As the use of mobile banking apps surges due to the limited access to banks amid the COVID-19 pandemic, the FBI is warning users to beware of cyber attacks.
“The FBI advises the public to be cautious when downloading apps on smartphones and tablets, as some could be concealing malicious intent,” the nation’s law enforcement agency told the public this week.
Since January, more than 75 percent of Americans have used mobile banking to cash checks and transfer funds, according to data from financial technology companies. Researchers found the number of mobile app users has risen by 50 percent compared to a year ago.
As social distancing orders remain in place and Americans become accustomed to using mobile banking tools, 36 percent of Americans said they plan to use apps to conduct banking activities, while 20 percent said they plan to visit branches less often.
In 2018 alone, U.S. security research firms reported nearly 65,000 fake apps were detected in the nation’s major app stores, making this one of the fastest growing sectors of smartphone-based fraud.
Banking apps can be exploited, the FBI said, during app downloads.
For example, malware can create a false version of a bank’s login page atop the legitimate app. Once logged into the faux site, customers unwittingly provide their real banking information and are unaware they have been compromised.
As a result, the agency urges customers to get their smartphone apps from trusted sources such as official app stores or download them from bank websites.
Cybersecurity experts strongly recommend the public to use a two-factor authentication when they access banking via an app. While it takes a little more time, it’s a highly effective tool to secure accounts against compromise, the FBI said.
The FBI also recommends that customers use passwords with a minimum of eight characters that contain upper case letters, lower case letters, and symbols, create unique passwords for banking apps and use a password manager or password management service.
Experts warn against clicking links in emails or text messages without ensuring these messages are from the financial institution by double-checking its details. They also say customers should never give two-factor passcodes to anyone over the phone or text because inancial institutions will not ask you for these codes over the phone. When it comes to passwords, avoid common passwords or phrases, such as Password1! or 123456 and never reuse the same passwords for multiple accounts. Experts also warn against storing passwords in written form or in an insecure phone app like a notepad.