For starter, I have seen few Facebook post whereby a lot of cases whereby unauthorized transaction occurred from their online banking account. I am a software developer for more than 12 years now and specializing in most of the technology which include web and mobile application. Now, technology getting advance day by day and some people might use it for the bad intention.
You would saw a lot of promotion which provide you special discount or free “money” in either social media, game which required you to download an app to complete the transaction.
How to consider your phone security has been compromised?
Install Unknown Apps (Samsung) / Unknown source installations in the Setting. This setting prevent the installation of malware. If this setting is enabled, the installation can happen without your knowledge. However, it also applies to anyone who downloads apps that are not available in their region or people who download pirated versions of video games and apps. Make sure the authenticity of the apps.
Normally, when one downloads an app or an update from Google Play or App Store, the store automatically installs the application for them. Most apps on Google Play and App Store go through some form of security check before they are readily available to users. Direct downloading APKs from unofficial sources runs the risk of having malware on users’ devices.
After installing the APK (an app you download from an unofficial source, you maybe need to create an account or provide SMS permission to the app. This allow the app to read and delete SMS that you receive.
I have seen quite some news recently about how their money could have been transferred out without receiving any OTP notification.
Why?
The application already have SMS permission to read and delete SMS. They read and delete them directly without you knowing it. With this, they basically can do anything. From changing your bank account phone number to transfer all the money out from your account. (Without a trace)
Here are some suggestion to avoid becoming victim of hackers:
- Install application from unknown source with caution and don’t turn on “Unknown Source Installation” in Settings
- Check the apps in your phone regularly and delete unused app immediately
- Remember the security photo of your online banking accounts and if you don’t see the right photo, it is not the real online banking portal
- If the page ask for both your username and password in your online banking account, it is also not the real online banking portal also
- Remember to check which apps have permission to access your SMS and make sure you only allow this feature to apps you trust.