School of Information Systems

Mobile Cybercrime

Whenever you investigate your e-mail, you are likely to see malicious messages intended to trick you into giving away sensitive information such as your bank account number or login credentials or install malicious software on your computer. In many cases, sophisticated spam filters recognize the malicious intent, automatically route such messages into a spam folder, and disable hyperlinks to malicious web- sites, thus protecting the user. In other cases, there are telltale signs that signal something fishy: for example, phishing messages mimicking that of a bank may contain multiple spelling or grammatical errors, hyperlinks pointing to non-bank domains, or missing name or account numbers. 

However, other types of malicious software may be more difficult to detect, especially with mobile devices now being ubiquitous. Mobile users who install apps from untrusted sources (i.e., outside of trusted app stores that per- form various security scans on listed apps) risk installing mobile malware. In 2016, security researchers at the Slovakian IT security company ESET discovered a type of mobile malware that was primarily targeted at Australian online banking users. The software was designed to trick users into giving away login credentials by presenting a fake login screen when the user opened the online banking application, the login credentials would then be sent to the criminals. What made this malware particularly dangerous was the fact that it was designed to circumvent two-factor authentication systems (where the user receives an SmS with a one-time code when accessing a legitimate banking app) the malware intercepted the SmS and automatically forwarded the one-time code to the criminals, potentially allowing them to access the victim’s account.In addition to targeting the apps of the largest banks in Australia, banking apps from New Zealand and Turkey were targeted as well. Further, the software could also provide fake login screens for other popular apps, including PayPal, Skype, eBay, and WhatsApp, thus putting potentially millions of users at risk. Thus, as a mobile user, you are not immune from security issues; one of the most basic ways to protect yourself is to install apps only from trusted sources. 

Based on: Taha, m. (2016, march 10). Android bank app users targeted in sophisticated cybercrime attack. ABC Online. Retrieved march 22, 2016, from http://www.abc.net.au/news/2016-03-10/cybercriminals-target-millions-of-bank-app-users/7237220 

Fifi Sarasevia