As the public increases its use of mobile banking apps, partially due to increased time at home, the FBI anticipates cyber actors will exploit these platforms.

Americans are increasingly using their mobile devices to conduct banking activities such as cashing checks and transferring funds….   Studies of US financial data indicate a 50 percent surge in mobile banking since the beginning of 2020……

Tips to Protect You and Your Organization

Obtain Apps from Trusted Sources
Private sector companies manage app stores for smartphones and actively vet these apps for malicious content. Additionally, most major US banks will provide a link to their mobile app on their website. The FBI recommends only obtaining smartphone apps from trusted sources like official app stores or directly from bank websites.

Use Two-Factor Authentication
Since 2016, surveys of application and website users have identified that a majority of users do not enable two-factor authentication when prompted. These users cite inconvenience as the major reason to avoid the use of this technology. Cybersecurity experts have stressed that two-factor authentication is a highly effective tool to secure accounts against compromise, and enabling any form of two-factor authentication will be to the user's advantage

Do:

  • Enable two-factor or multi-factor authentication on devices and accounts to protect them from malicious compromise.
  • Use strong two-factor authentication if possible via biometrics, hardware tokens, or authentication apps.
  • Use multiple types of authentication for accounts if possible. Layering different authentication standards is a stronger security option
  • Monitor where your Personal Identifiable Information (PII) is stored and only share the most necessary information with financial institutions.
Don't:
  • Click links in e-mails or text messages; ensure these messages come from the financial institution by double-checking e-mail details. Many criminals use legitimate-looking messages to trick users into giving up login details.
  • Give two-factor passcodes to anyone over the phone or via text. Financial institutions will not ask you for these codes over the phone.
 

RETURN TO CYBER SECURITY & FRAUD AWARENESS