Holiday Shoppers: Downloadable apps may have Scama-Claus inside


You better watch out, you better not cry, cause Scama-Claus is coming to town!

Security professionals across the globe sing this catchy little jingle every holiday season, and for good reason. As shopping for gifts for loved ones increases, both online and off, the propensity for holiday rip-offs also escalates exponentially. Crooks have been preparing for months, enhancing both old scams and new tricks of the trade, knowing full well that the last thing that you are prepared for at this time of year is a fraudster in your midst.

The latest insidious scam trend to hit the market this holiday season revolves around downloadable apps. Retailers promote them, as a way to ensure customer loyalty by way of bargain notifications or the awarding of hefty discounts. Be wary, however, of “clones” impersonating legitimate retailers.

Corey Nachreiner of WatchGuard Technologies warns:

You might download a specific app to buy directly from a them. But bad guys are launching fake apps that are really scam apps. So be careful where you get your retail apps from.

What is the purpose behind these fake apps?

According to a new report from RiskIQ, a cybersecurity company: “Hundreds of malicious Black Friday apps and websites will be looking to steal personal data and credit card information this year in the United States and United Kingdom.

Cybercriminals create fake mobile apps and landing pages with realistic branding. They want to convince consumers to download bad apps or visit bogus sites and ultimately “phish” for sensitive data.” The report goes on to add that roughly 5% of the thousands of apps promoted this year will be fakes.

Last year, studies show that 40% of holiday shopping over November and December was conducted on a mobile phone. That percentage is expected to rise this year, and crooks are well aware of this fact. If you see a tantalizing ad on your smartphone, like a 90% discount on a flat-screen television, you may want to ignore it. The link may take you to an illegitimate server that requests your credit card and personal data. Since mobile browsers have shorter address fields, the link may appear to be legit, when, in actuality, it might be a scam.

How can you avoid these scams?

Corey Nachreiner advises:

Look for spelling mistakes. Look for reviews. If you go on Google or Apple, users will review them. Don’t get anything that’s one-star for sure.”

Steve Ginty, senior product manager at RiskIQ, suggests: “Check that the website has a valid “HTTPS” connection with a lock symbol, not “HTTP”, which is vulnerable to attacks.” Curbing one’s greed can also help. If it sounds too good to be true, then it most likely is.

This type of fraud may, unfortunately, be with us for years to come, as well. According to Yair Levy, a cybersecutity and information systems expert: “Every year we see this growing significantly. Why? Because it becomes more successful. Every year more people shop online.

To be forewarned is to be forearmed!

Read Also: