Scam Of The Week: Watch Out For Fake Apps



Fake Apps On AppStore

The shoe retailer Foot Locker Inc. has three iPhone apps. But that did not stop an entity calling itself Footlocke Sports Co., Ltd. from offering 16 shoe and clothing apps in the App Store.

The New York Times warned about a new kind of ID theft: App ID Theft just in time to deceive holiday shoppers. It's something you need to alert your employees, friends and family about because it can be damaging in several ways.

So-called "retail apps" are cool again, but think before you click! Apple’s App Store is getting crowded with fake impostor apps and Google Play is having the same problem. 

Retail chains like Dollar Tree and Foot Locker, big department stores like Dillard’s and Nordstrom, online product bazaars like Zappos.com and Polyvore, and luxury-goods makers like Jimmy Choo, Christian Dior and Salvatore Ferragamo are just a few examples of impostor apps set up by cybercriminals.

They appear to be legitimate retail store apps — in some cases, they fill a void left by retailers that don’t have apps — but when users install them, the criminals can steal victims’ personal information, or install Trojans that exfiltrate confidential information from smartphones and tablets.

How could this be happening?

Google and Apple's algos to keep malware out of the app store are highly automated, and that is where the problem lies. These apps don’t have malicious code. They simply aren’t what they say they are, and that takes a human to see. Apple and Google simply cannot keep up.

Brands developers and consumers all need to be extra vigilant in spotting and reporting these fake apps for everyone's sake. Many fake apps are coming from China and have telltale signs like broken English, no previous version history, and no reviews.

Consumers initially rejected store-specific apps because there was no real value. Now, like the Starbucks app, these apps have become gift cards with benefits and people love them. So, what changed is “digital stored value” that make apps like debit/credit cards. Other retailers are racing to copy them. Dunkin Donuts was first, then CVS, and now McDonald’s, for example.

"The retailers who are most exposed are the ones with no app at all" said Chris Mason, chief executive of Branding Brand, a Pittsburgh company that helps retailers build and maintain apps. Dollar Tree and Dillard’s, for example, have no official iPhone apps, which made it easier to lure their customers to the fake apps. Consumers are willingly loading credit cards into these apps, which really opens the door for the scam artists.

So, I suggest you send this to your employees, friends and family. Feel free to copy/paste/edit:

Watch Out For Fake Apps!
The holidays are here and the scammers are out in force. Their latest trick is fake apps. Starbucks started the first "retail app", and many stores have followed. But scammers are now creating fake apps, trick you into downloading them to your smartphone or tablet, and ask you to load your credit card information in these apps. You can guess what happens next.
Here are 5 things to keep in mind about this Scam of The Week:
  1. Be very judicious in deciding what apps to download. Better safe than sorry.
  2. If you *do* decide to download an app, first thing to check is the reviews,
    apps with few reviews or bad reviews are a big Red Flag.
  3. Never click on a link in any email to download a new app. Only go to
    the website of the retailer to get a link to the legit app on the AppStore
    or Google Play.
  4. Give as little information as possible if you decide to use an app.
  5. Be very, very reluctant to link your credit card to any app!

There is more information about this at the New York Times:
http://www.nytimes.com/2016/11/07/technology/more-iphone-fake-retail-apps-before-holidays.html

Let's stay safe out there.

Warm regards,

Stu Sjouwerman

Founder and CEO, KnowBe4, Inc.

NewStu.png


Subscribe To Our Blog


Cybersecurity Awareness Month 2021 Free Resource Kit




Get the latest about social engineering

Subscribe to CyberheistNews