As a growing number of smartphone owners get increasingly comfortable using their mobile devices for everything from shopping online to depositing checks, cybercriminals are finding new ways to take advantage of our growing reliance on our smartphones and tablets. Savvy scammers equipped with Photoshop & some computer programming skills are looking to get your money by luring you to phony web pages made to look like well-known mobile banking sites.
The latest of these scams has targeted JPMorgan Chase mobile bankers, leading them to fraudulent login pages built solely for the purpose of recording your sensitive login details. These cyber thieves even went as far as to set up a website name (or domain name) that looks similar to the authentic Chase mobile site.
One common phishing method uses spam emails pretending to be from a bank or other online business that ask you to “verify” your account information. Another method promises a free gift or unbelievable deal if you visit their website. Other tactics include text (SMS) phishing or “SMiShing” where users are sent a text message that claims to demand immediate attention, either for you to respond with personal information or visit a link to cancel a service. In reality, the links in these messages are actually leading users to fake sites set up to nab personal data, or download malware onto your computer or mobile device.
Once on the landing page of this fictitious mobile site, users are asked to enter their bank ID & password. After this information is submitted, you are then taken to a second page asking for your email address and email password. The second step alone should be a red flag, as your bank has no reason to request your personal email password. However, for users who enter those details, you are then led to third page that asks you to upload a scanned copy of a government issued ID. Once these three actions are completed, the unlucky customer is finally sent to a dead (end) website where you can probably now be certain that you have been the victim of a phishing scam.
After handing over this magnitude of personal information connected to a bank account, your details could be used for any number of illegal actions, especially identity theft. Don’t leave your money out in the open for cyber thieves to grab. You should always be cautious when banking mobile and follow the below steps to best protect your valuable information:
- Check the URL of the page you are visiting. Make sure that links you click on in any message lead you to where they claim. Don’t click on links or attachments in emails from websites you do not know. You could be walking right into a trap filled with malware. On most smartphones, you can hold down on a link until a popup box opens showing you the full address where the link leads. You will then be prompted to either open, copy or cancel. If the link doesn’t match up to the sender, don’t open it.
- Additionally, you should consider using a safe search tool such as McAfee® SiteAdvisor® that will prevent you from going to risky sites when you click. In addition to providing safe search functions in your online searches, on your mobile device the service also blocks risky QR codes and text messages, and warns you of potentially dangerous mobile phishing sites.
- Be cautious of emails, texts, social media messages, or chats that ask for personal information. Most banks and businesses will never message you requesting information they have no need for such as an email password. If the request seems suspicious, contact your bank first to make sure they did send you something.
- Stick to your bank’s app when mobile banking. Always conduct your mobile banking within your bank’s native application. If your bank does not offer an app, be sure to bookmark the correct URL in your mobile browser to avoid being led to a malicious website.
- Make sure to change your passwords regularly. Keeping your logins fresh makes it more difficult for hackers to get into your protected web accounts.
- Stay off public Wi-Fi connections when mobile banking. Do not access sites that require sensitive logins over a public Wi-Fi signal, like at the local coffee shop, or you could be giving up your most trusted information to cyber thieves sitting right next to you.
- Check your bank account statements frequently. Keep on the lookout for any unauthorized transactions. Contact your bank immediately if you notice anything out of the ordinary on your bank statement.
- Protect your devices with comprehensive security. Even with the best precautions, hackers might still find their way into your personal online data. You can safeguard your data, your identity and all of your devices—from your laptop to your smartphone and tablet with McAfee LiveSafe™ service.
Don’t take the bait! Stay informed about the latest mobile security threats and phishing scams. Follow @McAfeeConsumer on Twitter and like us on Facebook.