The Target credit card disaster was right in the midst of the holiday buying ramp-up in October and November. This year has seen a similar increase in reports of fraud and malicious “apps” promising amazing deals that are used to lure consumers into giving up their personal and bank card information.
As reported on Zscaler, one of the fake apps making the rounds is an Android app that advertises itself as an Amazon Black Friday Deals app. However, it’s in no way affiliated with Amazon, and it’s designed merely to get consumers to part with their personal information. The app loads a child application that stays persistent and runs in the background of the phone. Even if the user deletes the original application the child app will still remain and be rather difficult for the average user to remove.
The lesson here is that if something seems suspicious or too good to be true, do your due diligence and do a bit of research. Only use and install apps from trusted app stores. Don’t download shady apps from online sources, especially if you’re running an Android phone. It seems that non-iOS phones are significantly more vulnerable to malicious apps and malware than the Apple iOS phones.
Another thing to do this holiday season is to ensure that the websites that you’re buying merchandise from are secure, and are the legitimate websites of the companies. A quick look at the address should confirm everything. Beware of sites that appear to be subdomains, for example www.amazon.iusepcupe.ru is NOT a domain of Amazon.com but rather iusepcup.ru (a made up domain for this example).
On the right is a table of what the SSL badges look like on each browser (click the picture to enlarge it). Keep in mind the browser companies often change these, but they will usually look similar in nature. You will be able to tell the difference between an SSL website and a website that is not secured.
Here are a few more tips for staying safe this holiday season:
- If you get an email advertising amazing deals, inspect the source of the email. If the email address seems suspicious, do not click on any links or attachments.
- Do not download any apps from unofficial or shady looking app stores.
- Ensure that the websites you’re doing transactions and banking on are secure (look for a green lock symbol in your browser address bar as in the picture above)
- Double check the root URL that you are browsing before making any purchases.
- Invoices over Email are suspicious.
- Always make sure that your browser and other associated programs (such as Adobe Flash) is up to date. We highly recommend allowing your computer to automatically install updates on your hardware and software.
- Install Adblock Plus to block any malicious pop ups that might be tempting to click on. If you know loved ones who are apt to click on random ads, please install this for them.
- Enable the use of proper antivirus and anti-malware software.
- Start using multi-factor authentication on your online accounts.
- Review your credit card statements online every few days. Install the corresponding bank apps on your phone, where they will be able to send you alerts if strange spending activity is detected.
As always, common sense rules the day when doing transactions on the internet. I’ve now made it a habit to ensure that I’m on the proper URL before entering PayPal information or similar (PayPal is a very commonly spoofed website).