Holiday shoppers using smartphones should beware of fake commerce apps and fake Wi-Fi hot spots inside malls. Hackers use these fakes to grab account numbers and sensitive personal information.
Many smartphone users compare prices and evaluate products while shopping inside a physical store, which means they are probably connected to a Wi-Fi network. Often, stores and malls offer Wi-Fi for the convenience of customers, but thieves also set up fake Wi-Fi hotspots to be able to steal data. Sometimes the cyber thieves even monitor consumer communications over legitimate Wi-Fi hotspots that haven't been properly configured and expose a user's information openly.
When shopping online anywhere, users need to be aware that hackers have set up fake store apps that look like legitimate ones, usually enticing smartphone users with deals and rewards. They observe unencrypted traffic or even manipulate the content the victim sees online to redirect the user to a malicious website or to download malware.
When a hacker sets up a fake Wi-Fi network, the hacker will mimic a legitimate network, often using the same name. Hackers might set up a network that uses the word "free" in the name to lure victims. Even short access to a malicious network may give a hacker enough information to later access bank accounts or social media accounts.
For online shoppers using commerce apps, Skycure said hackers will sometimes repackage legitimate apps so the fake app looks exactly like the real one. The fake app works in the background to steal data or spy on the user. The security firm found a repackaged version of a Starbucks app, for example, and said users can avoid the problem by installing the official app from the Apple and Google app stores.
Or, hackers will create fake apps from scratch. Such fake apps promise rewards to get people to download the apps. With the fake Amazon Rewards app, Skycure found it was actually a trojan that spreads by using SMS messages with fake Amazon vouchers and a link to a fake website. It even accesses the user's contact list so that it can send SMS messages to even more people.
To safeguard against risky apps:
To safeguard against risky Wi-Fi: