Millions of people use their smartphones to check credit union accounts, bank accounts and other financial accounts. They are convenient, of course, and they have some terrific uses.

But be careful before you enter your credit union account password into a mobile phone app – especially if you aren’t 100% sure of the application’s source.

The reason: A growing industry of sophisticated criminals are exploiting cellphone applications to capture passwords or to infect cellphones with spyware designed to route phone calls or texts to overseas premium numbers that bill cellphone carriers $1 to $15 for every transmission.

In one case, criminals lured thousands of children into downloading fake cellphone game applications. Those apps were rigged to generate a $15 charge, billed to parents’ cellphone bills or credit cards – every time the game was opened.

This particular scam was centered in the UK and Europe. But there have been attempts closer to home as well. In fact, the directors of the Thrift Savings Program – a popular defined contribution benefit plan for federal employees and military members – recently posted an alert on its website:

There are a number of mobile applications that reference the Thrift Savings Plan and may prompt you for your TSP account credentials. These applications are not sponsored by the TSP. The TSP cannot endorse any information or advice provided by third-party applications. More important, providing your TSP account credentials to third-party applications may jeopardize the security of your account.

How You Can Protect Yourself

  • Don’t let children use your mobile device unsupervised.
  • Set up password permissions on your computer, your phone and your child’s phone to prevent them from downloading applications without your knowledge.
  • Download cellphone apps only from trusted, reliable sources. For example, application stores make a concerted effort to screen new apps for spyware, malware and other scams. Use these established manufacturer web sites, or download apps directly from your financial institution’s webpage.
  • Don’t click on links within email messages. They frequently direct your browser to fake “spoof” websites designed to fool you into downloading apps or keying in confidential information.

Don’t give out passwords over the phone. Legitimate financial institutions will not call you and ask you to give out your password or PIN number. Always call back, and get the number from a trusted source.