The FBI has published a Public Service Announcement concerning targeted exploitation of mobile banking apps due to the increase in the use of them as a result of the COVID-19 crisis. It’s estimated that more than 75% of Americans used mobile banking somehow in 2019. Since 2020 there has been a 50% increase and this percentage is likely to go higher and become a permanent fixture as the world adapts to a post COVID-19 environment.
The convenience of technology also brings challenges. Fraudsters are aware of the increase in our reliance on these forms of technology and are focusing their energy in that direction. There are two particular methods fraudsters are using; an app based banking Trojan (this is a type of malware disguised as legitimate software such as games or tools, and allow fraudsters to gain access to user systems), and fake bank apps. Trojans work when a victim launches their legitimate bank app, they create a false version of the bank’s login page to steal credentials. Fake bank apps impersonate the real apps of major financial institutions and once credentials are entered, the victim receives an error message.
Here are some tips to help protect you:
- Only download apps from trusted sources such as official app stores. Many financial institutions provide links on their websites to the legitimate apps. If you access our website using a mobile device the direct links for that device are readily available to you.
- When feasible, enable two-factor or multifactor authentication. This means that a user is only granted access after successfully presenting two or more pieces of evidence (factors) to an authentication mechanism, usually something only the user knows and something only the user has. These are effective means to reduce the likelihood of an account compromise that Merrimack County Savings Bank uses to protect your data and your finances.
- Avoid reusing passwords across multiple logins.
- Avoid the use of common passwords (e.g. Password12!!).
- If using a password for authentication, use a strong password. Strong passwords are generally at least 8 characters long, have uppercase letters, lowercase letters, numbers and symbols in them.
- Regularly monitor your accounts and report any suspicious activity to your financial institution.
- Know where your personally identifiable information (PII) is stored and limit what you share. Examples of PII include your full name, social security number, driver’s license number, bank account number, passport number and email address.
- If app looks suspicious, exercise caution.