FBI warns of surge in mobile banking attacks as fraudsters take advantage of the increase in usage of mobile banking apps.
As more Americans use their mobile devices to conduct banking activities, there is an increased risk that cybercriminals will target mobile banking apps to perpetrate fraud. According to the FBI more than 75% of Americans conducted mobile banking in some form in 2019 and there has been a 50% increase in mobile banking app usage since the beginning of 20201.
Mobile devices are susceptible to fraud and security risks, just like computers. Much like online fraud, mobile banking fraud involves fraudsters’ attempts to obtain a user’s confidential login information—including passwords, personal ID numbers, and token codes—to gain access to accounts and improperly transfer money or commit other criminal acts. Mobile banking fraud can be difficult to detect. Employees may be unaware that a theft of information has occurred until the money is gone from a company’s accounts.
Methods used by fraudsters for mobile banking fraud include:
- Malware, viruses, and phishing attempts can put sensitive information at risk. App-based banking trojans, which are malicious programs disguised as other apps, are among the techniques that the FBI expects cyber actors to use in attempting to exploit new mobile banking customers.
- Fraudsters are creating fake banking apps intended to impersonate the real apps of major financing institutions in order to trick users into inadvertently handing over their login credentials. According to the FBI, a report by US security research organizations detected nearly 65,000 fake apps in major app stores in 2018, making fake apps one of the fastest growing sectors of smartphone-based fraud.2
Steps to protect your company’s accounts and information
Employees should take precautions to safeguard their mobile devices and monitor bank accounts frequently. Ways to protect against the threat of mobile banking fraud include regularly following these best practices:
- Protect login information. Never give company and user IDs, passwords, or token codes to anyone who contacts you by telephone, email, or text message.
- Choose apps from trusted sources. Before downloading or installing a banking app or shortcut on a smartphone, make sure it is a legitimate, authorized app from your bank.
- Be cautious with open WiFi networks. Don’t set your mobile device to connect automatically to any available network. Avoid connecting to your banking apps via open WiFi networks, which hackers can use to intercept sensitive information.
- Don’t access your bank via email or text message. Don’t follow links in emails or text messages that claim to be from your financial institution. Go directly, instead, to your bank’s mobile banking service to do your banking.
- Guard against mobile device loss and theft. Lock your mobile device when it’s not in use, and store it in a secure location. Keypad and phone lock functions password-protect your smartphone so no one else can use it or view your information.
- Install the latest software and app updates. These updates will have the latest security features to protect your mobile device from identify theft and fraud.
Adhering to the following measures, as needed:
- Delete text messages from your financial institutions. Delete messages frequently and especially before loaning, discarding, or selling your smartphone.
- Report suspicious messages. Do not open or respond to an email or text message that express an urgent need for you to update information, activate an account, or verify your identity by calling a phone number or submitting information on a website.
- Take action in case of device loss or theft. If you lose your smartphone or change your number, remove the old number from your mobile banking profile and contact your bank to report your device as missing. If you have any active credit or debit cards in your digital wallets, proactively request that they are deactivated from the missing device
Consider additional protective measures against mobile banking fraud, specifically:
- Use dual custody to approve transactions or administrative changes from anywhere. Dual custody, when used properly for online payment and self-administrative services, is one of the most effective fraud deterrents in a layered security approach.
- Enable two-factor or multi-factor authentication to protect devices and accounts from malicious compromise.
- Monitor online accounts and transactions regularly and have procedures in place for employees to contact your bank if they notice anything unusual.
- Sign up for fraud monitoring services such as ACH Fraud Filter and Positive Pay.
As companies rely on mobile devices to enable remote workers, it is imperative to educate employees and implement policies and procedures to guard against the threat of mobile banking fraud.
For more information about payments fraud and how to safeguard your business, contact your Wells Fargo representative or fill out the Contact Us form on this site.
1 “Increased Use of Mobile Banking Apps Could Lead to Exploitation”, FBI Public Service Announcement, June 10, 2020. (Source: https://www.ic3.gov/media/2020/200610.aspx)