<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=2114085292224199&amp;ev=PageView&amp;noscript=1">

Holiday Session and App ID Theft: An expensive and dangerous combination

avatar

Posted by Saaim Khan - 21 December, 2016

header-picture

It’s that time of the year again and security experts are publishing warnings about “fake apps”, but with a twist. "App ID Theft" has been sighted just in time to deceive holiday shoppers. 

With store-specific apps becoming trendy again, users are willingly loading credit cards into these apps, which opens the door for cybercriminals.

Cybercriminals are masquerading as retail chains like Foot Locker, online product bazaars like Zappos.com and Polyvore, and luxury-goods makers like Jimmy Choo, Christian Dior and Salvatore Ferragamo.

These apps, on the surface, look like real retail apps. In some cases, cybercriminals have managed to release apps before the actual retailer. 

Regardless, when a user installs these fake apps, they allow cybercriminals to steal their personal information, or install Trojans that can make their phone or tablet vulnerable to an attack.

The reason this is happening is because cybercriminals are exploiting the fact that a large part of Google and Apple’s app-store verification algorithms are mostly automated and are designed to look for malicious behaviour. 

But these apps do not contain any malicious code. Instead, they impersonate popular retail brands and are designed to relay information back to their servers. In this case, these servers are controlled by cybercriminals. 

It is only through human verification that these apps can be stopped, but given the high volume of applications added daily to both Google and Apple app stores, neither store can manually review all submitted apps.

We recommend the following 5 tips to protect yourself from App ID Theft:

  1. Be very judicious in deciding what app to download. Better to be safe than sorry.
  2. If you do decide to download an app, make sure you check its reviews. Remember, apps with few reviews or bad reviews are a big red flag.
  3. Never click on a link in any email to download a new app. Only go to the website of the retailer to get a link to the legitimate app on the AppStore or Google Play.
  4. Give as little information as possible if you decide to use an app.
  5. Be very, very careful about linking your credit card to any app.


Stay secure this festive season!  

Download our latest whitepaper now

Recent Posts

Security Advisory: Footy Tipping Software Whitelisting Bypass

read more

Security Advisory: Footy Tipping Software Cross-site Scripting

read more

Three Types of Security Threats and How to Guard Against Them

read more