It is the season for snow (somewhere), Santa (if you believe in him) and presents (if you've been good). It is usually a time spent with family, friends and in malls searching for the perfect gift. As the holiday season gets more and more commercialized and shopping centers everywhere are heaving with bodies, people have begun to utilize the technological devices in the palm of their hands. Staying at home and making their purchases through their mobile devices and laptops via mobile apps, consumers these days no longer need to enter the warzone that is the mall parking lot. Now, they can do all their shopping and purchases right from the comfort of their own homes.
This comfort is a bit of a double-edged sword. Technological advancements have made it possible for people to actually enjoy the Christmas season without having to engage in a battle for a Tickle Me Elmo. However, the widespread use of such technology makes them a target for cybercriminals waiting to exploit their online vulnerabilities. Consumers need to be vigilant to decrease the risk that they are exposed to when it comes to app use.
Hi-tech criminals are now capitalizing on the popularity of m-commerce (mobile commerce) and have been actively creating and releasing fake apps all in an attempt to attract unwitting victims. Cybercriminals have been known to create nearly identical duplicates of popular apps. To sweeten the pot, these fake apps will often be discounted. To get more eyeballs to their nefarious apps, criminals will usually invest in marketing for the app. Once the unsuspecting user has downloaded the app, they will then be pestered to enter credit card info. And that’s when the real headache begins.
But how do the criminals gain access in the first place? How are they doing all this? While it is true that criminals can create fake apps they can also breach the online databases of various merchants. They will then takeover the account. Doing so bypasses the need to create a brand new app, instead they go after a reservoir of active customers. Once the criminals gain access to the merchant customer accounts they basically have free reign over all the information contained within: social security numbers, mailing and shipping addresses, credit card and financial information, and the like.
Another popular tactic is the recycling of passwords. Say a hacker was able to gather the password of a customer for a certain e-commerce site. They know that the average user will not likely change their password from site to site. Therefore they will just try to access the users accounts using the same password. Sometimes it works, sometimes it doesn’t. But for the attacker it doesn’t matter because for them it is a game of odds, and they have all the time in the world. Consumers should do themselves a favor and change their passwords on different apps and websites, and do it often.
Besides the logical password change there are a handful of ways a common user can decrease the odds of begin hacked, breached or taken advantage of online. The first has to deal with our societies fascination with social media. Should users beware what they post on there? Who knows what kind of information cybercriminals are gathering and what kind of leverage they are building against these unwitting users.
As previously mentioned, careful of fake retail mobile apps. Watch out for the telltale signs of fake apps which include ridiculously priced deals, nag requests to input personal or financial data and unprofessional mistakes (which include spelling, grammar and design errors).
Yes, it is the season of spending, but keeping track of financial statements should be a year-round practice. Users should look out for unknown charges and should notify their bank or credit card company the instance a suspicious purchase was authorized.
While it is tempting to jump all over that holiday deal, users should be purchasing items when they are in a calm, cool and collected state. Excitement and adrenaline often makes a person overlook the fact that they may be conducting business in a site or an app of questionable reliability. Remember that it only takes one mistake for attackers to exploit an unsuspecting victim.
While the fake app warnings for the Christmas season are customer-centric, mobile app developers and business owners should also take heed and take care that their business do not suffer due to the presence of fake mobile apps. Undoubtedly, upon hearing this many will point fingers at the liberal Android system. This is justified because Android’s lax standards and guidelines have led to the development and release of many fake apps. However, more and more industry experts are seeing a similar trend in iPhone and iPad apps.
Counterfeiters will pose as a well-known retail chain such as Foot Locker or an online powerhouse like Zappos. They will then release one or multiple mobiel apps which are meant to attract uninformed consumers. Their mobile apps will have the same look and feel as the legitimate corporate app. However, the fake app is meant to do one thing and that is to extract as much personal and financial data from a user.
These fake apps have the very real potential to tarnish and even damage the reputation of entire companies. That’s why security and industry experts caution companies to take a more active role in monitoring how their brand is being used. For the longest time Apple has been seen as a safe haven for online users, however in the mobile app world this safety is only perceived because Apple only blocks malicious software and does not go through their submitted apps through as fine a comb as everyone would like to think.
Things are doubly worse for companies who don’t even have an app in the store. While users can see the real mobile app along with the fake apps in the store listings, there is no such point of comparison for app-less companies. Users trying to find an app for these companies online have nothing to contrast but the fake apps that do exist.
Apple spokesman, Tom Neumayr, said: “We’ve set up ways for customers and developers to flag fraudulent or suspicious apps, which we promptly investigate to ensure the App Store is safe and secure. For the last couple of years Apple has tried to diligently remove or delete any apps that they deem a threat or are no longer function. But the shear amount of fake apps coming out of China is simply too much for the folks over at Apple to handle".
In a way, criminals can almost be thought of “dark marketers”. They look at the trends and at what people are generally purchasing. They twill the create a mobile app or exploit to take advantage of this inclination. They are crafting a trap based on the emotions and behaviors of consumers. Unfortunately, this has proven to be a highly effective tactic which can only be hedged by vigilance and diligence.