The FBI reported a 50% surge in mobile banking since the beginning of 2020, likely due to stay-at-home orders, and issued a public service announcement cautioning users on the potential for increased risk of cyber fraud as a result.
App-based banking trojans and fake banking applications were among the variety of techniques the FBI said it expects cyber actors to employ. U.S. security research organizations report that in 2018, nearly 65,000 fake apps were detected on major app stores, making it one of the fastest-growing sectors of smartphone-based fraud, the FBI said.
According to Adam Chaudhary, president of FundingShield, there are two key points that drive risk in terms of digital mortgage and title fraud that make companies and consumers high-value targets: Whenever there is an exchange of data (especially sensitive data) and whenever funds are being transacted.
Within the first two weeks of America’s recent work-from-home environment, FundingShield cited a 62% increase in wire instruction errors, documentation errors, perpetuated fraud attempts, phishing attempts, and requests to fund unauthorized third-party accounts or unrelated accounts to wire instruction.
“So when you think about the risk from work from home, you’re creating more reliance on the systems and processes,” Chaudhary said. “But if employees are accessing the network from a Starbucks, or from an unsecured house network, or their Wi-Fi router does not have a very strong encryption on it – now their neighbor or somebody gets on to their router into their network, there is potential for leakage of data.”
With inventory remaining low and competition high, new homebuyers may feel pressure to close quickly on homes and may not take as many preventative measures as they wire money, said Thomas Cronkright, CEO of Sun Title Agency.
With mortgages being the largest recurring wire transfer, being proactive and educated is the most effective measure companies and consumers can take in combating fraud, Chaudhary said.
The FBI recommends several efforts to protect sensitive information, including two-factor or multi-factor authentication on accounts via biometrics, hardware tokens, or authentication apps. They also recommend being aware of the location of Personal identifiable Information (PII) and only sharing the most necessary information with financial institutions.
Strong passwords are also recommended, and the FBI encourages anyone that encounters a suspicious app, website, email or text to report and verify it with the bank or financial institution it is trying to mimic.
“All of us can have a cybersecurity policy, just like all of us have an insurance policy on our car,” Chaudhary said.”But that doesn’t mean we don’t take precautionary measures. It doesn’t mean you don’t put your seatbelt on. When you change lanes it doesn’t mean you don’t check the mirrors. Insurance is only good if you create policies, procedures and behavior that your insurance can protect. Otherwise, you’ve left yourself wide open to attacks.”