Counterfeit Mobile Shopping Apps Steal Christmas 2016

Each holiday shopping season has a must-have gift item. Holidays past had their Cabbage Patch Kids, Mighty Morphin Power Rangers, and Legos as perennial favorites. Holiday 2016 is shaping up to have several contenders, but no clear favorite has yet emerged. At least Pokemon characters are in the mix coming off the summer craze the Pokemon Go app created. But what is emerging as an unexpected – and unwelcome participant in this holiday season, not too unlike the Grinch – are counterfeit mobile shopping apps.These fake apps are designed to look like legitimate mobile shopping apps from big name retailers such as Dillard’s, Nordstrom, Dollar Tree, Uggs, and Zappos.com to name but a few. Their purpose is to make money for their publishers and range from the innocuous but annoying that serve pop-up ads to the extremely dangerous which attempt to steal personal and financial information. Some malicious shopping apps attempt to steal Facebook credentials and will even lock phones in order to extort a ransom from their victims.A barrage of these counterfeit mobile shopping apps has begun appearing in the Apple Store during the past several months. This has come as a bit of a shock since the Apple iOS Developer program is notoriously tough (picky) about which apps it allows into the store. Counterfeit apps have appeared in the Android marketplace in the past, but this recent surge has been squarely focused on iOS apps. This has coincided with the release of the Pokemon Go game, especially in countries where the game was not yet available.It appears that the proliferation of fake apps has simply overwhelmed Apple’s defenses which are no match for the sheer determination and persistence of the publishers of these apps. The recent launch by Apple of search ads in its App Store has only served to fan the flames. Rogue app publishers, most located in China, are utilizing these ads to promote their malicious apps, sometimes appearing ahead of the legitimate versions in the search results.Scammers are preying on the confusion around mobile app branding often using very similar-sounding names. Companies lacking mobile shopping apps are particularly vulnerable since there are no legitimate apps under their brand to compete with the fakes. The huge leap in sales using mobile apps – 56 percent to $49.2 billion in 2015 according to comScore – has certainly drawn increased focus from scammers.So what can you do to identify counterfeit mobile shopping apps this holiday season? CNet.com has a good list of things that can tip you off to fake apps:

• “If it’s too good to be true, then it probably isn’t.” Beware of shopping apps that offer ridiculous discounts. Some apps are promising discounts of 30 to 50 percent on high-priced luxury items. This should be the first warning that something isn’t quite right.
• Check App Store reviews. If an app has very few or no reviews, be wary. Legitimate apps published by real businesses often have hundreds of reviews, hopefully positive.
• Following on the previous point, be wary of apps with only one published version. Legitimate apps that have been around for a while typically have multiple releases. Developers introduce bugs requiring mending as well as new features in subsequent versions all leading to a revision history in the store.
• Many fake apps are rushed to market and are shoddily produced. Look for mangled English in menus and other screens. If the app reads like the instruction booklet that came with your made in China wireless router, be suspicious. Be very suspicious.

One area that these apps implement quite well is the detection of fake credit card and address data. It would seem the scammers don’t like getting scammed. Despite poor English and scant reviews in the App Store, many of these apps go to great lengths to appear legitimate even mimicking real apps with extensive product pages utilizing selector wheels for size and color choices and the aforementioned sophisticated checkout pages.As with most things of a cybersecurity nature, it always comes back to a lack of security awareness across the board. In the case of counterfeit mobile shopping apps, the blame can be shared equally among Apple, the companies that have been exploited, and the poor, victimized consumer.The first layer of defense rests with Apple. They must do a better job in scanning and vetting apps admitted into the App Store. Granted, it’s a daunting challenge as scammers have several avenues of recourse and it becomes a game of Whack-a-mole. Scammers can modify the app after acceptance or simply change its name and resubmit it.The next layer is the companies whose brand and apps are targeted. They must become more vigilant in performing brand monitoring and this extends to keeping an eye on mobile app stores. Finally, we, the consumers, have to watch our backs across yet another channel ripe for exploitation. Just was we watch our inbox for phishing exploits and websites asking for personal and financial info, we also need to be more aware of the apps we allow onto our mobile devices. Happy Holidays and be safe out there!