Cybersecurity

FBI warns hackers are targeting mobile banking apps

The FBI on Wednesday warned that malicious cyber actors were targeting mobile banking apps in an attempt to steal money as more Americans have moved to online banking during the coronavirus pandemic.

In a public service announcement, the FBI noted it expects to see hackers “exploit” mobile banking platforms, which have seen a 50 percent surge in use since the beginning of the pandemic.

“With city, state, and local governments urging or mandating social distancing, Americans have become more willing to use mobile banking as an alternative to physically visiting branch locations,” the agency wrote. “The FBI expects cyber actors to attempt to exploit new mobile banking customers using a variety of techniques, including app-based banking trojans and fake banking apps.”

The FBI specifically pointed to threat of banking trojans, which involve a malicious virus hiding on a user’s mobile device until a legitimate banking app is downloaded. Once the real app is on the device, the banking trojan then overlays the app, tricking the user into clicking on it and inputting their banking login credentials.

Fake banking apps were also cited as a threat, with users in danger of being tricked into downloading malicious apps that also steal sensitive banking information. 

In order to combat these threats, the FBI recommended that Americans only download banking apps from official app stores or from banking websites and that banking app users enable two-factor authentication on their accounts and use strong passwords.

“If you encounter an app that appears suspicious, exercise caution and contact that financial institution,” the FBI emphasized. “Major financial institutions may ask for a banking PIN number, but will never ask for your username and password over the phone.”

The PSA is not the first warning the FBI has put out during the COVID-19 pandemic, as hackers have stepped up efforts to target individuals working and socializing online. 

The FBI and the Cybersecurity and Infrastructure Security Agency warned last month that Chinese-backed hackers were targeting health care and research groups involved in developing COVID-19 treatments. 

A top FBI official said in April that the FBI’s Internet Crime Complaint Center was receiving between 3,000 and 4,000 cybersecurity complaints each day, a major jump from prior to the COVID-19 pandemic when about 1,000 complaints were received daily.

Major agencies including the World Health Organization and the Department of Health and Human Services have also been targeted by hackers, and scams tied to efforts to use coronavirus concerns to steal sensitive information have also spiked.