»Security Hints & Tips«
Who is that email really from?
How Do I Spot a Fake?
Does this sound like a typical communication?
- Pay attention to the context of the email. Look for spelling errors, grammar errors, and odd sentence structure.
- Are you being asked to review unfamiliar policies or procedures? If you are being asked to download an attachment or click a link to review something that you have never heard of, think twice before you click.
- Are you being asked to do something that wouldn't typically be addressed via email? Beware of email containing an attachment for your "paid bonus" or any other matter that seems out of the ordinary for email communication.
Who sent the email?
- Does the sender's email address appear to be from an unfamiliar domain or a third-party company? Ensure the email address is from the correct domain name. Hover over the email address and check for correct spelling of the company name you are used to dealing with. Spoofed emails can be as tricky and one letter difference.
- Does the email signature make sense? Ensure the signature in the body of the email matches the name and job title of the sender. Some phishing scam emails have unusual, or inaccurate job titles in the email signature- or have no signature at all.
When in doubt, always pick up the phone and call to confirm the email is safe and legitimate. They'll be thankful you used your resources, rather than putting your company, organizations, or self at risk!
Online & Mobile Banking Safety Tips
1. Create a Stong Password
Use strong passwords to protect your personal information. Passwords should be long - the longer, the better - so hackers have a hard time using code-breaking software to crack it. Strong passwords should contain a random mix of letters, numbers, and special symbols. They should us a mix of capital and lowercase letters, and they should not contain any personal information or word's you can find in the dictionary.
2. Avoid Using Public WiFi
Another important mobile banking security tip is to be very cautious about using public WiFi. If you must use it, try to use a secured network whenever possible that requires a password to sign in. If a secured network is unavailable, the next best thing is an unsecured network that requires login information of some sort. Whenever you're using public WiFi, do not access your bank account or any other sensitive personal information. You could be jeopardizing the security of those credentials.
3. Use Your Bank's Official App
Download your bank's official app versus logging in via your browser. When you do so, be on the lookout for possible fakes. Pay attention to the developer of the app, and also look to see if there are any other apps with the same or similar names. If possible, download the app directly from your bank's website. Otherwise, use a reliable app store.
4. Don't Save Login Information in Your Browser
Some web browsers give you the option to save your username and password within the browser - never do this for your online and mobile banking. If your phone is ever lost or stolen, this could make it easy for hackers to access your bank account.
5. Use Activity Monitoring
You bank may offer you the ability to sign up for alerts for all sort of account activities. Activities such as mobile deposits, withdrawals, debit card transactions and account transfers. This type of activity monitoring or user activity tracking can also boost security.
6. Beware of "Phishy" Links
Phishing scams are one of the most common forms of cyber fraud. They work by tricking individuals into giving away private information. For example, scammers might send an email that looks like it's from the bank or a business you have recently had contact with. These emails might include a link, once clicked upon, will install a virus on your device that can gather personal data.
7. Always Log Out
When you're done using your internet banking or mobile app, be sure to log out to protect your information. Luckily, many banking apps will do this for you automatically. That said, you also may want to log out of any app that may contain personal information, such as email, social media, or mobile wallet, when you are done using them. If your phone got lost or stolen, you'd want to make it as difficult as possible for criminals to access the information.
GodFather malware hijacks banking apps on Android devices
Security researchers at Zimperium zLabs, a mobile security software provider, have uncovered a sophisticated evolution of the "GodFather" banking malware, which employs an advanced on-device virtualization technique to hijack legitimate mobile applications, with a significant focus on banking and cryptocurrency apps.
This malware is substantially more dangerous than many existing mobile device threats, according to the zLabs analysis, because it exploits and controls legitimate banking apps rather than spoofing them.
Which banking and crypto apps are being targeted
While the researchers did not publish the complete list of targeted applications, they said that, in the U.S., the malware targets "nearly every major national bank," according to the analysis, as well as "prominent investment and brokerage firms" and "popular peer-to-peer payment apps."
The research group said it also targets major financial institutions across Europe, especially in Turkey.
For U.S. banks and credit unions, the emergence of advanced malware like GodFather underscores the importance of robust mobile security strategies. While the newest attack found by zLabs impacts the Android operating system, the evolving threat landscape and regulatory shifts that could open up platforms traditionally considered more "closed" may introduce new attack vectors.
What is GodFather malware and why is it dangerous?
The GodFather malware operates by installing a malicious "host" application on a victim's device that contains a virtualization framework. This host then downloads and runs a copy of the actual targeted banking or cryptocurrency application within its controlled sandbox environment.