Washington is worried that COVID-19 will infect mobile banking via cybercrime
The FBI has issued an alert saying that agents anticipate mobile banking exploits attacking businesses and consumers. Agency officials are advising industries and consumers to adopt two-factor authentication, including biometric measures.
The alert (I-061020-PSA) is a warning and does not mention specific crimes that the federal government might be investigating or that agents have learned about.
Economic disruptions and personal worries resulting from the COVID-19 pandemic are creating an environment that criminals can take advantage of, according to the alert.
The FBI, citing research by unnamed “US financial technology providers”, and not named financial institutions, says that about 35 percent of people in the United States plan to conduct “banking activities” online. One in five, according to the report, will visit bank branches less often.
If those statistics are not fuzzy enough, the FBI alert says: “Studies of US financial data indicate a 50 percent surge in mobile banking” this year.
On somewhat firmer ground, agency officials said that more than 75 percent of Americans used mobile banking “in some form” last year. Those newer to online banking will be more susceptible to attacks including fraudulent banking apps and application-based banking trojans.
Citing unattributed industry numbers, the FBI says almost 65,000 fake banking apps were spotted on application stores last year, a tactic that is “one of the fastest growing sectors of smartphone-based fraud.”
The alert offers tips to avoid becoming a victim including boilerplate wisdom about conducting good password hygiene and demonstrating healthy link skepticism.
However, officials also urged adoption of two-factor authentication “if possible via biometrics, hardware tokens, or authentication apps.”
A statement released by OneSpan, a digital security vendor, applauded the FBI recommending biometrics for online protection. It panned the use of “known-to-be-vulnerable” SMS codes sent to authenticate identities.