It's the most wonderful time of the year. The holiday season is upon us.
There's nothing better than getting together with family and friends and reminiscing about the good-old-days, eating that wonderful dinner and opening Christmas gifts. Of course with most things these days, there has to be someone playing the role of the Grinch. This year that role is being played by scammers trying to rip you off while you're shopping for the holidays.
Just in time for the holiday shopping season, cybercriminals have set up fake retail and product apps in Apple's App Store. The scammers are pretending to be department stores like Dillard's and Nordstrom, or retail chains like Foot Locker and Dollar Tree.
Chris Mason, an official with a company that helps retailers build apps, said they are seeing a barrage of fake apps. The company is always tracking new shopping apps and it has never seen so many counterfeit iPhone apps appear so quickly.
Mason says that some of the fake apps are just junk. This means they're pretty harmless but have annoying pop-up ads.
What are the risks?
Even though some are junk apps, there are others that are trying to steal your money. It's basically an elaborate phishing scam.
If you enter your credit card information into one of these fake apps, the scammer now has your information, opening you up to financial fraud. Some of the apps have malware that can steal your personal data or even lock your gadget with ransomware. Other apps want you to log in with your Facebook credentials, which would expose your personal information found on that site.
Most of these counterfeit apps are being developed in China and made it through Apple's review process without being detected as fake. Apple's review process is more restrictive than Android's and is supposed to catch these counterfeit apps.
Thousands of apps are submitted to the iTunes store each day. Apple's focus is more on blocking malicious software and less on app legitimacy associated with the company or retail store it claims to be. It's up to brands and developers to watch for fake apps and then report them.
Hundreds of fake apps were recently removed by Apple after the New York Times asked about certain apps created by specific vendors.
An Apple spokesman told the Times, "We strive to offer customers the best experience possible, and we take their security very seriously. We've set up ways for customers and developers to flag fraudulent or suspicious apps, which we promptly investigate to ensure the App Store is safe and secure. We've removed these offending apps and will continue to be vigilant about looking for apps that might put our users at risk."
It's unclear how many of these apps have been used, although Apptopia says some have been downloaded thousands of times.
One way to tell if an app is counterfeit is its title. For example, one counterfeit app is for Footlocke Sports Co. Ltd. It mimics the popular shoe retailer Foot Locker Inc.
Another example is a fake app pretending to be a popular supermarket chain. The Kroger Company has 20 legitimate iPhone apps for its various retail chains, but the Kroger Inc. has several fake apps pretending to sell items from the real chain.
What you should do
- One great step you can take to avoid counterfeit apps is to read the reviews before downloading it. In most occasions, others who have been scammed by the app will post a review warning you.
- Look for misspelled words or unprofessional grammar. If it seems suspicious, don't download it.
- Before downloading an app, check the official website of the retailer to see if they have a link to the App Store. This will ensure it's the official app.
If you think you have fallen victim to a phishing scam, you should check your bank account or credit card statement immediately. If you see any suspicious activity, report it. Also, you should change your passwords for all of the websites that have your personal data. Make sure your passwords are strong and never use the same one on multiple sites.