Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

FTC Issues fake app alert, but perhaps too late

Two days before Christmas Eve, the Federal Trade Commission (FTC) in a blog post alerted consumers to the trend of fake mobile apps pretending to offer easy shopping from particular retailers, which differed from the nefarious phishing scams designed to abscond credit card numbers or bank account information that they actually represent.

While industry pros were happy to see the FTC offer recommendations, they did question the timing.

“I applaud the efforts of the FTC in their effort to educate consumers and the general public,” Gene Fredriksen, comments CISO for Saint Petersburg, Fls.--based PSCU, which provides PCI transaction clearance for more than 800 credit unions. “It is a bit ‘too little and too late' in that it was released at the end of the Christmas shopping season, but it is a step in the right direction,” Fredriksen said.

Among the consumer tips offered by the FTC staffer to avoid being ripped off were:

• Before downloading, go to the retailer's real website to see if there's an actual app, which should be then linked to an app store from where it should be downloaded

• Search the Internet for “fake app” with the brand, which should have reported that it's being spoofed

• Before downloading, read reviews of the app; those without reviews are likely fake

Besides disseminating this information long after it was really needed, the mainstream media for the most part didn't report the trend, Fredriksen noted, adding that he doesn't recall “seeing anything on the news channels about this issue, and I doubt that many consumers read the FTC blog.”

Agrees Ana Smith, a spokeswoman for the National Retail Federation, who responded to an SC email inquiry: “This is the first time we hear of this. After reviewing the link, we agree that this reaction by FTC was a little too late, especially when a lot of online shopping was already completed by December 22.” 

PSCU sends out weekly cyber updates to its members about issues like such scams to make sure that information continues to flow. “While I don't receive specific reports on these issues from our members, I do know that it an issue of concern for all financial institutions and retailers,” Fredriksen said.

Fake/Counterfeit Merchandise Scams ranked second among the Top 10 Scams of 2016 by ScamGuard, the free consumer-driven website. “With so many online stores available, it's sometimes very difficult to know the difference between a legitimate e-commerce site and a fake one set up to steal money or a person's identity,” stated ScamGuard. “The over-reaching goal of these scammers is to gain access to the credit card numbers of their victims and then use the numbers to fraudulently make purchases, or make a buck with the information on the black market.”

The blog MalwareBytes yesterday also flagged potential app scams in a post. “Check permissions of apps before installing. This is especially true if you are installing from third-party app markets. Do the permissions seem fitting for what the app needs to function? If that wallpaper app of cute kittens has SMS permissions, you may want to think twice.”

MalwareBytes advised, “If you really want a safe and ad-free app, it might just be worth paying the 99 cents and avoid all the hassle.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.