Nigerian Bank Issues Fresh Warning to Customers About Mobile Apps Used to Steal Banking Details

Nigerian Bank Issues Fresh Warning to Customers About Mobile Apps Used to Steal Banking Details

  • Ecobank has issued a security advisory warning customers about fraudsters using fake mobile applications to steal banking credentials and intercept OTPs
  • The bank identified fake sports betting, streaming, banking support, and phone update apps as common disguises used by cybercriminals
  • Ecobank urged customers to download banking apps only from the Google Play Store or Apple App Store and to report all suspicious activity immediately

Ecobank has issued a security advisory urging its customers to exercise caution when downloading mobile applications, warning that cybercriminals are deploying fraudulent apps to gain unauthorised access to personal banking accounts.

The bank said fraudsters are circulating fake advertisements and pop-up prompts across social media platforms, websites, and messaging applications to lure users into installing malware-loaded apps.

Ecobank warns customers against malicious mobile apps that can steal banking details, PINs and OTPs, shares six safety tips to stay protected.
Ecobank warns fake mobile apps can trigger unauthorized bank transactions. Photo: Nurphoto
Source: Getty Images

How the Malware Works

In a message to customers seen by Legit.ng on Thursday, July 16 the bank said these applications typically masquerade as legitimate tools, including sports betting platforms, live score apps, streaming services, utility programmes, banking support tools, and phone update installers.

Read also

100 channels available: FG unveils decoder, dish prices for FreeTV, scraps subscription prices

Once a user installs one of these fraudulent applications, the malware can seize control of the device without the customer's knowledge.

The bank explained that the software is capable of harvesting banking login credentials and transaction PINs, intercepting incoming SMS messages and one-time passwords (OTPs), and executing unauthorised transactions through the customer's registered mobile banking profile all without requiring the fraudster to change the registered device.

This last point is particularly concerning, as it means account holders may not receive the usual alerts associated with a new device login, making the fraud harder to detect early.

Safety Steps Ecobank Recommends

Ecobank outlined a series of protective measures customers should adopt immediately. The bank advised that banking applications must only be downloaded through official channels, specifically the Google Play Store or Apple App Store, and that no app should ever be installed via links shared through social media, emails, websites, or messaging platforms.

Read also

Netflix set to launch 24/7 live TV channels in major challenge to DStv, GOtv

Customers were also told to treat any unexpected on-screen prompt requesting "system updates," "security verification," or similar actions with suspicion, as these are common tactics used to trick users into granting dangerous permissions.

Ecobank warns customers against installing apps from unofficial websites, emails and messaging platforms.
Ecobank warns as cybercriminals target mobile banking users. Photo: Ecobank
Source: UGC

The advisory further recommended that customers periodically audit the applications installed on their devices, removing anything unfamiliar or no longer in use. Keeping device operating systems and security software updated was also stressed as a critical line of defence.

For anyone who notices unusual account activity or a transaction they did not authorise, Ecobank directed customers to disconnect the affected device from the internet immediately, contact their bank without delay, and formally report the incident.

The bank also requested that any suspected phishing messages or spam be forwarded to its dedicated reporting address at assist@ecobank.com.

Fraudsters steal N10 billion from Nigerian Bank

Earlier, Legit.ng reported that the Federal High Court in Abuja ordered the freezing of 818 bank accounts for an additional 30 days over an alleged N10 billion cyberattack on Hope Payment Service Bank.

The accounts were identified during a police investigation into the cyber heist and are suspected to have received proceeds from the attack.

Read also

CAC announces deadline for Nigerian businesses to update letterheads, invoices

The court granted the extension to enable investigators and the bank to trace and recover funds allegedly diverted through the affected accounts following the July cyberattack.

Source: Legit.ng

Authors:
Dave Ibemere avatar

Dave Ibemere (Senior Business Editor) Dave Ibemere is a senior business editor at Legit.ng. He is a financial journalist with over a decade of experience in print and online media. He also holds a Master's degree from the University of Lagos. He is a member of the African Academy for Open-Source Investigation (AAOSI), the Nigerian Institute of Public Relations and other media think tank groups. He previously worked with The Guardian, BusinessDay, and headed the business desk at Ripples Nigeria. Email: dave.ibemere@corp.legit.ng.