Since the beginning of 2020, there has been a 50 percent surge in mobile banking, with 36 percent of Americans using mobile tools to conduct banking activities. Government mandated social distancing has encouraged Americans to be more willing to an alternative to visiting branch locations, with an estimated 20% drop in those entering bank branches.
Banking trojans, which are malicious programs that disguise themselves as games or tools, can trigger the trojan lying dormant on their device. A false version of the bank’s login page appears, and when the user enters their credentials, the trojan returns the user to the legitimate banking page without them realizing they have been compromised.
Hackers have also created fraudulent programs designed similar to those of the financial institutions, tricking the users to enter their login credentials.
In 2018, nearly 65,000 fakes were detected making this one of the fastest growing sectors of smartphone-based fraud.
Most major US banks provide a link to download their mobile banking programs from their website.
The FBI recommends creating strong, unique passwords to thwart password attacks. The National Institute of Standards and Technology’s most recent guidance encourages users to make passwords or passphrases that are 15 characters or longer, contain upper case and lower case letters, and symbols.
Common passwords or phrases, such as “Password1!” or “123456” should not be used, and the same password should not be used for multiple accounts.
The FBI cautioned that major financial institutions may ask for a banking PIN number, but will never ask for your username and password over the phone. If the phone call seems suspicious, they advise to hang up and call the bank back at their customer service number.