Will Cyber Actors Target Mobile Banking Apps?

According to a recent alert from the FBI, they expect cyber actors to start targeting Mobile Banking Apps with techniques such as banking Trojans and fake banking apps.

Protect yourself

Two-factor authentication is a highly effective tool to secure accounts against compromise. This means you’re only granted access after successfully presenting two or more pieces of evidence that prove who you are. Remember those irritating personal questions you have to set up?

Do:

  • Enable multi-factor authentication on devices and accounts to protect them from malicious compromise.
  • Use multiple types of authentication for accounts if possible. Layering different authentication standards is a stronger security option.
  • Monitor where your Personal Identifiable Information (PII) is stored and only share the most necessary information.

Don’t

  • Don’t click links in e-mails or text messages unless you double-check email details that show you know where these messages come from. Many criminals use legitimate-looking messages to trick users into giving up login details. But if you pay attention, you can often find clues that messages are fakes.
    • Look for the sender’s email address that doesn’t match.
    • Look at the time it was sent. Was it sent at a weird time like in the middle of the night?
    • Look for things that are out of character.
    • If you hover your mouse over the link, does it show a non-related website?
  • Don’t give two-factor passcodes to anyone over the phone or via text.

Use strong passwords and good password security

Cyber actors regularly exploit users who reuse passwords or use common or insecure passwords. The FBI recommends creating strong, unique and long passwords or passphrases every time. We know that’s tough. One way to do this is to think of a phrase or sentence that relates in a random way.

For example,

“Dylan gives me a receipt and a smile”

Replace some of the letters with a number and a symbol. Maybe an E is a 3 and an L is a (. You can switch them out every time or randomly. It could look like this as a passphrase:

Dy(angivesmear3ceiptandasmi(3

Do:

  • Use passwords that contain upper case letters, lower case letters, and symbols.
  • Use a minimum of eight characters per password. Better yet, go for at least 15 characters.
  • Create unique passwords, especially for banking apps.
  • Use a password manager or password management service.

Don’t:

  • Don’t use common passwords or phrases, such as “Password1!” or “123456.”
  • Don’t reuse the same passwords for multiple accounts.
  • Don’t store passwords in an insecure phone app like a notepad.
  • Don’t give your password to anyone. Financial institutions will not ask consumers for this information over the phone or text message.

Lastly, the FBI directs consumers to contact their financial institution if a banking app appears suspicious. See the whole alert here.