Cyberthieves might use your smartphone to steal money from your bank account. In this scam, the thieves sneakily get you to download malware onto your phone, possibly by sending you a link to a free app for a card game or risqué content. The malware, known by names such as Acecard and GM Bot, has been around for years but has been adapted to specifically target banking apps on smartphones. Using the malware, thieves record credentials, such as your user name and password, when you log into your bank account. With that information, they can initiate electronic transfers from your account to other accounts they control.
You can’t necessarily rely on typical bank security measures, such as the use of a verification code that the banks send you by text, because some forms of the malware can capture that code, too. And most smartphone owners don’t use anti-malware software on their phones.
Federal law says you can get all of your money back if you notify your bank within 60 days after the fraudulent transaction appears on your bank statement. However, you also typically are required to show that you weren’t lax about safeguarding your information.
Self-defense: Don’t click on a link in a text message if you don’t recognize the sender. Download apps only from reliable sources such as financial apps on your bank’s website or other apps at Play.Google.com or iTunes.Apple.com. Also, install security software, and make sure it automatically updates. Recommended: For smartphones and tablets with Android operating systems, Malwarebytes Anti-Malware (Malwarebytes.org)…for iPhones and iPads, Avast SecureLine (Avast.com).