Our mobile devices are a great way to accelerate our lives and make them easier and less hectic, especially when navigating the holiday shopping rush. Unfortunately, malicious scammers know this too and are now hijacking retail stores’ mobile applications, hoping you’ll install their fake version on your mobile device so they can steal your identity.
Apple’s App Store and Google Play are both seeing an increase in these impostor apps recently. So be aware before you download a retail app for your favorite store.
Footlocker or Footlocke? (Source: NY Times)
The counterfeiters have masqueraded as retail chains like Dollar Tree and Foot Locker, big department stores like Dillard’s and Nordstrom, online product bazaars like Zappos.com and Polyvore, and luxury-goods makers like Jimmy Choo, Christian Dior and Salvatore Ferragamo.
They appear to be legitimate retail store apps and in some cases, they fill a void left by retailers that don’t have an app at all. However, when users install these impostor apps, the criminals can steal victims’ personal information, or install Trojans that exfiltrate confidential information from smartphones and tablets.
Google and Apple's algorithms work hard to keep malware out of their app stores but the process is highly automated which is the problem. These fake apps are not malicious code. The apps just are not what they say they are and that takes a human eye to ferret out. Apple and Google just don’t have enough humans overseeing new apps to keep up.
The retailers who are most vulnerable to this scam are those that haven't developed an app at all.
Dollar Tree and Dillard’s, for example, have no official iPhone apps, which made it easier to lure their customers to the fake apps.
Without another app to cause confusion or make them stop and look more closely before downloading, consumers are willingly loading credit card numbers and personal information into these impostors.
Is your business's data and sensitive information safe?