60% rise in mobile banking Trojans attacks in SEA

Global cybersecurity company Kaspersky said its second quarter (Q2) 2021 mobile threat report for Southeast Asia (SEA) has revealed a 60 percent uptick in the number of attacks using malicious mobile banking Trojans detected and blocked in the region.

Mobile banking Trojans, also known as “bankers,” are malware created for smartphones and used by cybercriminals to steal funds directly from mobile users’ bank accounts. 

In a statement, the company said these malicious programs typically look like legitimate financial apps but when unsuspecting victims enter their security credentials to try to access their bank accounts, the attackers gain access to that private information.

“Since the beginning of 2021, Kaspersky said its products have foiled 708 incidents across six countries in Southeast Asia. The company achieved 50 percent of the total number of mobile bankers blocked in 2020 at 1,408.

“Indonesia and Vietnam had the biggest number of incidents during the first half of the year. However, Vietnam and Indonesia were not in the top 10 countries affected by this threat. Vietnam and Indonesia were ranked only 27th and 31st, respectively, as of June this year.

“The five countries with the highest number of mobile banking Trojan detections in Q2 2021 are Russia, Japan, Turkey, Germany and France,” said the statement.

According to the statement, while the number of mobile banking Trojan attacks in SEA remains low, there was a rise with 367 incidents from April to June 2021 versus 230 detections during the same period last year as the pandemic is forcing users to start using mobile payment systems.

“We are almost at the second year of the pandemic which has fast tracked the mobile payment adoption in the region at a breakneck speed. During the beginning of this health crisis, our survey already showed that majority of internet users here have shifted finance-related activities online, like shopping (64%) and banking (47%),” said Kaspersky Southeast Asia general manager Yeo Siang Tiong.

In the survey Yeo revealed that seven in 10 (69%) are worried about conducting financial transactions online and 42% of the respondents admitted to being afraid about someone accessing their financial details through their devices.

According to Kaspersky, another report titled “Making Sense of Our Place in the Digital Reputation Economy” discovered majority of 861 respondents (76%) from SEA confirmed their intent to keep their money-related data away from the internet. The sentiment is highest among Baby Boomers (85%), followed by Gen X (81%), and Millennials (75%).

“Clearly, there is an awareness about the threats present when we do banking and payment transactions through our mobile phones. But there is still a gap between knowing and acting on it. So to help users from SEA embrace the power of their smartphone and also keep their finances safe, we suggest some practical tips but also encourage everyone to please look into using security solutions as a safety net in case they accidentally clicked a malicious link or downloaded a rouge mobile banking application,” added Yeo.

The statement provided some practical useful tips for online financial safety:

Get a temporary credit card

Use a temporary credit card to make online purchases, instead of the regular credit card. This way, it will limit card users risk as hackers only get access to this temporary one-time card number during the online purchase process but the information in regular card is not exposed as it was not used for online purchase. If temporary credit card is not possible, an alternative is to use a credit card with low credit limit.

Dedicate one computer for online banking and shopping.

For added security for safe online shopping, install Google Chrome with forced HTTPS. This ensures only secure websites are safe to visit.

Use a dedicated email address

Create an email address for online shopping only. This will severely limit the amount of spam messages received and significantly reduce the risk of opening potentially malicious emails that are disguised as sales promotions or other notifications.

Manage and protect online password

Use unique and complex passwords, and use a different password for each online account for safe online shopping to prevent hackers from accessing multiple accounts using the same login information.

Install a virtual private network (VPN)

A VPN will encrypt all data that is transferred between computer or mobile device and the VPN server, preventing hackers from hijacking and viewing any sensitive input data.