Agency for Regulation and Development of the Financial Market of the Republic of Kazakhstan issues guidance to prevent mobile device fraud targeting online banking data

The Agency for Regulation and Development of the Financial Market of the Republic of Kazakhstan published consumer guidance warning that fraudsters increasingly use citizens’ mobile devices to gain access to financial information and steal funds and personal data. The note describes attacks via malicious apps, fake links and messages aimed at obtaining online banking access, CVV codes, logins, passwords and other confidential data. Recommended measures include installing and updating antivirus software, downloading apps only from official stores, checking and limiting app permissions (including access to contacts, SMS, microphone and screen), avoiding suspicious links in emails, messengers and push notifications, and using strong unique passwords and password managers. The agency also advises not storing bank card photos, passwords or an electronic signature on the phone, enabling screen lock, biometric protection and remote wipe, keeping operating systems and apps updated, monitoring transactions via bank notifications, setting transaction limits, using biometrics for banking app login, and not disclosing codes or passwords even to callers claiming to be from banks or law enforcement; it also outlines steps if a device is lost or compromise is suspected, including blocking cards, changing passwords, terminating online-banking sessions, contacting law enforcement and, if needed, blocking the SIM via the mobile operator.