When Apps Go Rogue
Stay alert! Help protect your mobile devices from malicious apps.
As a society, we’ve become increasingly reliant on our smartphones, laptops and tablets to perform everyday tasks, including banking and online shopping. It’s no surprise that cybercriminals, always ready to follow the money, are right there with us. With this in mind, we need to be aware of the dangers in performing these tasks and how they can affect us.
An App is an App…or is it?
Rogue app stores —offering versions of popular apps that have been altered in such a way that customers can’t tell the difference — are becoming a serious threat to mobile banking. The compromised apps, once downloaded, can steal online credentials and install malware, among other unwelcome activities.
Jonathan Shiflet, cyber security manager for PNC Bank says, “These stores often look legitimate because they steal the certificates of approved app stores to fool mobile devices and security software. They lure people in by offering free versions of popular apps. It’s a case of ‘if it looks too good to be true, it probably is.”
Tips to Help Avoid Rogue Apps
- Use a passcode to help secure your mobile device.
- Only download apps and app updates from trusted app stores or by typing the website’s URL in your browser.
- Don’t click on suspicious websites or open unrequested emails.
- Monitor your device and phone bill for suspicious activity.
- Be wary of public Wi-Fi hotspots.
- Don’t accept apps without knowing what data they access and what actions they may take on your behalf.
- Do not “jailbreak” or “root” your mobile device. That opens devices to extreme risk by altering the underlying system security settings.
Protecting Employees, Customers and Stakeholders
A bank can’t know everything that is on an individual’s smartphone, but PNC is taking steps to help protect employees and customers from rogue apps, such as:
- Using an automated collection capability to identify and remove unauthorized PNC mobile apps from unapproved app stores.
- Scanning mobile app stores for apps that reference PNC, call to PNC apps or IP addresses, or mimic legitimate PNC apps — to verify authorized use.
- Evaluating millions of apps available on dozens of different app stores for malicious activity.
- Collecting cyber intelligence on malicious mobile app development activity.
Fraudsters are likely to devote even more time to defeating mobile banking security measures as the popularity of these services rise, so it’s important to stay vigilant and informed.
Learn more about how PNC can help prevent, detect and respond to fraud »
Jonathan Shiflet is a cyber security manager on PNC Bank’s threat analysis team
PNC Point of View
Real People. Real Perspective. Real Insights. »
Important Legal Disclosures & Information
1. A supported mobile device is needed to use Mobile Banking. Standard message and data rates may apply.
These articles are for general information purposes only and are not intended to provide legal, tax, accounting or financial advice. PNC urges its customers to do independent research and to consult with financial and legal professionals before making any financial decisions.
This site may provide reference to Internet sites as a convenience to our readers. While PNC endeavors to provide resources that are reputable and safe, we cannot be held responsible for the information, products or services obtained on such sites and will not be liable for any damages arising from your access to such sites. The content, accuracy, opinions expressed and links provided by these resources are not investigated, verified, monitored or endorsed by PNC.