SALEM, Ore. (KTVZ) -- As many of us start to use more mobile banking apps while we are spending more time at home, the Oregon attorney general and the Oregon Bankers Association are warning Oregonians to be on high alert for cyber actors exploiting these platforms using app-based banking trojans and fake banking apps.
Last week, the FBI issued a warning that specifically pointed to the threat of banking trojans, which involve hiding a malicious virus on a user's mobile device until a legitimate banking app is downloaded. Once the real app is on the device, the banking trojan then overlays the app, tricking the user into clicking on it and inputting their banking login credentials.
Fake banking apps were also cited as a threat, where users are tricked into downloading malicious apps that steal sensitive banking information.
"With city, state and local governments urging or mandating social distancing, Oregonians have become more willing to use mobile banking as an alternative to physically visiting branch locations," Oregon Attorney General Ellen Rosenblum said. "It is shameful that scammers are trying to take advantage of this. In order to combat these threats, I am sharing the following tips to keep you, your money and your personal information protected."
1. Obtain Apps from Trusted Sources
Only download apps from trusted sources. Many financial institutions provide a link to their mobile banking app on their website. You can also scan a QR code that will direct you the official app store where you can download and install the corresponding app.
2. Use Two-Factor Authentication
Cyber security experts have stressed that two-factor authentication is a highly effective tool to secure accounts against compromise and enabling any form of two-factor authentication will be to the user's advantage. For more information on how to use two-factor authentication, visit OnGuardOnline.gov.
3. Use Strong Passwords and Good Password Security
Cyber criminals regularly exploit users who reuse passwords or use common or insecure passwords. To mitigate these attacks, create strong, unique passwords, and be sure to make passwords or passphrases 15 characters or longer. For more information on using strong passwords and password security, visit OnGuardOnline.gov.
4. If a Banking App Appears Suspicious, Call the Bank
If you encounter an app that appears suspicious, do not download it before confirming it is legitimate. To confirm, call the bank at the customer service number posted on their website.
"Mobile banking has revolutionized the way we do banking, and it is a very effective technology to increase accessibility and help us manage and protect our accounts," said Oregon Bankers Association President Linda Wilhelms Navarro. "At the same time, no technology is totally immune from fraudsters and scam artists. The banking community is committed to working with alongside its customers to prevent and put a stop to mobile banking fraud."
For more tips on how to avoid mobile banking fraud, visit https://www.aba.com/advocacy/community-programs/consumer-resources/protect-your-money/protecting-your-mobile-device.
If you have been a victim of an app-based banking trojan or fake banking app, file a complaint online at www.oregonconsumer.gov or call 1-877-877-9392 and ask that a complaint form be mailed to you.