Don’t be fooled by fake shopping apps
9 ways to be sure that a download is legit, not a fraud
Find a great shopping app that promises the best discounts ever? Before you hit “buy” or “download,” take an extra minute to make sure it’s the real deal.
Recently, one scan by RiskIQ found that 10 percent of apps in global app stores are counterfeit, according to Arian Evans, vice president of product strategy with RiskIQ, a digital risk-monitoring firm.
In another test, when the company searched “Black Friday,” it found 973,000 fake apps targeting holiday weekend sales, says Evans.
Criminals aren’t necessarily getting smarter. They’re simply following the crowds. And this is just another spin on the age-old con of pretending to be someone else to separate shoppers from their money. “It’s no surprise that they’ve moved to the app market,” says David Farquhar, a unit chief in the criminal division of the FBI’s financial crimes section. “It’s pretty easy to create an app or a website and mimic someone else.”
In the 2015 holiday season, “More than 70 percent of purchases were influenced by mobile digital channels,” says Evans. “And since that’s where the consumers are, that’s where the bad guys are.”
The best advice for consumers who want genuine retail and shopping apps instead of fakes or counterfeits planted by criminals? Stick to the official app sellers for your device.
In those venues, the number of counterfeit apps is “very small,” says Ross Rubin, analyst in residence at Apptopia, a company that tracks app trends, downloads and usage. “It’s a small percentage of the overall number of apps.”
Official app stores vet apps for malware before they’re allowed in the store, says Rubin. These stores also purge apps discovered to be fake, he says.
What can fake shopping apps do?
What the counterfeit creations will do varies with the app, the makers and their motivation.
They can be a “ruse through which to serve ads and generate revenue that way,” says Rubin. “That’s mostly what we’ve seen.”
Others will take shoppers to pages of merchandise that the app designer (not the actual retailer) wants to sell, says Jon Clay, director of global threat communications for Trend Micro, and web and cloud security firm.
“They aren’t offering the retailer’s product,” he says. “They’re mainly trying to get you to buy a product you don’t want. You think you’re getting one thing and you’re getting something else.” That merchandise could be counterfeit or just poor quality.
Then there are more-malicious creations that attempt to gain access to billing information. Some could appear benign initially, but pull a malevolent payload into your device at a later date, says Evans. “Even though they’re safe today, it doesn’t mean they’ll stay good.”
9 ways to be a smarter app consumer
So even when you’re sticking to top-notch sites, it’s still smart to be a smart app shopper.
Here are nine things to look for to weed out fake shopping apps:
1. Shop official app stores only. Whatever the official app purveyor for your device, stick with that, says Clay. It won’t eliminate all problems, but it will stack the odds significantly in your favor.
Avoid third-party app stores. “In the U.S. we really shouldn’t be [using] third-party app stores,” says Clay. In this county we can access the legitimate stores that aren’t always available in other parts of the world, he says.
2. Scan reviews. “You want to have good reviews and you want to have a lot of reviews,” says Clay.
“If you’re an established retailer, chances are you have been active in the app store for a number of years and have accumulated hundreds, if not thousands of reviews,” Rubin says.
Clay agrees: “A hundred thousand downloads and 5,000 reviews is probably better than 5,000 downloads and five reviews.”
Be suspicious if you find complaints saying, “These apps aren’t doing what they said they’re going to do,” says Clay.
3. Check its age. Like fine spirits, older is better. “Many fake apps will be new to the store,” says Rubin.
4. Look for funky spelling or poor English. Your favorite retailer is not going to cheap out when it comes to app marketing, and that starts with accurate English.
If they misspell the store name or anything else, look out, Rubin says. “That’s a clue that the app is not genuine.”
Often counterfeit apps will have names just slightly different from the real thing, he says.
5. Beware grandiose promises. If the app promises bargains or goodies almost too good to be true, beware, says Evans. “Official makers of apps for a brand usually don’t have to make crazy claims to get you to download it.”
6. Check who’s behind the app. Who’s offering the app for sale, and who designed it? Make sure the name is the name of the actual company, says Rubin. But be aware that smaller retailers may hire outside third-parties to develop their apps, he says, which can make it confusing.
If you have doubts, see if the retailer has tech support for its online presence. That can be a place to touch base and ask a few questions before you download.
7. Pay attention to what the app wants to access. When you install an app, it will list components, data and other apps that it wants to access, says Clay.
Signs of a counterfeit or bad app: It wants more information than it needs, or if what it wants seems incongruous with the services it’s supposed to provide, he says.
This is one area where is pays to be skeptical. “It might just be what you’ve really got to look at is ‘How much information about me does this thing take?’” says Farquhar.
“If you download a game and it wants to access contacts, well, why does it need contacts?” he says.
8. Don’t download apps from email links or text messages. “The other thing to be wary of, especially as we get into the holiday season, is clicking on [email] links” to apps and other downloads, says Clay. “In a lot of cases, these emails aren’t legitimate.”
9. Check the retailer’s site. If you’re buying an app from a particular retailer, go to that store’s website. “Many times, they’ll have links to download their official app,” says Rubin.
And yes, some larger retailers could have more than one app.” That’s the hard part,” says Clay. “That’s where people have to take the time to read the description, what it is and what it does.”
Already downloaded a suspicious app?
No, you’re not doomed. But you do have a little computer house-cleaning to do.
First things first, uninstall and delete the suspected app, says Clay.
If you’ve linked it to anything payment-related (be it credit cards, PayPal accounts, or online shopping accounts connected to funds), you want to change your passwords to those accounts, says Rubin. If you’ve linked the app to a credit card, contact the issuer’s fraud department. “That credit card may need to be replaced,” says Rubin.
But there’s no need to stop using apps or get nervous the next time you feel the urge to download one. Instead, take a few extra steps to make sure you’re getting exactly what you want.
“Every day, millions of consumers use apps to buy things from [vendors] they trust,” says Rubin. And in the official app stores, counterfeit shopping apps are “a relatively limited phenomenon.”
- As banks talk with Facebook, time to review your privacy rights – With Facebook seeking customer data from banks, federal privacy protections let you opt out of some data sharing by financial institutions ...
- As data breaches increase, here's how to cut your identity fraud risk – As data breaches increase, it is easier to cut the risk that your card data and other personal info will be stolen. Dark web scans, free credit reports and virtual card numbers can ease your anxiety about identity theft ...
- Protect your card details, identity from being doxxed – Even if you’re not in the public eye, just the fact that you have a digital footprint means you and your sensitive financial information could be exposed to the growing doxxing epidemic ...