However, as our use of mobile banking increases, so too does the risk of being targeted by mobile malware, according to security firm Check Point. In their mid-year trends report, the company found cyberattacks on smartphones had risen by 50% in the first half of 2019 compared to the same period last year, and suggested the key reason for this spike was the growing use of mobile banking applications.
So, if hackers are increasingly turning their attention towards our smartphones, how can we ensure our devices – and finances – stay secure?
Here are a few key points about mobile phone banking security – including some stand-out risks, how to know if your phone is affected by malware, and steps you can take to help protect yourself.
What are some of the risks of mobile banking?
While the operating system (iOS or Android) on your smartphone and your bank’s mobile app will carry some built-in security features, there are still ways for your data to be compromised through mobile banking. Some of the major risks to look out for include:
Phishing scams typically involve someone contacting you via email, sms, mms, phone or social media posing as a trusted institution or company in order to get your banking information, passwords or usernames.
The scammer may ask you to provide personal information straight to them, or alternatively aim to trick you into clicking on a link or downloading a file, which then spreads malware (malicious software such as viruses and spyware) onto your mobile device.
— Nine News Australia (@9NewsAUS) June 5, 2019
Network breaches through public Wi-Fi
One of the main dangers of using public Wi-Fi networks while mobile banking is that data over this type of open connection is often unencrypted and unsecure. This can leave you open to ‘man-in-the-middle’ attacks. These attacks occur when hackers exploit security flaws in the public Wi-Fi network to intercept data that passes between you and the website you visit – including stealing banking logins, or account details. They may also hack into these networks to install malware on your device.
Fake banking apps
Another method for scammers to get access to your mobile banking data is through the use of fake banking apps. These apps impersonate official mobile banking apps to trick customers into downloading them, and from there will typically phish for credit card details or banking logins. While it is rare for these apps to get past the Google or Apple store authentication process, there have been instances of this occurring.
Lack of phone security
If you don’t have a pin or fingerprint detection set up on your smartphone to gain access to the phone itself or to your banking app, then you could be putting your banking data at risk if your phone is stolen or lost. If your pin or password for your bank account is weak and easy to guess, it may also open the door for hackers to get in and steal your data.
How do you check your phone for malware?
Malware often operates quietly in the background, so it can sometimes be difficult to tell if your mobile device has been infected. Look out for potential tell-tale signs of a breach, such as unexplained spikes in data usage, applications crashing regularly, a faster battery drain than usual, mystery pop-up ads or applications, and your device shutting down or restarting itself unexpectedly.
If you think your phone has been compromised, you could consider installing a reputable mobile anti-malware app to run a scan of your device, try to detect malicious activity, and execute malware removal on your phone. Alternatively, you could consider taking it to your phone provider or a repair store, or reset your phone completely by restoring factory settings – just remember to back up any on-device data you’d like to keep beforehand.
12 tips to help make your mobile banking more secure
When it comes to mobile security, it’s important to stay vigilant and act as a first line of defence for your personal device and data. Here are some tips to help reduce vulnerabilities and increase your protection against mobile malware attacks:
1. Keep applications updated
Keep your device operating system and applications up to date. One way to do this is by ensuring automatic updates are enabled under settings on your phone.
2. Research apps before downloading
Thoroughly research apps or software before downloading them onto your phone. Conduct a Google search, read online reviews on Google Play or the Apple Store, and ask trusted peers for recommendations. If in doubt, only download trusted mobile banking applications directly from your bank.
3. Use multi-factor authentication
If your bank supports it, enable two- or multi-factor authentication on your login (such as a code sent to your mobile, or a question about your first pet’s name). This will make it much harder for hackers to access your accounts, and you’ll be alerted to any attempts to log in from other devices.
4. Download security software
Consider using any free security software provided by your bank or download your own high-quality security software, preferably with remote deletion options that allow you to remotely wipe any data stored on your device in the event it’s lost or stolen.
5. Avoid jailbreaking your phone
If you jailbreak your phone (removing manufacturer or carrier restrictions on your device), this will remove security features and could make a smartphone more vulnerable to remote attacks.
6. Use a pin or password to lock phone
Set up a PIN, password or fingerprint to secure your mobile devices when you aren’t using them and make sure to sign out of your banking app once finished.
7. Don’t let your browser auto-save passwords or bank details
Ensure your phone’s web browser does not automatically save your bank account’s passwords, usernames, or credit card details, particularly if you are sharing your device with other people.
8. Switch off Bluetooth when you’re not using it
Attacks against improperly secured Bluetooth connections can give hackers access to sensitive information, devices and networks.
9. Avoid mobile banking when using public Wi-Fi
Where possible, avoid accessing your bank accounts from your mobile when you are connected to a public Wi-Fi network. This will help prevent possible network breaches to your phone.
10. Delete banking messages once read
Delete emails and text messages from your bank when they are no longer needed so that your bank information is not sitting in your inbox.
11. Use caution when clicking on links in emails or SMS
Don’t reply to or click the links on suspicious emails or SMS messages, to avoid falling victim to a phishing scam. If in doubt, talk to the provider directly using publicly available contact details.
12. Contact your bank if your phone is lost or stolen
If your smartphone is lost or stolen let your bank know so your account can be monitored or frozen in order to stop funds being stolen.
By considering some of the tips above, you can help to keep your money safe while continuing to enjoy the convenience of mobile banking.
About ESET Internet Security
ESET is a global internet security company, providing threat detection solutions for businesses and consumers in more than 200 countries and territories.
Cover image source: Rido (Shutterstock)