Yesterday, the FBI issued a major warning for users of mobile banking apps. In the wake of COVID-19, the adoption of mobile banking has increased significantly. With banks closing lobbies and states on lockdown, mobile banking was an obvious solution for many people to manage their accounts and interact with their bank remotely and safely. As a result, the hackers have taken note.
The Public Service Announcement (PSA) noted that there has been a 50% increase in the use of mobile banking since the beginning of 2020. The FBI is warning that it expects bad actors to try to compromise newer mobile banking users by publishing fake banking applications and app based trojans.
More specifically, the app trojans are typically disguised as games or other tools that users might download to their device. Then when the user logs in to the banking app, the trojan intercepts the login and steals the users credentials while passing the user to the actual banking app so they don't know they have been compromised.
Fake apps are nothing new. Apple has done a good job maintaining the integrity and security of the apps available in their app store. Google has had more issues in their Android app store with fake apps so they continue to work to further scrutinize the apps that are published.
The best things you can do to protect yourself is to be sure you are using two-factor authentication on your banking and other sensitive applications. You should never click a link from an email that will take you to your banking app, nor should you divulge your two-factor code to anyone over the phone. Simple common-sense measures are your best defense against the bad actors looking to take advantage.
If you're interested, you may read the entire FBI PSA at this link.