Reaching out to make sure you saw breaking news of a phishing campaign resurfacing the Android banking trojan dubbed Anubis, luring users through a fake Google Play update to gain access to mobile devices and steal sensitive financial information through hundreds of banking applications. Consumers are more vulnerable to fall victim to a phishing attack on their mobile devices, and once hackers gain access to users’ accounts, there is little that can be done to stop the hacker from accessing more information.
The resurrection of the Anubis banking Trojan is a reminder that financial institutions, especially, cannot rely upon their customers’ mobile devices being secure. Hackers count on users being more vulnerable to phishing emails on mobile devices because they’re harder to detect – for example full email addresses are not always displayed on mobile devices and therefore can’t be recognized or verified as easily and the same goes for inspecting URLs. To avoid falling victim to phishing emails on mobile devices, consumers should for the most part ignore communications from service providers that they’re not expecting, only download mobile apps from the official app stores (though malicious apps can still make their way onto those stores), avoid clicking on attachments, and turn on any multi-factor authentication features offered by providers to protect their accounts.
Financial institutions can also help consumers out by investing in in-app protection and app shielding that can make their apps and users as secure as possible in potentially hostile environments. Taking a layered approach to mobile fraud prevention including strong mobile app security, user-friendly authentication and continuous risk monitoring, can protect financial institutions and their customers against the growing threat.