Canadians are increasing their use of banking apps and using cash less frequently for payments due to COVID-19, and the Canadian Anti-Fraud Centre warns fraudsters could take advantage of the trend.
Jeff Thomson, a senior intelligence analyst at the Canadian Anti-Fraud Centre (CAFC), confirmed in an interview that the centre has “not specifically received any reporting on frauds tied to mobile apps” yet, but that because their partners in the U.S. are seeing the problem, Canada likely will too.
“If they’re seeing this type of reporting down in the U.S., it’s not uncommon for us to start seeing it as well. With COVID-19, in general, the fraud reporting that we have, it’s really been a hit as a group effort, the U.S., the U.K., New Zealand, Australia, France, every country’s reporting on these fraud trends,” he said.
“Depending on how different countries received their reporting, they might see something before we see it.”
The Federal Bureau of Investigation recently put out a public service announcement warning U.S. citizens of fraudsters taking advantage of users who have been increasingly using mobile banking apps.
“As the public increases its use of mobile banking apps, partially due to increased time at home, the FBI anticipates cyber actors will exploit these platforms,” the June 10 announcement read.
Since the COVID-19 pandemic, in Canada overall mobile banking usage has increased to 63 per cent of Canadians from the 55 per cent reported a year ago, according to a May 2020 report from J.D. Power.
The report noted that 49 per cent of Canadians “rely heavily on online and mobile banking,” while 33 per cent define themselves as “digital-only customers who predominantly use mobile or the internet for their banking needs.”
Like the FBI, Thomson indicated it is common for people to use apps and online services more because of COVID-19.
“Think of my mother, she recently wanted to get set up on online baking because she doesn’t want to go into the bank. She’s one of those risk category people,” he said, adding that installing these banking apps are a new experience for many customers who have typically not gone digital.
The FBI announcement indicated that concerns relate to app-based banking trojans and fake banking apps.
According to a We Live Security report, banking trojan apps “hide behind a seemingly legitimate mask to gain users’ trust - be it games, handy widgets, power boosters and battery managers, video or Flash players, or even horoscope-themed apps.”
A fake banking app is an app that impersonates a real app, the report said.
“Their whole operation stands or falls on how believably they can imitate a legitimate banking application, or stand-in for a non-existent one,” it read.
Thomson said that depending on the type of fraud, when banks are aware they might not even be reported to the CAFC and may be reported to the Canadian Centre for Cyber Security instead.
“At that point, it might be related to cybercrime, when it’s a trojan that’s harvesting personal information versus an outright fraud,” he said.
Alexis Dorais-Joncas, a security intelligence expert at We Live Security, said in an interview that between Canada and the U.S., banking apps are fairly similar in terms of security.
“They’re neither good nor bad, it’s good enough that I trust the real banking application,” he said, adding that as more users turn to bank apps there will be a higher risk of running into banking trojan apps.
“It’s a linear progression. The more people try to install a banking app, the more people are likely to look at the wrong place and download the wrong application,” he said.
He added that more often than not, people end up downloading an app that looks like a free game or a utility application, but in reality, it is a banking trojan.
“That will monitor the activity on the mobile device, wait for the user to use the legitimate banking application, then steal the credentials of the user,” he said.
There is nothing you can do if you are hit with a banking trojan, because most users aren’t even aware they’ve installed it, Dorais-Joncas said.
“If a bad application is installed on your phone, well how would you know?” he said. “The first sign of [fraud] is when you realize money is leaving your bank accounts.”
He said if you want to be assured you won’t be a victim, then users must make sure not to download apps from third-party stores. He also added that most antivirus software has a mobile version that can be used to scan phones.