Fake mobile banking apps that mimic major blue-chip bank apps are having resounding success: More than one in three consumers are fooled by fraudulent versions.
According to Avast, consumers worldwide who use mobile banking apps are at a greater risk of being tricked by cybercriminals and falling victim to mobile banking theft. In a survey of 40,000 consumers in 12 countries, 58% of respondents identified the official mobile banking app as fraudulent, while 36% mistook the fake interface for the real one. In Spain, the results were similar at 67% and 27%, respectively, compared to 40% and 42% in the US.
The findings highlight the level of sophistication and accuracy applied by cybercriminals to create trusted copies designed to spy on users, collect their bank login details and steal their money.
Avast said that the banks targeted by cybercriminals and put under the microscope in the survey include Citibank, Wells Fargo, Santander, HSBC, ING, Chase, Bank of Scotland and Sberbank. Despite the banks having strict security measures and safeguards in place, their large customer bases make them attractive targets for cybercriminals to develop fake apps that can mimic their official apps.
“We are seeing a steady increase in the number of malicious applications for Android devices that are able to bypass security checks on popular app stores and make their way onto consumers’ phones,” said Gagan Singh, senior vice president and GM of mobile at Avast. “Often, they pose as gaming and lifestyle apps and use social engineering tactics to trick users into downloading them.”
In November 2017, Avast’s Threat Labs Mobile team discovered a new strain of the BankBot Trojan in Google Play targeting consumers’ bank login details. Avast analyzed the threat in collaboration with ESET and SfyLabs. This latest variant was concealed in supposedly trustworthy flashlight and solitaire apps. Once downloaded, the malware would initiate and target the apps of blue-chip banks. If a user opened the banking application, the malware would create a fake overlay on top of the genuine app with the goal of collecting the customer’s banking details and sending them on to the attacker.
Roughly two in five (43%) survey respondents worldwide said they use mobile banking apps. In both Spain and the US, almost half (46%) said they were active users. Of the respondents that don’t bank via smartphone or tablet, almost one third (30%) pointed to a lack of security as the leading concern. This concern was shared by 21% of the respondents in Spain and 36% in the US.
The survey also found that consumers across the globe are more concerned about having money stolen from their checking accounts than losing a wallet or purse or having their social media accounts hacked and their personal messages read. Globally, 72% of respondents voiced financial loss as their primary concern. In Spain, 85% of consumers said the same, while 71% in the US said so.
“More often than not, consumers can rely on trusted app stores like Google Play and Apple’s App Store to download applications, but extra vigilance is also advised,” said Singh. “It’s important to confirm that the banking app you are using is the verified version. If the interface looks unfamiliar or out of place, double-check with the bank’s customer service team. Also use two-factor authentication if it’s available and make sure you have a strong antivirus for Android installed to detect and protect you from money-grabbing malware.”