Logo

American Security Council Foundation

Back to main site

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

FBI Alert Warns of Fraudsters Targeting Mobile Banking Apps to Defraud Americans

Tuesday, June 23, 2020

Categories: ASCF News Emerging Threats Cyber Security

Comments: 0

The FBI has released a warning that cybercriminals were targeting mobile banking apps to defraud Americans during the Coronavirus pandemic. The adoption of online banking, which has witnessed a 50% rise during this period, has made financial institutions lucrative targets for criminals wishing to make a quick dollar. The FBI alert said it expected cyber actors to attempt to exploit new mobile banking customers using a variety of techniques, including the use of app-based banking trojans and fake mobile banking apps during the social distancing period when most Americans relied on online services to complete their transactions.

FBI alert warns of banking trojans and fake mobile banking apps

The FBI alert said there was an increased risk for Americans using online banking because of the proliferation of mobile banking trojans. The alert said users were tricked into downloading malicious software that lurks on the user’s mobile device until the user downloads a legitimate banking app. Once the user attempts to use the official mobile app, the banking trojan overlays the legitimate app’s login page, tricking the user into entering their authentication credentials on the malicious app. The malicious actors then use this information to log in to the user’s bank account and initiate a fraudulent transaction online.

Fake mobile banking apps have also become a significant threat where many users are tricked into downloading rogue apps masquerading as the official mobile banking apps, according to the FBI alert. Over 65,000 fake mobile banking apps were found on major app stores in 2018, signaling a major problem.

The FBI alert warned of concerted efforts by threat actors to exploit the current crisis to defraud Americans who relied on online transactions to finance their most pressing needs. The FBI’s Internet Crime Complaint Center already witnessed a spike in the number of complaints, which have quadrupled to about 4,000 per day compared to the rate of 1,000 reports per day before the crisis.

A prior FBI alert had warned of Chinese hackers targeting healthcare institutions and other organizations taking part in COVID-19 research. Health agencies such as the Department of Health and Human Services and the World Health Organization have come under attacks from cybercriminals during the emergency period.

Working from home has led to the increased online presence of many workers hence creating a larger pool of potential victims for targeting by cybercriminals. Similarly, many essential services have moved online, thus exposing their users to possible attacks by hackers. For example, 75% of Americans have used mobile banking to complete online transactions since January, according to various analytics firms. The popularity of mobile banking apps because of their convenience and trust compounds the issue, thus leaving many Americans vulnerable to online attacks. Additionally, the curiosity and anxiety of remote workers have also crowded their judgments, thus making them more likely to fall for online scams.

Guidelines to secure your account

The FBI alert directed Americans to only download mobile banking apps from official app stores or from their bank websites. The warning also advised users to secure their accounts with strong passwords and activate two-factor authentication (2FA) on their online accounts.

The FBI alert also advised any user who encountered suspicious mobile banking apps claiming to belong to a particular financial institution to contact the bank in question and clarify their doubts. Additionally, a user should never reveal his or her username and password over the phone because financial institutions never request such information over the phone. Americans should also use unique passwords on different sites to avoid compromising their other accounts if hackers breached one of their online accounts. Such security measures will keep hackers at bay and prevent them from benefitting from the current crisis.

Chris Hazelton, Director of Security Solutions at Lookout, commented that: “There are a large number of fake mobile apps, with many targeting the immediate payday by stealing banking credentials. However, most of these apps do not make it to public app stores. Users are often taken to websites that mirror real sites to download fake apps.”

“Almost all users use a case to protect their phones from physical threats, but they should also protect the digital side of their smartphones to protect from malicious apps. They should also install mobile security software to protect their data and identities. Many services are free to use, and can easily be upgraded for even more protections,” advises Hazelton.

Kacey Clark, a Threat Researcher at Digital Shadows, says criminals were leveraging the expanding user base of mobile banking apps to expand their attack landscape. “While many bank lobbies are closed and people choose to stay home to avoid coming into contact with COVID-19, it makes sense that banking customers are turning to mobile banking apps to deposit checks, transfer money, and pay bills. With this, cybercriminals are opportunistically leveraging the recently expanded mobile threat landscape. During our research, we have observed multiple impersonation apps, which contain dangerous permissions that can give the app access to highly sensitive information or perform invasive actions on the user’s behalf: read and write SMS, authenticate accounts, capture and collect photos, request authentication tokens, process outgoing calls, read contacts, add or remove accounts, etc.”

She added that users were misled into downloading fake apps that exploited elevated permissions that mirrored those of legitimate apps to harvest login credentials. The stolen details could then be used to bypass authentication on users’ online accounts.

“Generally speaking, the mobile banking apps are safer than their companion websites, and the rule of thumb is to never click a link from an email or text message related to your bank accounts but instead go directly to the bank’s app or website and check there for a message or alert,” recommends Josh Bohls, Founder of Inkscreen.

Link and photo: https://www.cpomagazine.com/cyber-security/fbi-alert-warns-of-fraudsters-targeting-mobile-banking-apps-to-defraud-americans/?mc_cid=76135c2d92&mc_eid=9461eea96c

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.