Infosec Cloud
Solutions. Services. Training.

The 'chat' from the cloud

Keep up-to-date with the latest trends, hints and tips on cloud-based security

Watch Out For Fake Retail Apps!

Date: Nov 15, 2016

Category: Blog

Warn your employees, friends and family…

The New York Times has warned about a new kind of ID theft: App ID Theft just in time to deceive holiday shoppers.

Apple’s App Store is full of fake impostor apps and Google Play is having the same problem.

The counterfeiters masquerade as retail chains, big department stores, online shops and luxury-goods makers. There are fake Jimmy Choo, Christian Dior and Salvatore Ferragamo apps.

They appear to be legitimate retail apps — in some cases, they fill a void left by retailers that don’t have apps — but when users install them, the cyber criminals can steal victims’ personal information, or install Trojans that exfiltrate confidential information from smartphones and tablets.

Why is this happening?

Google and Apple’s algorithms to keep malware out of the app store are highly automated, and that is where the problem lies. These apps don’t have malicious code. They can only be checked manually.

Apple and Google simply cannot keep up.

Consumers initially rejected store-specific apps because there was no real value. Now, like the Starbucks app, these apps have become gift cards with benefits and people love them. So, what changed is “digital stored value” that make apps like debit/credit cards. Other retailers are racing to copy them.

The retailers who are most exposed are the ones with no app at all as this makes it easier to lure their customers to the fake apps. Consumers are willingly loading credit cards into these apps, which really opens the door for the scam artists.

Here are 5 things to keep in mind:

1. Be very judicious in deciding which apps to download. Better safe than sorry.
2. If you do decide to download an app, first check the reviews – apps with few reviews or bad reviews are a big Red Flag.
3. Never click on a link in any email to download a new app. Only go to the website of the retailer to get a link to the legitimate app on the AppStore  or Google Play.
4. Give as little information as possible if you decide to use an app.
5. Be very, very reluctant to link your credit card to any app!

There is more information about this in the New York Times:

Don’t delay: Protect your employees and your organisation today – enrol your IT End Users on Security Awareness Training & Testing >>

Comments are closed.

  • Employee GDPR Awareness Training

  •  Identity-as-a-Service (IDaaS) solution

  • Tokenless Strong Authentication (MFA)

  • Next Gen Endpoint Security

  • Enquiry LinkedIn Spiceworks