Adrian Tiron’s Post

To my friends who are iPhone users, especially those in London where phone thefts are a concern: I highly recommend enabling the new 'Stolen Device Protection' security feature. Set it to 'Always' to ensure your device is safeguarded. This feature is available in iOS 17.3 under: Settings > FaceID & Passcode > Stolen Device Protection.

Every 10 minutes, a mobile phone is stolen in London, placing personal and financial information at significant risk. Highlighted by a recent Financial Times article and further underscored by personal stories from neighbors, this surge in mobile thefts has prompted us to examine the security features of iOS and Android aimed at helping against device theft. We also explore a concerning attack scenario targeting the Monzo Bank mobile app, where we suspect that a 'Mechanical Turk' method may be employed for face recognition during the PIN recovery process. Could this human factor be a weak link in what should be a robust security chain? We're eager to hear your thoughts. Please share your insights in the comments below. Attention Monzo Users: We strongly recommend enabling AppLock in the App Settings to further protect your account. #mobilesecurity #mobiletheft #pentesting #applicationsecurity https://lnkd.in/eYC9jzYv

Peer-to-peer (P2P) mobile payment apps are great but are a great avenue for fraud when not secured properly. Just look at these stats! ............... --Key Stats From The Report-- Total P2P transactions are expected to reach $1.4 trillion in 2023, a 28.5% increase from 2022. [1] Transactions are expected to increase to nearly $2.3 trillion annually by 2026. P2P fraud cases at those four banks increased an estimated 24% between 2021 and 2022, to 238,777. Some 8% of all banking customers say they’ve been victimized by a P2P scam in the last 12 months. [2] The median P2P scam monetary loss was $176 per customer in 2022. [3] About one-third of all payment app users say they have little or no confidence their personal information is being kept safe from hackers or unauthorized users.  Securing these mobile apps is critical to reducing fraud and garnering customer trust. #zimperium

🚨Cybercriminals are turning your mobile into a money-laundering machine! CloudSEK reveals how shadow banking is creeping into your pocket through Android apps, recruiting everyday users as unwitting money mules. These scams disguise themselves as legit banking platforms, funneling stolen funds through unsuspecting accounts. This is a wake-up call for banking app users—and a reminder that cybersecurity needs to catch up with these evolving threats. Don't become a victim in this dangerous game of money laundering! Read more about this alarming trend - https://lnkd.in/duRfTBHN #moneylaundering #moneymules #banking #aml

New Fraud Just Dropped: Mule Herding. 👇 Your mobile device could be moving money for criminals without you even knowing about it. Here's how it works. 👉 You download an app like "PDF viewer." These apps often have fake reviews on the Google Play store and 100,000+ downloads. They are easy to download, but they take advantage of Operating System Exploits. 👉 The malicious app installs a keylogger. This helps to capture login credentials and perform an account takeover via a wallet, banking app or service. 👉 Yesterday, I gave the example of Antasa and how its request for SMS and accessibility options can be exploited to directly attack mobile banking apps. Most commonly, this simply steals users' funds. 👉 However, industry professionals have also reported criminals are using the attacked accounts to layer and place funds without the victims being aware. Doing this with 1,000s of user accounts without them being aware it was happening. The scale, and lack of control led to the term "mule herding." The consequences of this can be hugely significant for individuals. 🐟 Always pay attention to your device permissions, especially if an app asks for Accessibility options. Never download apps that aren't from companies you've heard of. Don't blindly trust an app with tens of thousands of reviews, as it may be a bootloader that will silently download a bot on your device in a future update. 🐟 All banking apps and wallets should screen user behavior to ensure the typing and other biometric behavior pattern is natural and consistent with a human instead of a bot. Often these “mule herding” apps will harvest credentials via a lookalike banking app and then replay them on the real one. 🐟 It would be a huge help if all app stores ensured malicious apps were removed and added step up security when additional device permissions were requested. #fraud #aml #moneylaundering

🔒💳 Security tip 💡: Protect your finances with Ecobank! If your card is lost or stolen, block it quickly via the mobile app or customer service. Be vigilant and monitor your accounts 👀💰 #FinancialSecurity #Ecobank #GestionDeCarte

In January 2022, a Which? Money investigation highlighted significant security weaknesses in the Monzo Bank banking app, making it the lowest-scoring app in their tests. Despite these findings, our recent research at FORTBRIDGE indicates that these vulnerabilities remain unaddressed. Our investigation found that Monzo still does not require Face ID or Touch ID by default, making it alarmingly easy for a thief to access the app if they steal an unlocked device. Additionally, Monzo's app only requires authentication every 90 days, providing a long window for unauthorized access. We demonstrated how a thief, once in possession of a stolen device, could bypass Monzo's extra security checks and retrieve the card's PIN using the app's flawed video verification method. This means a thief could easily transfer money out of the victim's account, replicating the same issues identified by Which? over two years ago. To learn more about Which?'s investigation, read this article : ➡ https://lnkd.in/e5fzekKW For more details about our findings , read the blog post here ⬇ https://lnkd.in/epqWV-hX

Banks and mobile operators collaborate on Scam Signal for detecting APP fraud “…GSMA and UK finance have joined forces to provide a collaborative framework for the UK’s mobile network operators and banks to develop and launch Scam Signal, a new system to help address Authorised Push Payment (APP) fraud in the UK…” #ScamSignal #APPfraud #Mobile Finextra #UK Informationbanker

We're pleased to announce that following the publication of our research on how thieves could steal money from the Monzo banking app, Monzo Bank has decided to take action and will be implementing new tools to better protect their clients in case their device gets stolen. In response to the vulnerabilities we highlighted, Monzo will be unveiling a series of app-based features designed to prevent criminals from raiding people's savings after stealing their mobile phones. These security control tools will be the first of their kind to be launched across mobile banking, marking a significant step forward in mobile security. Monzo's new "known locations" feature will allow customers to set specific locations, such as their home or workplace, where they must be in order to transfer money or withdraw savings over a certain limit. Using tracker technology, the bank will identify if the phone is not in one of these locations and block any attempted transactions. Additionally, customers will be able to invite a trusted friend or family member with a Monzo account to be notified before they send or withdraw money over a chosen limit. This trusted contact can then review the payment to determine if it looks safe or suspicious. Monzo will also introduce a feature that requires customers to authenticate payments by scanning a "secret" QR code sent to a different device. This will add an extra layer of security to ensure that transactions are authorized only by the account holder. These new features will be opt-in, allowing users to choose the level of security that best suits their needs. We're happy that Monzo Bank has decided to take action following our findings, and we're looking forward to testing these new security features. For more details on Monzo's new security features, read the full article here: ➡ https://lnkd.in/efjdGY-W? For more details on our initial findings, you can read our full research here: ➡ https://lnkd.in/eYC9jzYv #cybersecurity #cybersecurityawareness #monzo #bankingsecurity

UK Financial Fraud Figures: Director at Appdome on App Fraud's Rise Jack Kerr, Director at Appdome: “Fraud is a rapidly escalating issue in the UK affecting nearly all consumers and businesses, particularly in online and mobile apps, and banks must take urgent action. While freezing suspected fraud transactions for up to 72 hours is a protective measure, it also disrupts essential payments like mortgages, grocery shopping and public transport. All of which can damage customer trust and hurt the British economy.  https://lnkd.in/eYB3Um7v Chris Roeckl Tom Tovar Alan Bavosa Ananya S. Lorena Munevar Naranjo Zoe Gardner #fintech #finance #banking #paytech #payments #fintechnews #paymentsnews