The Ghost in the (Portable) Machine: Securing Mobile Banking

Online banking is one of the many tasks that have been made more convenient by mobile technology. Now, users can purchase products and/or services, pay their bills and manage their finances from anywhere, and anytime. However, there are threats against mobile banking exist, which need to be addressed and secured against.

Some of these threats include:

Mobile phishing – malicious mobile websites that pass themselves off as login websites of legitimate organizations, such as banks and social networks. These are designed to trick users into entering their login information. So far, in this quarter, nearly half of all mobile phishing websites spoof financial services websites.
Malicious apps – Apps that contain malicious routines, such as stealing information from the device they’ve been installed on. These are usually found either in third-party app stores or malicious websites, and frequently passed off as legitimate apps.
Trojanized apps – Legitimate apps that have been turned into malicious apps. These are more dangerous because to the end user, they are completely indistinguishable from the real app. Because of this, the malicious app – and its routines – could be running for a long time, long before the user even suspects anything.

Figure 1. Distribution of types of mobile phishing pages in Q3 2013 to date

While banks are taking steps to reduce losses due to mobile banking, in the end users – both individuals and businesses – must take steps to protect themselves. Users should be familiar with their bank’s mobile banking procedures, in order to more easily spot things that are “off” and could indicate an attack. In general, too, good computing habits will help keep users secure.

Businesses need to understand and educate their staff about the risks related to online banking, so that the bottom line is not at risk from these threats. This may include guidelines on whether employees can/should use mobile banking from personal devices. In addition, businesses should work together with their bank to look into possible procedures and steps to reduce known risks.

For more information about mobile banking and how to secure it, we have recently released the latest edition of our Monthly Mobile Report titled Security in Mobile Banking, as well as an e-guide. These discuss the basics of mobile banking, and how they should be secured.

Post from: Trendlabs Security Intelligence Blog – by Trend Micro

The Ghost in the (Portable) Machine: Securing Mobile Banking