Online banking is supposed to be convenient and secure, and most of the time, it is. Consumers have come to regard apps from their banks as trustworthy alternatives to visiting a branch. According to multiple surveys compiled by the U.S. Federal Reserve, adoption of online banking including mobile apps has been climbing steadily for years, crossing 50% uptake.
When you get unsolicited emails claiming to be from your bank, be careful as they might be attempts at getting you to download a trojan.
The popularity of online banking makes it a major target of cyberattacks. An entire class of malware known as banking trojans have long threatened bank accounts. These trojans work just like the mythological Trojan Horse, that is, by disguising their malicious nature within a seemingly harmless and even beneficial package.
Once they’re in (a la the Trojan Horse itself making it past the walls of Troy), banking trojans aim to steal sensitive information such as account logins, with the goal of then stealing funds. Let’s review a few more specific facts to know about trojans and how you can stay safe.
They’re usually spread through phishing emails and social media
When you get unsolicited emails claiming to be from your bank, be careful as they might be attempts at getting you to download a trojan. In particular, pay attention to:
- Typos, incorrect capitalization/style and garbled sender addresses.
- Phrases such as “unable to reach you by phone.”
- Exhortations to download a specific security upgrade by clicking a button/link.
Financial institutions will usually communicate important updates via mail. Plus, they update their banking apps automatically through official channels like the Apple App Store and Google Play.
They can infect almost any type of device
PCs have historically had the greatest vulnerability to banking trojans, but all major types of computing devices are at some risk. An infamous, long-running trojan known as Emotet even recently evolved to infect Internet of Things endpoints such as embedded sensors and networked appliances. It’s imperative to be mindful of security best practices for any device that’s connected to the internet.
Keep all OSes, apps and security products up-to-date
In addition to avoiding phishing scams, make sure that all of your operating systems and applications are updated to the latest available versions. Automatic updates can be configured on most platforms, or are already the default option.
Enable two-factor authentication
All major banks offer some form of two-factor authentication, which requires the entry of an additional credential beyond just your username and password. Turn this on so that even if a banking trojan somehow succeeds in stealing your login, your account will still be protected.