The New Way You’ll Get Hacked: Through That Banking App on Your Phone.
Hackers have found a new way to access your online banking accounts — and it’s on the rise across America. Hackers are accessing smartphone users’ bank accounts through an increasingly inventive array of malware attacks, ranging from text messages to gaming apps.
As many as 3 percent of Android users have encountered a mobile threat in the past year, said Mike Murray, vice president of Cyber Security Online Training at Lookout, a mobile app security firm. “While that number may seem relatively low, consider a business with 1,000 employees who use their phones for work and personal matters. That means 30 of them are potentially exposing the business to a threat, making this an even more serious problem.”
An estimated 43 percent of smartphone users who have a bank account used some form of mobile banking, according to the most recent Federal Reserve Consumers and Mobile Financial Services report covering . And yet: “I know almost no one who has security software on their phone,”
Of the 781 data breaches tracked in the United States last year, 71 were banking-related, according to the Identity Theft Resource Center. Though that might appear to be a fairly low incidence, it is double what was reported the previous year.
People just aren’t taking the same precautions to secure their phones the way they would their computers, leaving them in a vulnerable position.
New Names, Old Tricks
Hackers’ tricks include places you wouldn’t expect, such as the Black Jack Free App in the Google Play store.
While the app, which has since been removed, promoted a fun game, Lookout found it had a hidden agenda.
To become a Certified Ethical Hacker Click on Ethical Hacking Training
“Apps from this malware family silently download a secondary app that displays overlay windows over legitimate banking apps and some other popular apps such as Facebook and Skype to trick people into entering their online banking credentials and credit card information,” a Lookout blog post explained in May.
In another instance, a security researcher in Sweden found just a few lines of code exposed a vulnerability that could have allowed a bad actor to steal as much as $25 billion from an Indian bank, according to Motherboard.
While banks in the United States all have levels of fraud protection, a digital heist can create a major headache and even raise questions of liability if a phishing attack is used, Alex Rice, founder of HackerOne, a bug bounty firm.
One common phishing tactic involves posing as a company and sending a user to a site that appears legitimate, prompting them to enter their account credentials.
“Anytime someone is asking you do something online or take an action, you should be extremely skeptical,”
Three Things You Can Do Now to Stay Safe
The experts NBC News talked to all agreed that mobile banking is a convenience we should continue to enjoy. However, they noted it’s crucial to take a proactive approach to your security.
Robert Siciliano, CEO , recommends people stay vigilant by asking their bank or credit card company to alert them any time a transaction is completed that is above a certain amount.
“They all provide some level of notification in regards to transactions,” he said. “You can get a text, an email every time there is a charge, withdrawal, deposit — these are all options. I think that is such a great thing so you can know if something is happening in real time.” Ethical Hacking
The second action experts recommend is making sure you are running the latest version of any apps, and that your operating system is up to date. This will ensure you’re working with the most secure versions available.
