Fake Internet banking apps invade Google Play Store

[webfact]

Fake Internet banking apps invade Google Play Store



BANGKOK, 28 March 2014 (NNT) - Thai commercial banks warn of fraudulent Internet banking applications in Google Play Store and suggest users to look at the developer’s name before downloading an application.

SCB Thailand posts a warning on its website about fake mobile applications which do not belong to real commercial banks. SCB says real applications must be developed by the developers who use official names of commercial banks. In case of SCB, the developer must be “Siam Commercial Bank PCL.” only, the bank says.

Meanwhile, KTB informs bank customers via LINE that KTB’s banking application developer is only “Krung Thai Bank PCL” and warns them not to download and install an Internet banking app they doubt.

Inspections have found that the developer named “SCIENTIFIKA MEDIA” has uploaded fake Internet banking apps disguised as legitimate apps of many banks such as KTB, BBL, SCB, Bank of Ayudhya and Thanachart Bank.


-- NNT 2014-03-28

[terminatorchiangmai]

What about not using internet banking apps at all ! You want to do Internet banking do it from your secured computer instead of your phone or I -pad.

[MoonShadow]

What about not using internet banking apps at all ! You want to do Internet banking do it from your secured computer instead of your phone or I -pad.

I agree; but why doesn't Google just stop them being uploaded?

[Keesters]

IMO banking apps should not be on google play. You should only be able to download them to a PC from your banks own website after logging into your internet banking. The app should then be transferred to the mobile by cable to your phone. Alternatively get your branch to do it for you but that would probably encounter a fee.

Sensitive apps like banking do NOT belong alongside Angry Birds.

[Glock3am]

What about not using internet banking apps at all ! You want to do Internet banking do it from your secured computer instead of your phone or I -pad.

Actually mobile banking is just as secure as PC banking (perhaps moreso) because it can only be accessed over mobile internet (not Wi-Fi), verifying that the connection comes from the phone number associated with your banking. Making it impossible to access your account from any other phone/number. (At least Kasikorn does this anyway.)

Edited March 28, 2014 by Glock3am

[HerbalEd]

What about not using internet banking apps at all ! You want to do Internet banking do it from your secured computer instead of your phone or I -pad.

Smart phones (like iPhones) and tablets (like iPads) are computers also and thus can also be secured.

[HerbalEd]

Regarding the OP's "SCB Thailand posts a warning on its website about fake mobile applications which do not belong to real commercial banks. SCB says real applications must be developed by the developers who use official names of commercial banks. In case of SCB, the developer must be “Siam Commercial Bank PCL.” only, the bank says."

This appears to be a naive or ignorant statement. An app scammer can easily forge the full name of the bank.

I avoided such problems by downloading my Bangkok Bank i-banking app from Bangkok Bank's web site.

[lucifer666]

What about not using internet banking apps at all ! You want to do Internet banking do it from your secured computer instead of your phone or I -pad.

Actually mobile banking is just as secure as PC banking (perhaps moreso) because it can only be accessed over mobile internet (not Wi-Fi), verifying that the connection comes from the phone number associated with your banking. Making it impossible to access your account from any other phone/number. (At least Kasikorn does this anyway.)

Strange, i have just logged into Krung Thai and BKK banks, using my Android over WiFi.

[OMGImInPattaya]

What about not using internet banking apps at all ! You want to do Internet banking do it from your secured computer instead of your phone or I -pad.

Maybe because some us are not so stupid as to install a SIAM COMMERCIAL BANK app from a developer named Scientifica Media, which is certainly not the first app listed on a search for Siam Commercial Bank on the Google Store and because we like the convenience of banking from our phones and tablets!

I have done virtually all my banking using apps, including paying bills, paying credit card balances, paying for online travel bookings, depositing checks, processed domestic and international money transfers, etc. all using the phone/tablet apps of my US and Thai banks for a couple years now with nary a problem.

Don't blame the technology for one's own stupidity and carelessness.

Edited March 28, 2014 by OMGImInPattaya

[OMGImInPattaya]

What about not using internet banking apps at all ! You want to do Internet banking do it from your secured computer instead of your phone or I -pad.

Actually mobile banking is just as secure as PC banking (perhaps moreso) because it can only be accessed over mobile internet (not Wi-Fi), verifying that the connection comes from the phone number associated with your banking. Making it impossible to access your account from any other phone/number. (At least Kasikorn does this anyway.)

Strange, i have just logged into Krung Thai and BKK banks, using my Android over WiFi.

Agree. What a dufus post that was...I understand now how such people can download and give up their banking credentials to bogus banking apps now. 55555 Edited March 28, 2014 by OMGImInPattaya

[Glock3am]

What about not using internet banking apps at all ! You want to do Internet banking do it from your secured computer instead of your phone or I -pad.

Actually mobile banking is just as secure as PC banking (perhaps moreso) because it can only be accessed over mobile internet (not Wi-Fi), verifying that the connection comes from the phone number associated with your banking. Making it impossible to access your account from any other phone/number. (At least Kasikorn does this anyway.)

Strange, i have just logged into Krung Thai and BKK banks, using my Android over WiFi.

Hmm, interesting. If you try it with Kasikorn's app, it tells you to connect via a mobile connection for the aforementioned verification purposes.

Agreed with the above post by OMG (at least the first one, I'm not sure if the second was directed me or not), and it should apply to any app you download really. Thoroughly check the permissions, reviews and developer's history and you won't have a problem.

Edited March 28, 2014 by Glock3am

[OMGImInPattaya]

What about not using internet banking apps at all ! You want to do Internet banking do it from your secured computer instead of your phone or I -pad.

Actually mobile banking is just as secure as PC banking (perhaps moreso) because it can only be accessed over mobile internet (not Wi-Fi), verifying that the connection comes from the phone number associated with your banking. Making it impossible to access your account from any other phone/number. (At least Kasikorn does this anyway.)

Strange, i have just logged into Krung Thai and BKK banks, using my Android over WiFi.

Hmm, interesting. If you try it with Kasikorn's app, it tells you to connect via a mobile connection for the aforementioned verification purposes.

Agreed with the above post by OMG, and it should apply to any app you download really. Thoroughly check the permissions, reviews and developer's history and you won't have a problem.

Yeah that's right...the Kasikorn "app" is not really a mobile application in the real sense. It's more like a mobile version of their website or maybe even opens up their website in the browser on your mobile device. I did download and test it but since it was basically their website with an app entrance portal and like reported doesn't work over WiFi it was at best redundant and at worst useless.

[OMGImInPattaya]

What about not using internet banking apps at all ! You want to do Internet banking do it from your secured computer instead of your phone or I -pad.

I agree; but why doesn't Google just stop them being uploaded?

To protect the non-mobile web savvy from themselves, apparently they have. I can't find the offending SCB app on the Play Store currently.

[lopburi3]

Regarding the OP's "SCB Thailand posts a warning on its website about fake mobile applications which do not belong to real commercial banks. SCB says real applications must be developed by the developers who use official names of commercial banks. In case of SCB, the developer must be “Siam Commercial Bank PCL.” only, the bank says."

This appears to be a naive or ignorant statement. An app scammer can easily forge the full name of the bank.

I avoided such problems by downloading my Bangkok Bank i-banking app from Bangkok Bank's web site.

Suspect Google would not approve in full name of bank without proof bank allowed - just as any knock-off item you change the spelling to avoid such issues. In this case suspect Google would remove as soon as it was reported as obviously intended to deceive by using same type of logo.

[bubba]

What about not using internet banking apps at all ! You want to do Internet banking do it from your secured computer instead of your phone or I -pad.

Actually, the story was about Android, and that does not include iPads. It's unlikely this will happen with an iOS device with Apple's scrutiny of apps before they are released into their App Store.

In the end, secured mobile devices are no different from secured computers. Mobile devices are just smaller. It's caveat emptor with applications for any device.

[Pib]

What about not using internet banking apps at all ! You want to do Internet banking do it from your secured computer instead of your phone or I -pad.

Actually mobile banking is just as secure as PC banking (perhaps moreso) because it can only be accessed over mobile internet (not Wi-Fi), verifying that the connection comes from the phone number associated with your banking. Making it impossible to access your account from any other phone/number. (At least Kasikorn does this anyway.)

Strange, i have just logged into Krung Thai and BKK banks, using my Android over WiFi.

Yea, I have a couple of banking apps used to access some of my U.S. bank accounts from Thailand...access via Wifi or mobile connection...in fact, I'm almost always use a Wifi connection since I'm usually using my tablet with these banking apps and my tablet is a Wifi-only device.

[Pib]

Below is a partial quote from bankrate.com with a quote from a Discover card rep regarding use of mobile banking apps and how secure they are...here's the weblink to read more. Link

Heck, almost all banks now days have mobile apps...they wouldn't be putting them out there if theey were not secure....it's a misconception that mobile devices are less secure than PCs when using banking apps.

That begs the question: How safe is it? With all the tech-savvy crooks and identity thieves lurking about, is it really a good idea to have your precious financial information floating around the airwaves or residing on a piece of gear that you could easily lose? According to a recent Javelin study, security, or the lack thereof, is the No. 1 fear among potential mobile banking customers.

The good news is that the fear is so far worse than the reality, thanks in part to the financial industry's heavy investment in security technology. Among other things, "all information transmitted between servers and the mobile device is encrypted as with regular online banking," says Steve Furman, Discover Card's director of e-business. As a result, "the likelihood (of fraud) is no greater than using your desktop browser," he says. Discover, like many banks and credit card companies, promises to cover 100 percent of a customer's mobile fraud losses. Other banking institutions, such as Bank of America, offer zero liability as long as customers report the fraudulent transaction within 60 days and have not violated other protection rules.

[Keesters]

Kasikorn's app only allows 3G connection not wi-fi. However I managed to get to my Internet banking using the phone's browser to enter internet banking exactly the same way as I do on my PC. And that was while connected to Wi-fi. So if that is possible why not the app. Or have I found a flaw in their system.

[cooked]

I am reliably informed by an internet security big timer that you should NEVER use your phone for banking. 'Whatever it seems to you: I do internet security for a living any my advice is this: do not let your smartphone near your bank account. Do not let convenience steal your money!'

[Pib]

Here's a CNN article on "Is Mobile Banking Really Safe? Link