Special Reports

Wema Bank warns customers over fake apps targeting banking details

In June, the bank temporarily suspended communications on its X and Telegram accounts, citing the need to protect customers from fraudulent activities and account impersonation.

Wema Bank has warned customers to be vigilant against fraudsters using fake advertisements and pop-up prompts on social media, websites, and messaging platforms to trick users into downloading malicious mobile applications capable of stealing banking information.

According to Wema Bank, once installed, the malicious applications can take control of a victim’s mobile device, steal banking credentials and transaction PINs, intercept SMS messages, and one-time passwords (OTPs).

It explained that the malicious app will also initiate unauthorised transactions through the customer’s registered mobile banking profile without requiring a device change.

“These malicious apps often disguise themselves as legitimate applications, such as sports betting, live score, streaming, utility, banking support, or phone update apps.

“Once installed, the malware can take control of a device, steal banking credentials and transaction PINs, intercept SMS and One-Time Passwords (OTPs), and initiate unauthorized transactions through the customer’s registered mobile banking profile, without requiring a device change,” the bank stated.

To reduce the risk, Wema Bank advised customers to download banking applications only from official app stores such as Google Play Store and Apple App Store.

It also urged customers not to install applications through links or pop-up advertisements on social media, websites, emails, or messaging platforms.

The bank further advised customers to be cautious of unexpected prompts requesting system updates or security verification, regularly review and remove unfamiliar applications from their devices, and keep their operating systems and security software up to date.

The bank added that customers who notice suspicious activity or unauthorized transactions should immediately disconnect their devices from the internet, contact their bank, and report the incident.

The bank also urged customers and financial institutions to report suspected phishing attempts and spam messages to their respective fraud desks or information security teams. It stressed the need for prompt reporting to help curb cyber fraud across the financial services industry.

The advisory is the latest in Wema Bank’s efforts to combat rising online fraud.

In June, the bank temporarily suspended communications on its X and Telegram accounts, citing the need to protect customers from fraudulent activities and account impersonation.