Cybercriminals are now increasingly exploring a new way to hack into consumer bank accounts through their mobile phones. By targeting mobile bank apps and stealing customers banking credentials and access information, hackers now hope to create a back door that easily gives them normal and legitimate access to your online bank account.
Mobile phones are considered particularly vulnerable to hackers because many phone users do not have any antivirus or anti-malware security installed on their phones. Reported attacks have already been made on the world two most common mobile operating systems – iOS and Android.
According to a recent report published by the Wall Street Journal (WSJ), this is accomplished by infecting consumers’ phones with malicious software (malware). This malware simply runs silently in the background, waiting for the owners to access their mobile bank apps. When they do, the malware creates a “fake” front that looks like the consumer’s mobile bank app. It is then imposed over the authentic app which allows it follow the user’s movements on the phone and ultimately grab credentials to his/her account.
Malware Targeting Mobile Bank Apps
The most popular of these malware are Acecard and GM Bot. They and many others have already gained enough notoriety to attract the attention of both the Federal Bureau of Investigation (FBI) and U.S. banking regulators, according to the WSJ report. They have been warning the financial-services industry about the growing trend, which is typically aimed at large banks.
— Kaspersky Lab (@kaspersky) December 15, 2015
Cybercriminals have already showed that Nigeria banks are not exempted. There have already been several reported cases of phishing of many of the country major banks online banking platform and emails.
How can my phone get infected?
The malware usually gets onto a phone when a user opens a text message from an unknown source or clicks an unusual advertisement on a website. Once installed, it just lies dormant until the user opens a mobile bank app.
How to protect yourself
Do not be tempted to push this responsibility to your bank alone. According to Ross Hogan, global head of the fraud-prevention division at Kaspersky Lab, a popular cybersecurity firm; a bank may set up all the protection and security it can for its mobile bank application, but it has little or no control on the kind of protection a customer has on his or her phone.
So here are some tips on how to protect yourself from these attacks.
1. Pay very close attention to what your bank mobile app looks like
Whenever you see anything that looks a bit different from what you know, stay off it and do not use it until you are sure.
Ensure you are subscribed to any of your Bank alert and notification system so that you can keep close watch on whatever is happening to your account.
2. Confirm if your bank sends alerts whenever your bank account is accessed online
If yes, make sure you avail yourself of all possible option to get the alert or notification in real-time. There is no point using an email or phone number to receive alert if for one reason or the other, you do not get email notification in real-time or that particular phone line is usually down. If your bank mobile banking does not have these basic features, you may want to reconsider using it.
3. Be aware and stay up-to-date with your bank’s various security and protection method put in place to protect you online
Chances are they have better information on current trends in online banking security so listen and do whatever they ask you to do.
4. Make updating of your bank mobile app a priority anytime you are notified that an update is available
Updates are usually deployed to enhance your security and protection by fixing bugs and app issues that can open you up to security threats.
5. Refrain from clicking on strange texts and ads that can expose you to malware attack
Only click on ads on reputable and trusted websites and apps.
6. Make sure you have an anti-malware app installed on your phone
At the very least, you can avail yourself of one of the free, reputable protection apps out there such as Kaspersky, 360 Security, Norton Security, etc. The problem is that these free options most times do not provide real-time scanning and protection. So if you highly value your phone’s security and level of protection or you conduct many of your bank transaction through your mobile phone, consider paying some money for more protection.
Pay attention to the apps you download and install. Be careful downloading apps from untrusted sources or websites. Download apps only from Android Play or IOS official store and avail yourself of the added layer of security that this provides.