Online payment transactions: With the rise in a digital transaction in India, there has been a geometric progression in online banking frauds as well. This progression has provided a challenge to Security issues like risky consumer behaviour, unsecured Wi-Fi networks, mobile malware, third-party apps, banking and consumer security threats. During the lockdown, we came across a new OTP-based cybersecurity challenge in the form of EventBot — an Android banking Trojan that has targeted more than 200 different financial applications like PayPal, Coinbase, Barclays, Santander UK, HSBC UK, etc.
Speaking on the EVEntBot Android trojan; Ajay Kaushik, CEO at Panacea Infosec said, “It takes advantage of Android’s accessibility feature to access and steal valuable users’ information and system information. It is so sophisticated that it can also intercept SMS messages and bypass two-factor authentication mechanism. This Trojan has impacted countries like US, UK, Spain, Italy, Switzerland, France, Germany, Ireland, India, Austria, Australia, and Poland.”
Warning online payment platform users to ensure safety from this OTP-based EventBot trojan Kaushik said, “Ensuring mobile communications over secured Wi-Fi only and avoiding any transactions via mobile apps in an unsecured Wi-Fi. In any urgency or unavoidable situation use a trusted Virtual Private Network (VPN) with appropriate strong cryptographic algorithms while using unsecured Wi-Fi networks.” Kaushik said that for best protection, use automatic updations/upgradation of your mobile hardware and software. If it is not possible, update your hardware and software regularly as it is easy to exploit and eventually compromise older systems as crooks can take advantage of non-patched security weaknesses. It is always recommended to use commercial version of antivirus software on your mobile devices.
On how to ensure safety from online phishing while using payment apps Kaushik said, “Payment apps should have multi-factor authentication and multi-level data encryption and always use a browser approved by the device manufacturer and keep its security features updated. Regular scanning of all apps, alertness towards new happenings and awareness about the malpractices can save your interests and you can do hassle-free mobile banking.”