Authored by Ayelet Avni.

End users will always make mistakes; this the nature of being human. So let’s admit it: We are the weakest link when it comes to security. We do not always pay attention to the details — we just want to get it done and move on to the next thing.

To Err Is Human

These days, especially in the realm of mobile, we do things on the go. Sometimes we even do the important things, like listening to our children or talking to our spouse, while simultaneously doing something else. And increasingly, that something else is using mobile devices.

By doing multiple tasks at once and paying even less attention than normal, it becomes even easier to make a mistake. That could be clicking a link in an email without verifying the exact address or mindlessly entering your banking credentials on a mobile app that might not be authentic.

This lack of concentration creates a valuable — and dangerous — opportunity for fraudsters.

It is well-known that today’s cybercriminals leverage advanced technologies and have access to collaborative communities. Combine this with a victim’s unintentional mindlessness and the fraudsters basically have an open door to your data and money.

Mobile Fraud Is Escalating

Fraud attacks are creative and well-planned, and fraudsters learn quickly how to turn their targets into victims. For example, if a phishing campaign looks too obvious, then it may only fool audiences that aren’t security-literate. More informed targets require a more sophisticated campaign.

In the mobile arena, fraud attacks must be equally well-designed and provide an excellent user experience since customers are sensitive to design issues. In these cases, even a security-oriented audience may be tricked and believe that the bank is the one that asking them to reauthenticate as part of the app journey.

Fighting human nature and rejecting technology are both fruitless pursuits. Instead, the solution is to make sure banks and financial institutions implement the proper protections for online and mobile banking customers. If the user is the weakest link, it follows naturally that endpoint protection should be strong — stopping fraud at the very first stage.

Having protection on the mobile device for online banking is not a question of advantage or a great differentiator; it is essential. The trends that we see emerging and the speed at which mobile banking fraud is evolving should be a signal to us all.

Read the white paper: Accelerating growth and digital adoption with seamless identity trust

More from Banking & Finance

What’s up India? PixPirate is back and spreading via WhatsApp

8 min read - This blog post is the continuation of a previous blog regarding PixPirate malware. If you haven’t read the initial post, please take a couple of minutes to get caught up before diving into this content. PixPirate malware consists of two components: a downloader application and a droppee application, and both are custom-made and operated by the same fraudster group. Although the traditional role of a downloader is to install the droppee on the victim device, with PixPirate, the downloader also…

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today