What happens when you download your bank app to carry out quick digital transactions, only instead of confirmation about your successful transaction, you end up losing your money. Or what happens when your bank messages you about a credit cardtransaction that you did not carry out, and you end up using massive amounts of money and on top of that you may even be liable to pay a hefty sum to the bank. You have no idea what happened but you are trapped by these fake apps. These fake bank apps lure you by making you download them as they look almost the same as the original one. There is no way anyone can tell the difference until you look deeply. And before you know it, you have provided the most important details of your bank account, including passwords.
 
After that, there is no stopping illegal transactions from happening. It's a loss, which you cannot stop, once it is set in motion! This is surely a massive attack, after all one can overcome Rs 100 or Rs 500 loss or even thousands, but imagine the terror when you realise a heavy amount being deducted from your bank accounts. A new survey has has now revealed shocking facts now.

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

The survey carried out by IT-security firm Sophos Labs revealed that, there are malware apps focused on targeting Indian citizens. The survey said, “We recently found 12 malicious apps that collected users’ Internet banking credentials and credit card details, some of which have been available for download for, in some cases, more than two years, and had been installed by thousands of people.”

How bank account holders were trapped 

Many of these apps have lured victims into downloading and using them by promising rewards such as cashback on purchases, free mobile data, or interest-free loans. Nobody got any rewards.

There are apps that disguised themselves as Internet banking apps or electronic wallets, appearing to mimic the names or graphic design specifications of official existing bank apps.

While some of them even claimed to provide a unique (and somewhat bizarre) service that promises to withdraw money from your accounts and then deliver the cash right to the user’s doorstep.

According to Sophos, the most outlandish and hard-to-believe-anyone-would-fall-for-this scam operated by this crew claimed that their app offered, as a premium for its most valued customers, something called “e-ATM” service.

No kidding! The shocking thing about this e-ATM service app is that it promises that you will be able to get your money at your doorstep after withdrawal from your bank ATM. What they say is that they will send a courier to an ATM and, using the credentials you provide, withdraw money (from your account) and deliver it to you!

That’s the kind of madness people are being trapped, despite the fact that both RBI and banks have continuously warned account holders to be aware of rogue apps. There are very firm guidelines by RBI which say, do not share your ATM pin or bank details with anyone even if it is your spouse, friends or family members.

That’s the importance of how crucial it is carrying you bank details.

Not only this, you would be thunderstruck, when the survey revealed that some apps had used a picture of idols like Bollywood-actor Amitabh Bachchan, or referenced Prime Minister Narendra Modi.

The survey said, “Bachchan is a huge celebrity, and Modi has had a very complicated public impact on the financial system in India, affecting most of the population directly. Both are likely to draw attention as a sort of celebrity faux-endorsement; the app capitalizes on name recognition.”

Guess what! The fake apps are not just limited to providing bank details, they even hamper your major identity Aadhaar-card number - which is currently empowering people on the margins of society and allows them access to government services.

The fake apps ask the user to provide Internet banking credentials or credit card details, ostensibly to provide services such as viewing the user’s current balance, to make bank transfers, or to receive transaction notifications.

Step by step process to dupe bank account holders

When downloaded, the app prompts the user to register using a name and a phone number. The user is then asked to link a bank account using one of the four methods:

  • ATM card and PIN
  • Net Banking (username and password for online banking)
  • Credit card
  • Aadhar card (a resident identification card) 

Now there is a fake app which is called as All India Digital ATM by Modi, which promises cash back and other rewards once the user registers an account using a credit card or his Internet banking credentials. At initial stage, these malware apps targeted only three banks namely Canara Bank, Syndicate Bank and Axis Bank.

This app alone targets seven major banks in India - State Bank of India, ICICI Bank, Indian Overseas Bank, Axis Bank, Bank of Baroda, Yes Bank and CitiBank. To add into your terror, the survey believes this app can target up to 25 other banks in India.
 
Hate to break  it to you, but you are trapped if you have downloaded the fake apps mentioned above.

How to protect yourself and spot fake bank apps

You can protect yourself, henceforth, and there are many methods to identify fake apps.

Fake apps are also called rogue apps and are illegitimate “look alikes” of banking apps with embedded malware with an intention to steal sensitive/critical data or banking credentials. These may be generally available online as freeware.

Private lender ICICI Bank has already given a guidelines in understanding rogue apps. It says on its website, “Cyber criminals are known to imitate legitimate versions of apps and embed them with mobile malware – an act called Trojanizing. These malicious apps are designed to look like real mobile banking apps.

Cybercriminals use different tricks like using the same images and icons and closely imitating the publisher’s name.”

One common way to identify is that the fake apps will never give you functionalities like the original ones. They will also not have icons of the bank but will have forged or motivating images.

There would be some apps that have mastered the word look-like. They even come with well-written legal terms usually highlighting the fact that the app may charge you too. Although, these terms would look like believing those apps, it is advisable to compare those terms with what your bank is offering, read them carefully, survey some more apps which most likely should have your banks icon. There will be some error or the other in the fake apps.

If you have downloaded the app, then you would come to arealization that it will be draining your phone battery real fast. If your battery starts running low frequently, while using these apps, then that is the sign of infection with malware or virus.

Not only this, keep a tab of your phone bill periodically. Check for suspicious activity carried in your bill like data used by a app, always remember not even WhatsApp who gathers extensive calling, messaging updates will not cost heavy data and billing. Not only this, even any bank apps will not take much of your billing. Hence, check your phone bill periodically and keep tabs on any suspicious activity.

Just in case, if you spot unusual activity in your phone or bill, then contact your mobile network provider.

One of the most tell-take signs of a fake app, is to check the applications download page for inconsistencies or misspellings. They almost never get everything correct.

How you can spot a genuine app?

Always remember to check reviews and ratings from customers who have used an application, before you make any download. In case if your bank account is in ICICI Bank, then the app will spell the publisher name as ICICI Bank Ltd only.

Take few minutes in reading the entire app description especially a bank app, after all it carries your most important details. By reading description, you can make out a difference of real or fake app. Generally fake apps will contain irrelevant description/no description about the app functionality and often described with spelling errors.

Apart from this, always check the app's permission before installing them.

What you should do if your scammed by a rogue app?

A citizen should immediately remove the device once identified. For removing the fake apps - navigate through the hosted apps on device and select the app you want to uninstall.

Once the fake app is un-installed, restart your mobile device.

After restart, your mobile should be free from fake apps threat once uninstalled.

However, it recommended that you change yourcredentials/passwords of the registered accounts (online banking/shopping credentials, device authentication, folder lock or email passwords, etc.). Because it was a fake app, the source would have a full access to your credentials even if you have un-installed. It's a cyber threat, and there are bunch of malware who would be ready to crack you down and rob you of your money.

Finally, it is advisable to buy and install a reputed mobile antivirus to minimise the possibility of having your device infected with malware, including rogueware.

Therefore, act today, have a look at the bank app you have on your mobile phone. Follow the procedures to identify whether the app is real or fake. Take a moment to finish this, if you do not want to lose your money.