A new scam just in time for Black Friday and holiday shopping.
Our mobile devices are a great way to accelerate our lives and make them easier and less hectic, especially when navigating the holiday shopping rush. Unfortunately, malicious scammers know this too and are now hijacking retail stores’ mobile applications, hoping you’ll install their fake version on your mobile device so they can steal your identity.
Apple’s App Store and Google Play are both seeing an increase in these impostor apps recently. So be aware before you download a retail app for your favorite store.
Footlocker or Footlocke? (Source: NY Times)
What type of apps should you watch for?
The counterfeiters have masqueraded as retail chains like Dollar Tree and Foot Locker, big department stores like Dillard’s and Nordstrom, online product bazaars like Zappos.com and Polyvore, and luxury-goods makers like Jimmy Choo, Christian Dior and Salvatore Ferragamo.
They appear to be legitimate retail store apps and in some cases, they fill a void left by retailers that don’t have an app at all. However, when users install these impostor apps, the criminals can steal victims’ personal information, or install Trojans that exfiltrate confidential information from smartphones and tablets.
Don’t Apple and Google check for malicious applications?
Google and Apple's algorithms work hard to keep malware out of their app stores but the process is highly automated which is the problem. These fake apps are not malicious code. The apps just are not what they say they are and that takes a human eye to ferret out. Apple and Google just don’t have enough humans overseeing new apps to keep up.
The retailers who are most vulnerable to this scam are those that haven't developed an app at all.
Dollar Tree and Dillard’s, for example, have no official iPhone apps, which made it easier to lure their customers to the fake apps.
Without another app to cause confusion or make them stop and look more closely before downloading, consumers are willingly loading credit card numbers and personal information into these impostors.
5 Tips to Protect Yourself from Falling for a Fake Retail App
- Think carefully before downloading a new app. If you aren’t confident in its legitimacy it’s better to be safe than sorry.
- Check the app’s reviews. An app with few reviews or bad reviews is big red flag.
- Got the app link in an email? DON’T click that link! Always go to the retailer’s website to get the app or download directly from the Apple App Store or Google Play.
- Less is more. Don’t overshare your information with apps. Your name, phone number and address are the only pieces of personal information that don’t have value to scammers.
- Be extremely careful if you are asked to link your credit card to any app. Is it really worth the convenience if it turns out to be an app redirecting that information to scammer?
Is your business's data and sensitive information safe? for a consultation and learn more about how our security solutions can protect you and your end users from data, email, internet and mobile security threats.