The Criminal Assault on Mobile Banking is Now in High Gear

Leigh

We are now in the beginning of the big change when, suddenly, mobile banking is under full-bore criminal assault.

That means your money is very much at risk.

That had not been so until now. Ask cybersecurity experts why mobile banking appeared to be significantly safer than online banking and a year ago they had quick explanations at the ready. Criminals were getting rich with proven online banking exploits such as Zeus, they well knew how to get the better of Windows, and – unlike Windows – the primary mobile operating systems have been built with security in mind at every step.

Online banking – which is what most of us preferred anyway a few years back – was simply a big, fat target of easy opportunity.

But as we flock to mobile, so do criminals.

One report now estimates there will be one billion mobile banking users by year-end. Other data says that in the US at least about half of online payments now happen via mobile.

Nobody now is saying mobile banking users can count on safety. Quite the contrary.

Kaspersky, the international security group, recently reported it had detected 2516 mobile banking Trojans in Q3 2015, a four fold increase over the previous quarter.

Yes, Trojans are epidemic in China and Bangladesh, but don’t think it is just users in the developing world who are falling victim to mobile banking attacks. In Kaspersky’s recent ranking of countries with the most mobile victims, Australia – surprise! – topped the list on the basis of percentage of users attacked via mobile banking channels. The number of Aussie victims – 85% of all users – is in fact more than twice as many as number two, Korea (40%), a country that is under continuing, relentless assault from its neighbor to the north.

We all – regardless of nation – have to be concerned about attacks aimed at our use of mobile banking.

Over at security company Trend Micro, spokesperson Christopher Budd said that “absolutely mobile banking has been under attack. We have said this for a year. There is increased attacker interest.”

At Experian, Mike Gross, director of risk strategy, fraud and identity services, ominously said: “Mobile malware continues its meteoric rise, and the sophistication and number of new variants is an ongoing challenge for banks and other large enterprises.”

Said Brian O’Hara at Rook Security: “Attackers continue to find new and innovative ways to make their efforts fruitful.”

The bigger, scarier point – criminals are not necessarily seeking to replicate Zeus on phones. They are instead hunting for vulnerabilities unique to phones and attempting to exploit them. Such as? Phones have a small screen size – that makes it more cumbersome to really eyeball links before clicking. So criminals are tricking us into clicking on links we would laugh at on a big monitor. Criminals are also hunting for ever more ways to direct malware laden advertising (“malvertising”) at our phones. Then, too, most phones have no meaningful security software installed. And, lastly, most of us have come to see mobile phones as a safe harbor, a good place to do our banking and payments so we are lulling ourselves into a sense of misguided security.

The trend outlook: expect more and better attacks on mobiles in 2016. It’s time to be scared.

What can you do to increase your safety? Trend Micro’s Budd offered a two step program: “If you practice good mobile skills – if you only get apps from Google, Amazon, Apple and you run a security package – you will probably be safe.”

Read that again. Budd is saying don’t jailbreak iPhones so apps can be downloaded outside the official Apps Store and, on Android, only download apps from Google Play and the Amazon App Store. All three companies – Amazon, Apple, Google – are believed to spend heavily on tools for screening apps for safety.

Never download from 3rd party apps stores and certainly not from stray websites.

Are Apple, Amazon and Google perfect in screening apps? Of course not. Criminals are ever inventive and persistent.

But your odds of staying safe when mobile banking just are a lot higher when you stick with the blue chip outlets for all apps on your phone.

And always be mindful of what you click on and where you are landing. No, that’s not always easy with mobile – but double-down and do it anyway.

That is a sure route to dramatically safer mobile banking.

Leave a Comment