In our attempt to avoid the holiday rush while securing the best deals on brands we love, it is tempting to seek out apps promising a more convenient shopping website NextAdvisoexperience – but mobile buyers BEWARE! The Washington Post reports that a recent study by researchers at RiskIQ found an estimated one in 10 apps advertising Black Friday deals was fraudulent. Big brands you trust such as FootLocker, Nordstrom, Zappos.com and Christian Dior were cited as common targets according to the Better Business Bureau of Mississippi. These apps, designed to mimic official shopping apps from well-known retail brands, install malware on the phones of unsuspecting customers once downloaded. From there, identity and credit card information can be stolen. In extreme cases, downloaded ransomware can remotely lock a user's phone until they pay up according to Washington Post tech journalist, Karen Turner.
In an age where social sharing, engagement and interaction is encouraged, we have become accustomed to communicating with unknowns out in cyberspace. In our recent blog, “Social Engineering: Bad People Tricking Good People,” we outlined how hackers intentionally use emails and apps from vendors and brands familiar to individual consumers to lower their guard and trick them into downloading malware. For instance, "spear phishing" uses an email sent to a particular person inside an organization and is tailored to appear as though it had come from a contractor, bank or other trustworthy source. Instead, such emails contain a link which, when clicked on, lead to malware that is downloaded onto the person's computer or device.
How can you protect yourself from these fraudulent apps? The best advice is simply be aware and stay vigilant. Offers for malicious apps and spoof emails often contain spelling errors and bad grammar. Also check the web address. Often, it will have the name of the familiar company in it, but it will have extraneous information in the web address. For example, instead of an email coming from firstname.lastname@example.org, it might come from email@example.com meaning they simply added the Amazon part to make it look familiar to you, but the web site it came from was really www.xyz123.com.
Jocelyn Baird, an editor at consumer safety website NextAdvisor.com, recommends downloading mobile apps from official store websites whenever possible to avoid counterfeits. “When in doubt, you can do some Web searching to verify the full name a company uses,” she said.
Consumers hold a lot of power and information at their fingertips. Mobile has transformed us all into savvy shoppers: we can be selective, research the best prices and rely on reviews to inform our buying decisions. However, we should be just as savvy about the mobile apps we use. Remember, if your gut tells you something doesn’t feel right about the purchase process, don’t download that app because your instincts are most likely guiding you in the right direction.