NetworkTigers discusses mobile banking security and financial fraud.
How safe is your bank account? It turns out that the greatest risk to your wallet might come from something else you carry in your pocket or purse–your cell phone. Mobile banking is increasingly convenient, as 87% of Americans use their banking app at least once a month to pay bills, deposit checks, send or transfer funds, and set up autopay. However, mobile banking apps are also increasingly targeted by hackers and malware developers worldwide. A new study reveals that the number of malware families targeting mobile banking apps has more than doubled from 2022 to 2023. When your bank ignores vital cybersecurity standards or fails to close software loopholes in its mobile banking systems, it leaves your data and bank accounts open to cyber intrusions.
Study identifies emerging malware trends in mobile banking
According to a new study from research firm Zimperium, mobile banking is seeing a surge in financial fraud driven by new malware, diverse hackers, and even secondhand or rented banking trojans. Some emerging trends in financial fraud through mobile banking apps include:
- Automated Transfer System (ATS): Unauthorized transfers are one of the main red flags that you’ve been hacked. Many unauthorized transfers are disguised as legitimate purchases, system fees, or other recurring payments.
- Telephone-Based Attack Delivery (TOAD): This kind of phishing effort involves an initial intrusion through the app or online platform and a follow-up phone call to convince victims to share more important personal and financial data. Hackers often impersonate banking employees and ask for sensitive information as a necessary “confirmation” to secure an account from a supposed breach or set up a new service. Targeted information includes bank account numbers, PINs, social security numbers, birth dates, addresses, answers to security questions, and more.
- Screen sharing: This method involves remote access and control over devices like cell phones or personal computers to “troubleshoot” online banking problems. In reality, hackers exploit system vulnerabilities to gain access to accounts.
- Malware-as-a-service (MAAS): Cybercriminals don’t always develop their own trojans, ransomware, or other spyware. Malware-as-a-service is a growing field of cybercriminal activity that makes hacking accessible even to those who do not code. MAAS involves developing and selling (or renting) infectious malware to cybercriminals, broadening the pool of attacks and who might perpetrate them.
The top malware families to watch out for
In 2022, just ten malware families were prolific enough to be labeled as dangerous for those who bank online, and they were known to target 600 banking apps. However, there has been an enormous surge in mobile banking malware. There are now 29 malware families identified by the Zimperium study as directed towards mobile banking. The top 3 banking malware families for 2023 are:
- Hook
- Godfather
- Teabot
These cyberthreats were measured based on the number of banks that they targeted. Threat actors come from all across the globe, with Chinese cyber espionage development as one of the most prominent and growing sources of threat groups, according to security firm Mandiant.
Who are mobile banking targets?
While anyone who banks online can be vulnerable to a cyberattack through their phone, certain elements increase your account’s risk of becoming a target. For one, 93% of millennials report relying on mobile apps, saying that they prefer to manage their banking all in one place, followed by 90% of Gen X and 89% of Gen Z. Additionally, US-based banking institutions see far and away the most cyberattacks each year. As many as 109 US banks were targeted by malware in 2023. The next most targeted country was the United Kingdom, with 48 banking institutions attacked by malware, and then Italy, with 44 banking institutions at risk. Up to 61 countries had banks known to be targeted by banking trojans in 2023.
Banking malware families commonly threaten Simple banking apps that allow you to check your balance, deposit checks through your phone, and make and receive transfers. However, cybercriminals are increasingly evolving to aim at FinTech and cryptocurrency apps. As investment opportunities democratize via mobile-friendly financial platforms like Robinhood, Gemini, and Kraken, it becomes even more important that their web developers take cybersecurity seriously.
Traditional banking apps comprise 61% of the compromised mobile banking pool. As many as 1,103 mobile banking apps were compromised by malware in 2023, out of 1800 known to be targeted. Meanwhile, trading apps made up the remaining 39% of the Zimperium study.
How to stay safe through your mobile banking app
What you can do as a consumer is to choose to invest your hard-earned funds in banks that are transparent about their cybersecurity practices and have taken steps to keep you safe. If your bank does not offer two-step logins or multi-factor authentication for your account, consider whether you trust them with the bulk of your savings.
Do not download apps from third-party sources. Many trojans can come from sideloaded apps or third-party apps downloaded alongside a financial institution’s mobile platform. Once you have downloaded a financial institution’s app, keep it current. Software patches may become available to prevent intrusions or respond to evolutions in the threat landscape.
Never re-use passwords, especially across different bank accounts, and be sure you use strong passwords with a combination of different characters. Do not volunteer login information to unauthenticated callers or allow a screen share unless you are sure who you are speaking to. When in doubt, if you receive a suspicious call or text message, do not respond. Alternatively, hang up and call your bank back at a verified number.
Monitor your bank account for unauthorized transfers or charges you do not recognize or remember making. Be wary of phishing attempts or clicking on links in emails that appear to be sent by your bank.
Taking the threat seriously
Your mobile banking security safety depends on how seriously your bank’s cybersecurity practices are. Investment must be made in strong authentication protocols and closing backdoors and loopholes that allow malware families to get a foothold in mobile banking apps.
Simply put, the protection level must match the threat’s severity. As mobile banking becomes more and more of a target for cybercriminals, banking institutions must simultaneously take the risk as seriously as possible to keep their consumers safe. Mobile banking is convenient and can be secure. As threat actors aim at banking apps, financial institutions must rise to the challenge.
About NetworkTigers
NetworkTigers is the leader in the secondary market for Grade A, seller-refurbished networking equipment. Founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms, NetworkTigers provides consulting and network equipment to global governmental agencies, Fortune 2000, and healthcare companies. www.networktigers.com
