app, tricking the user into clicking on it and inputting their banking login credentials.
Fake banking apps were also cited as a threat, with users in danger of being tricked into downloading malicious apps that also steal sensitive banking information.
In order to combat these threats, the FBI recommended that Americans only download banking apps from official app stores or from banking websites and that banking app users enable two-factor authentication on their accounts and use strong passwords.”
Overview provided by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group.