As a society, we’ve become increasingly reliant on our smartphones, laptops and tablets to perform everyday tasks, including banking[1] and online shopping. It’s no surprise that cybercriminals, always ready to follow the money, are right there with us. With this in mind, we need to be aware of the dangers in performing these tasks and how they can affect us.

An App is an App…or is it?

Rogue app stores —offering versions of popular apps that have been altered in such a way that customers can’t tell the difference — are becoming a serious threat to mobile banking. The compromised apps, once downloaded, can steal online credentials and install malware, among other unwelcome activities.

Jonathan Shiflet, cyber security manager for PNC Bank says, “These stores often look legitimate because they steal the certificates of approved app stores to fool mobile devices and security software. They lure people in by offering free versions of popular apps. It’s a case of ‘if it looks too good to be true, it probably is.”

Tips to Help Avoid Rogue Apps

  • Use a passcode to help secure your mobile device.
  • Only download apps and app updates from trusted app stores or by typing the website’s URL in your browser.
  • Don’t click on suspicious websites or open unrequested emails.
  • Monitor your device and phone bill for suspicious activity.
  • Be wary of public Wi-Fi hotspots.
  • Don’t accept apps without knowing what data they access and what actions they may take on your behalf.
  • Do not “jailbreak” or “root” your mobile device. That opens devices to extreme risk by altering the underlying system security settings.

Protecting Employees, Customers and Stakeholders

A bank can’t know everything that is on an individual’s smartphone, but PNC is taking steps to help protect employees and customers from rogue apps, such as:

  • Using an automated collection capability to identify and remove unauthorized PNC mobile apps from unapproved app stores.
  • Scanning mobile app stores for apps that reference PNC, call to PNC apps or IP addresses, or mimic legitimate PNC apps — to verify authorized use.
  • Evaluating millions of apps available on dozens of different app stores for malicious activity.
  • Collecting cyber intelligence on malicious mobile app development activity.

Fraudsters are likely to devote even more time to defeating mobile banking security measures as the popularity of these services rise, so it’s important to stay vigilant and informed.

Rogue applications are prevalent on social media. Fraudsters use social engineering tricks to fool users into giving them permission to access their social media profiles and with it, the ability to post likes to pages or profiles. Their main objective is to drive traffic to revenue-generating scams.