FBI: Growing mobile banking could lead to exploitation
As the public increases its use of mobile banking apps, partially due to increased time at home due to COVID-19, the FBI anticipates cyber actors will exploit these platforms.
According to the FBI and the IC3, US financial technology providers estimate more than 75 percent of Americans used mobile banking in some form in 2019. Studies of US financial data indicate a 50 percent surge in mobile banking since the beginning of 2020. Additionally, studies indicate 36 percent of Americans plan to use mobile tools to conduct banking activities, and 20 percent plan to visit branch locations less often. With city, state, and local governments urging or mandating social distancing, Americans have become more willing to use mobile banking as an alternative to physically visiting branch locations, says the FBI.
Kacey Clark, Threat Researcher at Digital Shadows, a San Franciscobased provider of digital risk protection solutions, says, "While many bank lobbies are closed and people choose to stay home to avoid coming into contact with COVID-19, it makes sense that banking customers are turning to mobile banking apps to deposit checks, transfer money, and pay bills. With this, cybercriminals are opportunistically leveraging the recently expanded mobile threat landscape."
The FBI expects cyber actors to attempt to exploit new mobile banking customers using a variety of techniques, including appbased banking trojans and fake banking apps.
Chris Hazelton, Director of Security Solutions at Lookout, a San Francisco, Calif.-based provider of mobile phishing solutions, notes there are a large number of fake mobile apps, with many targeting the immediate payday by stealing banking credentials. "However, most of these apps do not make it to public app stores. Users are often taken to websites that mirror real sites to download fake apps," he says. "While there are a large number of fake apps, there is also the threat that comes from mobile phishing - directing users to fake websites to download malicious apps or steal credentials directly. 45.5% of Lookout users encountered a mobile phishing attack in the last three months. This is up significantly from 32.5% in the middle of 2019.
Lookout Phishing AI, Hazelton notes, recently discovered a phishing campaign targeting customers via SMS messaging to lure them to fake websites of well-known Canadian and American banks.