According to a new poll conducted by Avast, a multinational cybersecurity business, one in every three global users mistook fraudulent mobile banking software for the real thing, putting their financial data at risk. Avast polled 40,000 people in 12 countries, including the United States, the United Kingdom, Germany, France, Russia, Spain, and Argentina, regarding the validity of counterfeit mobile banking apps vs. genuine ones.
The findings were astonishing: 58% of respondents felt an official mobile banking app was fake, while 36% thought a fraudulent app was an authentic one. In the United States, 40% thought a legitimate app was a fake, while 42% thought a counterfeit app was the actual thing.
Fraudsters, according to Avast, imitate banking apps from big global banks such as Citibank, Wells Fargo, Santander, HSBC, ING, Chase, and the Bank of Scotland. Because of their massive customer bases, these banks are attractive targets for cybercriminals looking to scam their customers. Two-fifths (42%) of poll respondents stated they utilised mobile banking apps.
“We are seeing a steady increase in the number of malicious applications for Android devices that can bypass security checks on popular app stores and make their way onto consumers’ phones,” said Gagan Singh, senior vice president and GM of mobile at Avast. “Often, they pose as gaming and lifestyle apps and use social engineering tactics to trick users into downloading them.”
How the Malware Works
Cybercriminals trick consumers into using their fake mobile apps by installing malware on smartphones.
For example, in November 2017, Avast discovered a new strain of the BankBot Trojan virus lurking in the Google Play app store. The malware was hidden in flashlights and solitaire apps. Once a consumer downloaded one of the apps, the Trojan would target any banking apps currently on the consumer’s device.
When the consumer tried to use a legitimate banking app, the malware would fool the user by creating a fake app that was overlaid on the real thing. Cybercriminals were then able to collect username and password information that consumers entered. Targeted banks included Chase, Wells Fargo, and Citi.
How You Can Protect Yourself From Fake Apps
To protect your financial data from falling into the wrong hands
1. Verify the App Is Legit: Avast advises consumers to confirm that any banking app they are using is the official, verified version. If you suspect that something is off, contact your bank directly to make sure that you are using the real thing.
2. Only Use Official App Stores: You should also only download apps from official stores like Google Play and the Apple App Store—these companies do put security measures in place to weed out malware.
Make sure you are using two-factor authentication whenever it is available, and consider installing a mobile antivirus protection app on your phone that can detect malware if it winds up on your device. TechRadar rounds up the best ones for both Androids and iPhones.
3. Reconsider Before Jailbreaking Your Phone: If your smartphone is “jailbroken”—that is, it has bypassed certain restrictions placed on the operating system of the device—avoid conducting mobile banking on it. Jailbroken devices may lack certain security procedures that could protect you from malware (plus jailbreaking your phone also usually voids any warranties on it).
4. Keep Your Smartphone Up to Date: That means downloading the latest security and operating system updates promptly—these updates often protect consumers from the latest attacks.
5. Don’t Click Links in Texts and Emails Unless You Verify the Sender: Just as on your computer or tablet, you should be wary of links in emails and texts. Before clicking, make sure you know who it’s from and don’t fall for fake URLs or texts posing as your bank.