The Covid-19 has been one of the most sudden shocks that humanity has suffered in recent history. The danger of the virus, and the lack of a vaccine, have caused people to have to adapt their routines and acquire new habits to contain it. Such as the recurring hand washing, the use of a mask, the safety distance or the use of mobile applications. Either to maintain contact with those previously known as “closest”, or to pay for the purchase at the supermarket without using cash.
The “apps” to make payments or transfers available to the user are numerous; although services such as Bizum or Twyp stand out especially. Due to the importance of the information they store, it is essential to follow a series of tips that, at least, minimize the risks of the service being “hacked”. And is that one of the main objectives of cybercriminals is the theft of bank accounts.
Take care of your «apps»
The “smartphones” have become a kind of boxes that fit the user’s entire life. Also, in some cases, in a receptacle of unnecessary and malicious applications. During the first quarter of 2020, Google Play Store, the official store for devices with an Android operating system, offered 29,049 malicious applications that have infected a total of 11 million devices. This is supported in a recent study, prepared by the platform against fraud in mobile transactions Secure-D, belonging to the British cybersecurity firm Upstream.
Also, the fact that an “app” does not hide malicious code does not mean that it is exempt from being attacked. That is why it is essential to have them all in the latest version. There are three ways to attack a device. It can be with “phishing” and that the malicious code is downloaded by the user herself. There may also be a vulnerability that is only known to the attacker and allows him to enter. Also, there are public gaps, which can exist both in the applications and in the operating system. To prevent the threat from succeeding, it is essential that the device is up-to-date, “explains Eusebio Nieva, technical director of Check Point.
Beware of scams
When you download a paid app, regardless of what it is, you have to deliver incredibly valuable personal information. This is the case, for example, with the account number or mobile phone number. Data that is always of interest to cyber criminals. According to the recent study “Data Breach Investigations Report 2020”, prepared by the US telephone company Verizon, the type of virus most used in attacks during 2019 was specifically aimed at stealing passwords.
To achieve this, cyber criminals can employ various strategies. From sending emails massively impersonating companies so that the victim can share the data without further ado, to employing “malware” (computer viruses) in messages that are able to snatch that information by force. «Among the threats are very fashionable the banking Trojans that what they are looking for, directly, is to steal your bank’s credentials. They even have mechanisms at times to bypass the banks’ double-authentification mechanism, ”says the technical director of Check Point.
In the event that a user falls into a trap and cedes control of their data to a malicious third party, the attacker’s possibilities can be, in many cases, limitless. Recently the Internet Security Office reported on a “phishing” attack in which attackers attempted to steal all the victim’s personal and bank details. From your phone to your credit card number through your online banking codes.
“With the information of a paid” app “attackers could do anything; as transactions in your name. One of the most common signs that your bank account has been “hacked” is that you encounter small transactions. If they have access to your card, obviously they can do whatever they want, “explains Nieva.
The expert expresses, in turn, that the most common, in case an attacker takes this information, is to clone the card. Once this is done, you can either use it or sell it to a third party for the willing to use. “We have also seen cases like the Ginp banking Trojan, which are designed to attack credentials for services like Bizum’s,” says the technical director of Check Point.