Warning over malicious Clubhouse invites (Includes interview)

For some, to receive a Clubhouse invite would be something special and it will be tempting to click on a link embedded in an email. The main focus of fraudulent activity has been to use words and phrases to encourage people to click on the malicious link, according to a new report. Cyber-criminals are tapping into the popularity surrounding the latest social media offering. Part talkback radio, part conference call, part Houseparty, Clubhouse is a social networking app based on audio-chat. Users can listen in to conversations, interviews and discussions between different people on various topics.

Looking at this issue from the cybersecurity perspective is OneSpan’s mobile security expert Sam Bakken.

Bakken tells Digital Journal that downloading anything comes with a high level of risk, noting: “It is important for consumers to only download mobile apps from official app stores.” In other words, do not click on email links – if you’re invited to will still be able to join via the official app.

There is a growing tendency among cyber-criminalsto connect something people want, drawing upon psychological factors designed to encourage people to take an interest. Bakken says: “Criminals are very good at taking advantage of our anticipation, so be careful not to let your guard down.”

As to what needs to be done, Bakken outlines three recommendations: “First, it’s time for all financial services apps to integrate biometric authentication.” This offers a more robust means of protection for users.

With his second recommendation, Bakken puts forwardsa low-trust approach, for users to keep in mind: “This mobile banking Trojan has SMS-grabbing capabilities and at this point I view authentication codes sent via SMS as security threat.”

Thirdly, Bakken recommends: “Banks can take additional steps to protect their users against overlay attacks and other mobile vulnerabilities with app shielding. This is an advanced mobile app security that travels with the banking app, designed to protect users against mobile banking threats similar to the Clubhouse one.”