Every 10 minutes, a mobile phone is stolen in London, placing personal and financial information at significant risk. Highlighted by a recent Financial Times article and further underscored by personal stories from neighbors, this surge in mobile thefts has prompted us to examine the security features of iOS and Android aimed at helping against device theft. We also explore a concerning attack scenario targeting the Monzo Bank mobile app, where we suspect that a 'Mechanical Turk' method may be employed for face recognition during the PIN recovery process. Could this human factor be a weak link in what should be a robust security chain? We're eager to hear your thoughts. Please share your insights in the comments below. Attention Monzo Users: We strongly recommend enabling AppLock in the App Settings to further protect your account. #mobilesecurity #mobiletheft #pentesting #applicationsecurity https://lnkd.in/eYC9jzYv
FORTBRIDGE’s Post
More Relevant Posts
-
To my friends who are iPhone users, especially those in London where phone thefts are a concern: I highly recommend enabling the new 'Stolen Device Protection' security feature. Set it to 'Always' to ensure your device is safeguarded. This feature is available in iOS 17.3 under: Settings > FaceID & Passcode > Stolen Device Protection.
Every 10 minutes, a mobile phone is stolen in London, placing personal and financial information at significant risk. Highlighted by a recent Financial Times article and further underscored by personal stories from neighbors, this surge in mobile thefts has prompted us to examine the security features of iOS and Android aimed at helping against device theft. We also explore a concerning attack scenario targeting the Monzo Bank mobile app, where we suspect that a 'Mechanical Turk' method may be employed for face recognition during the PIN recovery process. Could this human factor be a weak link in what should be a robust security chain? We're eager to hear your thoughts. Please share your insights in the comments below. Attention Monzo Users: We strongly recommend enabling AppLock in the App Settings to further protect your account. #mobilesecurity #mobiletheft #pentesting #applicationsecurity https://lnkd.in/eYC9jzYv
Evaluating Banking Apps' Security Against Mobile Theft: A Monzo Case Study
https://fortbridge.co.uk
To view or add a comment, sign in
-
Every 10 minutes, a mobile phone is stolen in London, placing personal and financial information at significant risk. Highlighted by a recent Financial Times article and further underscored by personal stories from neighbors, this surge in mobile thefts has prompted us to examine the security features of iOS and Android aimed at helping against device theft. We also explore a concerning attack scenario targeting the Monzo Bank mobile app, where we suspect that a 'Mechanical Turk' method may be employed for face recognition during the PIN recovery process. Could this human factor be a weak link in what should be a robust security chain? We're eager to hear your thoughts. Please share your insights in the comments below. Attention Monzo Users: We strongly recommend enabling AppLock in the App Settings to further protect your account. #mobilesecurity #mobiletheft #pentesting #applicationsecurity
Evaluating Banking Apps' Security Against Mobile Theft: A Monzo Case Study
https://fortbridge.co.uk
To view or add a comment, sign in
-
Peer-to-peer (P2P) mobile payment apps are great but are a great avenue for fraud when not secured properly. Just look at these stats! ............... --Key Stats From The Report-- Total P2P transactions are expected to reach $1.4 trillion in 2023, a 28.5% increase from 2022. [1] Transactions are expected to increase to nearly $2.3 trillion annually by 2026. P2P fraud cases at those four banks increased an estimated 24% between 2021 and 2022, to 238,777. Some 8% of all banking customers say they’ve been victimized by a P2P scam in the last 12 months. [2] The median P2P scam monetary loss was $176 per customer in 2022. [3] About one-third of all payment app users say they have little or no confidence their personal information is being kept safe from hackers or unauthorized users. Securing these mobile apps is critical to reducing fraud and garnering customer trust. #zimperium
Peer-To-Peer Fraud Statistics In 2023
forbes.com
To view or add a comment, sign in
-
🔒💳 Security tip 💡: Protect your finances with Ecobank! If your card is lost or stolen, block it quickly via the mobile app or customer service. Be vigilant and monitor your accounts 👀💰 #FinancialSecurity #Ecobank #GestionDeCarte
Complete guide to blocking your Ecobank card and securing your finances
https://eng.fatshimetrie.org
To view or add a comment, sign in
-
New Fraud Just Dropped: Mule Herding. 👇 Your mobile device could be moving money for criminals without you even knowing about it. Here's how it works. 👉 You download an app like "PDF viewer." These apps often have fake reviews on the Google Play store and 100,000+ downloads. They are easy to download, but they take advantage of Operating System Exploits. 👉 The malicious app installs a keylogger. This helps to capture login credentials and perform an account takeover via a wallet, banking app or service. 👉 Yesterday, I gave the example of Antasa and how its request for SMS and accessibility options can be exploited to directly attack mobile banking apps. Most commonly, this simply steals users' funds. 👉 However, industry professionals have also reported criminals are using the attacked accounts to layer and place funds without the victims being aware. Doing this with 1,000s of user accounts without them being aware it was happening. The scale, and lack of control led to the term "mule herding." The consequences of this can be hugely significant for individuals. 🐟 Always pay attention to your device permissions, especially if an app asks for Accessibility options. Never download apps that aren't from companies you've heard of. Don't blindly trust an app with tens of thousands of reviews, as it may be a bootloader that will silently download a bot on your device in a future update. 🐟 All banking apps and wallets should screen user behavior to ensure the typing and other biometric behavior pattern is natural and consistent with a human instead of a bot. Often these “mule herding” apps will harvest credentials via a lookalike banking app and then replay them on the real one. 🐟 It would be a huge help if all app stores ensured malicious apps were removed and added step up security when additional device permissions were requested. #fraud #aml #moneylaundering
To view or add a comment, sign in
-
🚨Cybercriminals are turning your mobile into a money-laundering machine! CloudSEK reveals how shadow banking is creeping into your pocket through Android apps, recruiting everyday users as unwitting money mules. These scams disguise themselves as legit banking platforms, funneling stolen funds through unsuspecting accounts. This is a wake-up call for banking app users—and a reminder that cybersecurity needs to catch up with these evolving threats. Don't become a victim in this dangerous game of money laundering! Read more about this alarming trend - https://lnkd.in/duRfTBHN #moneylaundering #moneymules #banking #aml
Shadow Banking in Your Pocket: Exposing Android App Used by Money Mules | CloudSEK
cloudsek.com
To view or add a comment, sign in
-
In January 2022, a Which? Money investigation highlighted significant security weaknesses in the Monzo Bank banking app, making it the lowest-scoring app in their tests. Despite these findings, our recent research at FORTBRIDGE indicates that these vulnerabilities remain unaddressed. Our investigation found that Monzo still does not require Face ID or Touch ID by default, making it alarmingly easy for a thief to access the app if they steal an unlocked device. Additionally, Monzo's app only requires authentication every 90 days, providing a long window for unauthorized access. We demonstrated how a thief, once in possession of a stolen device, could bypass Monzo's extra security checks and retrieve the card's PIN using the app's flawed video verification method. This means a thief could easily transfer money out of the victim's account, replicating the same issues identified by Which? over two years ago. To learn more about Which?'s investigation, read this article : ➡ https://lnkd.in/e5fzekKW For more details about our findings , read the blog post here ⬇ https://lnkd.in/epqWV-hX
Evaluating Banking Apps' Security Against Mobile Theft: A Monzo Case Study
https://fortbridge.co.uk
To view or add a comment, sign in
-
🤨 Weak app security leaves customers vulnerable to fraud: be aware The role of mobile apps in banking transactions is escalating due to their ease of use and fast payment transfer rate. With more people using mobile banking than ever, criminals increasingly view mobile phones as a gateway to consumers’ finances. The reason is that some apps only asked for basic login information that fraudsters could easily obtain. Some banks only require credit card details stored in the app and a one-time password sent via SMS to the same phone number. 😏 How can you better protect your data? If you’re a bank customer, use 2-factor authentication or One Time Password (OTP) during account sign-in. Or schedule a consultation with Emerline experts to secure-proof your app.
To view or add a comment, sign in
-
We're pleased to announce that following the publication of our research on how thieves could steal money from the Monzo banking app, Monzo Bank has decided to take action and will be implementing new tools to better protect their clients in case their device gets stolen. In response to the vulnerabilities we highlighted, Monzo will be unveiling a series of app-based features designed to prevent criminals from raiding people's savings after stealing their mobile phones. These security control tools will be the first of their kind to be launched across mobile banking, marking a significant step forward in mobile security. Monzo's new "known locations" feature will allow customers to set specific locations, such as their home or workplace, where they must be in order to transfer money or withdraw savings over a certain limit. Using tracker technology, the bank will identify if the phone is not in one of these locations and block any attempted transactions. Additionally, customers will be able to invite a trusted friend or family member with a Monzo account to be notified before they send or withdraw money over a chosen limit. This trusted contact can then review the payment to determine if it looks safe or suspicious. Monzo will also introduce a feature that requires customers to authenticate payments by scanning a "secret" QR code sent to a different device. This will add an extra layer of security to ensure that transactions are authorized only by the account holder. These new features will be opt-in, allowing users to choose the level of security that best suits their needs. We're happy that Monzo Bank has decided to take action following our findings, and we're looking forward to testing these new security features. For more details on Monzo's new security features, read the full article here: ➡ https://lnkd.in/efjdGY-W? For more details on our initial findings, you can read our full research here: ➡ https://lnkd.in/eYC9jzYv #cybersecurity #cybersecurityawareness #monzo #bankingsecurity
Monzo launches tools to tackle phone thieves raiding savings
uk.finance.yahoo.com
To view or add a comment, sign in
-
Banks and mobile operators collaborate on Scam Signal for detecting APP fraud “…GSMA and UK finance have joined forces to provide a collaborative framework for the UK’s mobile network operators and banks to develop and launch Scam Signal, a new system to help address Authorised Push Payment (APP) fraud in the UK…” #ScamSignal #APPfraud #Mobile Finextra #UK Informationbanker
Banks and mobile operators collaborate on Scam Signal for detecting APP fraud
finextra.com
To view or add a comment, sign in
1,888 followers