(Graphic | Courtesy of Oregon FBI)
Mobile banking apps are popular: they make it easy to deposit funds, pay bills and transfer money. In fact, U.S. financial technology providers estimate more than 75 percent of Americans used mobile banking in some form in 2019. Given stay-at-home orders and physical distancing requirements, even more Americans have become willing to use mobile banking as an alternative to physically visiting branch locations. To that point: One U.S. financial study has shown a 50 percent rise in mobile banking just since the beginning of the year.
With increased use, though, comes increased risk. The FBI’s Internet Crime Complaint Center (IC3.gov) is warning consumers that mobile banking presents a prime opportunity for fraudsters to exploit customers. There are two primary concerns: app-based Trojans and fake banking apps.
App-based banking trojans infect your smartphone or tablet when you download malware with what otherwise looks to be a legitimate game or tool. When you try to access the real banking app, the malware activates — giving you a false login page to capture your ID and password. You likely won’t even know that you have given the scammer your info because the malware then directs you to your legitimate banking site.
The second concern is a little more straightforward: fake banking apps created to look like your bank’s real app. Once you enter your ID and password, you will see an error message and the app will work to bypass security codes sent to you. Fraudulent banking apps are one of the fastest growing smartphone-based scams. In 2018, U.S. security research organizations found an estimated 65,000 fake apps on major app stores.
What can you do to stay safe?
- Go to your bank’s website to download the app directly.
- Use a trusted, official app store if you otherwise need to download apps.
- Enable multi-factor authentication on devices and accounts. Use biometrics, hardware tokens or authentication apps whenever possible. Layering different authentication standards is a stronger security option.
- Monitor where your Personal Identifiable Information (PII) is stored and only share the most necessary information with financial institutions.
- Use the strongest password possible and create unique passwords for all financial accounts.
- Don’t ever click on attachments or links in emails, texts or social media posts. Don’t give your password to anyone. Financial institutions will not ask you for this information over the phone or by text message.
If you encounter what you believe to be a suspicious banking app, call your bank using contact information publicly available on its webpage.
If you have fallen victim to mobile banking app exploitation or any other online fraud, report it to the FBI’s Internet Crime Complaint Center at IC3.gov or call your local FBI office.