Mobile banking applications that help users check account balances, transfer money, or pay bills are quickly becoming standard products provided by established financial institutions. Banks are adding more sophisticated services and features, allowing users to transact faster and more efficiently. And alternative online payment options, such as PayPal’s Venmo or Square’s Cash app, are also quickly gaining popularity. Many users appreciate the fast and informal transactions these applications offer.
But as these applications gain ground in the banking landscape, cybercriminals are not far behind.
Attackers can use different methods to compromise mobile banking users — from fake applications and snooping, to attacks via malicious network connections and abusing stolen account credentials — and that’s not the end of it. Banking trojans have become more advanced and sophisticated in 2019. The Aunbis malware, for example, has been continuously updated since it first emerged in 2018. In 2019, it adopted motion-based sensors to elude sandbox analysis and overlays to steal personally identifiable information. This August we also saw that the banking malware Trickbot launched a campaign that spread spam emails with malicious attachments. More recently, counterfeit apps were spotted pushing the Ginp Trojan, which steals user login and credit card information.
Since financial apps are all so closely connected or directly tied to a user’s finances — which consequently makes them attractive cybercriminal targets — security should be a top priority. Below we provide tips and guidelines for securing mobile banking applications, and adding layers of defense to help avoid digital threats.
Secure Mobile Banking Applications
Download from trusted, legitimate sources to minimize exposure to fake apps.
Update as soon as possible — the most current version of an app will have fixes for the latest known vulnerabilities.
Enable any built-in security features of your banking apps. These can include idle time-outs, which require users to log in again after each transaction or a period of elapsed time.
Delete junk mail and messages regularly to lower the chances of clicking on a malicious link, and do not open any attachments in unsolicited email from unknown senders.
Establish Safe Network Connections
Don’t bank while connected to unsecured Wi-Fi networks in public places; or, use a VPN to encrypt transactions.
On a mobile browser, only log onto banking or financial websites that use https addresses and show a padlock icon, indicating that the site employs encrypted communications.
When using banking apps in a public place, use it over 3G, 4G, or LTE. Also, turn off Wi-Fi and Bluetooth to prevent snooping.
Protect Online Financial Accounts
Enable two-factor authentication on all your financial apps, and install authenticator apps if available. The codes, which are required to log in, are usually sent via SMS or to the registered authenticator.
Disable auto-complete in your financial apps or browser log-ins, and make sure not to store passwords in your browser.
Don’t respond to any texts or emails that request your PIN, account number, or any debit or credit card number.
Use a strong and unique password for each financial application, and make sure to log off after transactions.
Monitor your accounts so you can quickly spot any suspicious activity.
Tools to Enhance Mobile Security
Mobile application manufacturers and financial institutions are generally responsive to threats and constantly improve their products and services. But, aside from consistently patching and updating, there are other ways to keep your mobile banking secure.
Trend Micro Mobile Security for Android and iOS provides a complete endpoint security system for mobile devices, including protection from browser, web, file, and app security threats. Trend Micro’s Wi-Fi Protection for Android and iOS provides a VPN for public Wi-Fi hotspots using Trend Micro’s secure cloud servers, which encrypts the Wi-Fi connection and prevents hijacking via man-in-the-middle attacks. Trend Micro HouseCall for Home Networks for Android and iOS (as well as Windows and Mac) scans all of the devices on the home network for privacy leaks and other network infections, since many home network devices have security issues that attackers can use to control them or the network itself.
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).