Mobily banking is definitely a useful form of handling financial services. We don’t have to go to physical service points, we are able to “arrange” everything via the Internet, also thanks to mobile phones. However, it is important to know that mobile banking applications are also certain risks which may harm us if we do not apply certain simple security rules.
Regardless of whether you are using mobile banking via a browser and a web application embedded in the financial system or an application directly linked to the banking infrastructure, you must remember about a few rules and learn about certain types of cyber threats, which in certain circumstances may not only steal your data, but also result in the loss of money.
The development of online banking has meant that cybercriminals are constantly looking for methods of attack that will result in a rapid injection of cash – at the cost, of course, often unaware of the threat to victims. Some of the best mobile banks are actively running information campaigns to raise consumer awareness of all kinds of cyber threats, but unfortunately, this is a drop in the ocean of needs. See how little you can do to fully protect yourself against the loss of funds.
Did you know that the most effective method of attack is… social engineering?
Cybercriminals are not only computer geniuses, who are able to quickly find gaps convenient for them and build for them so-called exploits, i.e. malicious codes that allow exploiting a specific vulnerability. The weakest link in any security system is actually a person who may not notice that he is dealing with a trap set by criminals. So how can we take advantage of this fact? Confirming the victim in the belief that he or she is dealing with banking infrastructure and can provide him or her with authentication data.
Let’s assume that you have received an email stating that your bank account has been blocked. In order to retrieve it, you have to enter your login and password and then a one-time code from the card periodically sent to you by the bank or the one that is delivered to you by SMS. You are right to perform these operations and… You are horrified to discover that money has been stolen from your account. Yes, you have become a victim of cybercriminals – you could have avoided it.
This attack is called “scam” – cybercriminals intentionally prepare messages in such a way that they look like they could have come from banking services. They then send them to a number of addresses, which may include someone who “swallows the hook” and gives all data to cybercriminals on a tray. Remember that the bank will never ask you to log in via e-mail and will never require you to use a one-time code.
Every time you log in from banking services in your browser, check if the valid HTTPS protocol is used. If not, don’t give your details under any circumstances!
Also, each time you access any banking site at all, check if you are using an encrypted connection. No HTTPS protocol, in this case, is the first sign that something is wrong. If you do not see in the bar the address of the “green padlock” and information about a valid certificate, do not give any data under any circumstances. With a great deal of probability, you are just standing in front of a skillfully made trap.
Malicious apps on your phone can also steal money from your account
As the latest events in this matter indicate, not only programs installed outside the Google Play store can do us considerable damage. Unfortunately, Google cannot cope with the influx of Trojan horses and other dangerous applications in its own repository and even seemingly safe suggestions may contain malicious code. Remember to check the reviews before installing anything – users usually quickly realize that a particular program does not work as it should. You should also take a close look at the rights that the application asks for. If it is e.g. access to SMS messages or opening/installation of other programs, it is rather not worth introducing it to our device.
A malicious program can successfully pretend to be its safe variant. Recently there was a case of a user downloading an application to track cryptocurrency exchanges, after which it turned out that it asked for surprisingly large permissions (it could even record what was happening around the device). Moreover, the application monitored the applet of banking services on an ongoing basis – it was able to log in to the financial infrastructure itself, make a transfer and confirm it with a one-time code from an SMS message. Everything took place in a flash – the user was not able to notice it.
Whether you are installing applications from the store or from external repositories such as APKMirror, check the reviews of other users and carefully follow what permissions the application wants to reserve. If you have any doubts in this matter, it is better not to decide to install a specific program – you will save your nerves and money.
Signs of bank trojan infection. What to pay attention to?
Some malicious programs mask their presence very effectively – others with social engineering go a little further, which allows for their quick identification. First of all, you should check your device with a mobile antivirus scanner, which will effectively check all files on your device. After the whole operation, you can remove it if you are afraid that it will slow down your device. Due to the specificity of Android, proactive real-time protection is usually not worth the reduced hardware performance.
If you have noticed that your phone has slowed down considerably recently, but you do not find any logical explanation for this state of affairs, the scanning procedure should be the first thing you do. In addition, other factors point to the infection – if you receive “strange” advertisements or suspicious notifications, especially regarding e.g. errors in banking services or unexpected transfers – it is probably the action of the bank trojan who intends to redirect you to a crafted login page.
Of course, under no circumstances should you run such notifications and not enter any login data – even if they look really reliable. Cybercriminals, even those from abroad, are able to perfectly copy the appearance of financial applications so that the user has as little doubt as possible. If you think that you may be a victim of such an attack – contact the bank and temporarily block online banking.
Prudence is the best weapon against cybercriminals
You don’t need much to be resistant to malicious attacks of the cybercriminals. It is worthwhile to take a cautious approach to such issues and every time you have doubts about your security, look at the operation of specific websites or applications. Under no circumstances should you open links in suspicious e-mail messages and provide any login details. Banks themselves stipulate that they do not include links to the e-banking login page in their emails, so if you see such links in an email that even looks like the one sent by your bank, be very careful.