More Mobile Banking Means More Mobile Bank Fraud

Here’s how you can protect yourself.

A few weeks ago Carrie received a disturbing phone call. A man who sounded professional and utterly reasonable explained in a calm voice that he wanted to help protect Carrie’s bank account from fraudulent activity.

“Hi Carrie, my name is William and I work in the fraud department at Umpqua Bank,” he said. “Have you given your online information to anyone in Texas recently?”

“No, I don’t think so,” Carrie said.

“Well, we have reason to believe someone has stolen your bank account information and is using your account in Texas. I can help protect your account. We should start by resetting your password. I’m going to send you a text in a minute. When you receive the text, just tell me code and I’ll help you reset your account.”

For a brief moment, Carrie thought she was being helped by a fellow Umpqua associate. The moment she received the text, she snapped out of it and realized what was happening.

“I was a little shocked I didn’t pick up on it right away,” said Carrie. “But he was so sincere. And it really seemed like he was trying to protect me.”

Fraud is on The Rise

According to a recent public service announcement from the FBI, US financial data shows a 50 percent surge in mobile banking since the start of the pandemic. As city and state governments encourage social distancing, more people are turning to mobile banking as an alternative to standing in lines at their local bank. With so many new and older Americans turning to mobile banking for the first time, cybercriminals are attempting to exploit their naiveté with a variety of scams including app-based banking trojans and fake banking apps.

Beware App-Based Banking Trojans

What is a trojan? The name itself comes from comes from the classic Trojan horse ploy where ancient Greeks conquered Troy by hiding elite soldiers inside a giant wooden horse given to the city as a gift. Similarly, a ‘banking trojan’ disguises itself as a legitimate bank app in an attempt to fool users into a sense of complacency. Bank trojans are often designed to steal sensitive information like login credentials and account numbers. A typical banking trojan creates a false version of a bank’s login page and overlays it on top of the official app. Once the user enters their login information, the trojan page passes the user onto the legitimate page so the user doesn’t realize their information has been compromised.

Beware Fake Banking Apps

Cyber criminals also create fake apps to impersonate legitimate financial institutions in an attempt to get people to enter their credentials. The apps typically send the user an error message after an attempted login and then use smartphone codes to try and avoid legitimate security requests. According to security reports, there were 65,000 fake apps found in app stores in 2018 and that number is certain to grow as the pandemic drags on. 

How To Protect Yourself

There are many ways you can protect yourself against banking trojans, fake apps and other forms of mobile fraud. The easiest thing to do if you receive an odd phone call, or if your Umpqua app looks suspicious, is to call us immediately.

“The most important thing to remember is no one from Umpqua Bank will ever call out of the blue and ask you for any personal information,” said Erica De La Zerda, VP, Fraud Manager. “The moment someone calls and asks for personal information, including a text security code, hang up and call the bank to talk to a real Umpqua associate or login to Go-To and chat with your trusted Umpqua advisor.

Use Two-Factor Authentication

The FBI recommends users should adopt two-factor identification in larger numbers to guard against fraud. Most people find it an inconvenience to use two different ways of identifying themselves, but cybersecurity experts believe two-factor identification is one of the best ways to keep your information secure. Remember to:

• Enable two-factor authentication and use biometrics, hardware tokens or authentication apps whenever possible.
• Never give two-factor passcodes to anyone over the phone or text as financial institutions will never ask for these passcodes.

Create Strong Passwords

So many of us use the same passwords on multiple sites and store our passwords on our phone’s notepad. It’s is a recipe for disaster. The FBI recommends creating strong, unique passwords to protect your financial information. In fact, the latest recommendation from the National Institute of Standards and Technology’s is to use passwords that contain a variety of capital letters and symbols that are at least 15 characters long. 15 characters can be hard to remember so consider using an app like 1Password to help manage your passwords and protect against fraud.