Scam of the day – January 2, 2017 – Mobile app scams

There seems to be a mobile app for just about anything you could possibly want to do and scammers are quite aware of this which is why the Federal Trade Commission (FTC) recently issued a warning to shoppers in particular about phony apps being circulated by cybercriminals who harvest credit card information, banking information and other personal information from phony shopping apps that they lure people into downloading that appear to be legitimate.   A couple of months ago, I warned you about a few specific phony apps that were made to look like the real apps for Christian Dior, Foot Locker, Nordstrom, Jimmy Choo and Dollar Tree.

TIPS

It is important to limit your downloading of apps to legitimate sources such as the Apple App Store and Google Play to avoid malware infected apps. Before downloading any app, read the reviews carefully.  While scammers will write glowing phony reviews about their apps, their reviews are usually cursory and do not provide much information.   You can also go directly to a legitimate retailers website for information about any apps they may have for their products.  Also, you can do a search on Google or other search engines using the words “fake app” along with the name of the company whose app you are interested in to see if there have been reports of problems.   Finally, make sure that you have installed security software on your phone and that it is updated with the latest security patches.

Scam of the day – December 19, 2016 – Android Super Mario Run scam

Super Mario Run is presently the most popular game in the App Store for iPhones and other Apple devices. Unfortunately, for those of you with Android devices, Nintendo has not yet created an Android Application Package version of Super Mario Run although scammers are indicating throughout the Internet that they have free Android versions of Super Mario Run that you can download.  This is a total scam. Sometimes a leaked version of a game is leaked before it is officially launched, however, in this instance, Nintendo hasn’t created one yet so there is nothing to leak.  Anytime you download an Android version of Super Mario Run, you are running the risk of downloading attached malware that can be used to steal your identity or bring other dangers such as ransomware.

TIPS

Free apps loaded with malware present a tremendous danger.  The best thing you can do is to stay with sources such as the App Store or Google Play that you know are legitimate when looking for apps.  Although neither of these companies are perfect when it comes to investigating apps to make sure they are legitimate and not filled with malware, they both do a pretty good job of vetting apps before they are made available to the public.

Scam of the day – September 9, 2015 – Adult Player app ransom scam

The use of pornography to lure people into downloading malware has long been a common tactic used by identity thieves and scammers. In 2005 the massive data breach of information broker LexisNexis was caused by a Florida police officer at work who clicked on a link in an email promising pornography and ended up downloading malware that enabled the hackers to steal the police department’s password and login information to provide access to LexisNexis’ data banks.  Now a malicious Android app called Adult Player that promises free pornography has been discovered by the security company, Zscaler.  Once the app is downloaded it secretly takes a photo of the smartphone user with the front-facing camera.  It then promptly locks the phone and demands a $500 ransom be paid by PayPal or the phone will remain permanently locked and all stored data lost.  This app is not available at Google Play, but is only available from a website that was not vetted by Google.

TIPS

The first thing to take away from this story is that you should be careful about where you obtain your apps.  Although no official app store is totally safe, legitimate app stores such as Google Play investigate apps before making them available and do a good job of avoiding apps with malware.    Also, this story reminds us to always back up regularly all of your data from your smartphone, computer and all other electronic devices.   If you were a victim of this scam, Zscaler says that you can remove the app by opening your smartphone in safe mode, switch on the administrator mode and then select and disable the app.

Scam of the day – March 4, 2015 – Millions of Android apps vulnerable to hacking

The Android operating system for mobile technology such as phones and tablets is the most popular in the world with consumers so it is no surprise that it is also immensely popular with scammers seeking to exploit any vulnerabilities they can find toward their own illegal ends.  The security company FireEye recently found more than 5 million Android apps were vulnerable to being hacked.  Because Android apps are developed with open-source coding, it is a simple matter for hackers to make counterfeit apps that appear to be legitimate apps with which people may be familiar, but which are infected with malware that can steal financial data or otherwise make you susceptible to identity theft or other scams.

TIPS

One of the best precautions you can take to prevent yourself from becoming the victim of a malware infected app is to limit where you get your apps from to sources you know that should be safe such as Google Play or the Apple app store although some malicious apps can, in some instances, survive the scrutiny of these legitimate app stores.  It should be noted that Apple products which use the iOS operating system are also becoming a more popular target of hackers as these devices grow in popularity.  Android users should also utilize antivirus software for an extra level of protection against malicious apps.  Here is a link to  a source for free anti-virus software for your Android phone.  http://www.androidcentral.com/top-free-antivirus-apps-android

Scam of the day – May 30, 2014 – Flawed LifeLock wallet app

Lifelock is one of the most prominent companies providing services to protect people from identity theft and resolve identity theft related problems when it does occur.  Last year Lifelock bought Lemon Wallet, a company that makes mobile wallet apps for iPhones and Android system phones.    Mobile wallet apps permit users to store their ID cards, payments cards, loyalty cards and more on the app.  However after learning that the data stored on those apps was not sufficiently secure, the apps have been withdrawn from the App Store, Amazon Apps and Google Play.  Information stored on the apps is being deleted from its servers.

TIPS

If you are a user of the LifeLock wallet app, you should confirm that your information has been deleted from the app.  LifeLock is updating the security features for the app and expects to have it back and running in the future although no expected date for its availability has been determined.

Scam of the day – March 15, 2014 – Smart phone hacking

Hacking into smart phones is on the rise, particularly in regard to mobile banking apps.  It is estimated by Kaspersky Labs, a security company that the number of attempted hacking attempts went up from 40,059 examples of malicious code in 2012 to almost 100,000 examples of malicious code created to steal smart phone data with almost 98% of this malicious code aimed at Android devices.  Android is the most prominent mobile operating system in the world and is used to power some of the most popular smart phones such as the Samsung Galaxy.  Anything popular with many people is also popular with identity thieves who look for where the most potential victims are and then focus their efforts on exploiting vulnerabilities in popular software systems.  It is for this reason that I have continually warned you about the dangers you confront using Android products in many previous Scams of the day which you can read in the Scamicide archives.

Part of the problem with Android systems are that older smartphones are not equipped to operate the latest versions of the Android system which have incorporated numerous security updates.  A particular area of vulnerability in smart phones is malicious apps.  Malicious apps that you unwittingly download may include keystroke logging malware that can steal all of the information from your smartphone and use that information to make you a victim of identity theft.  As more and more people are using their smart phones for banking, hacking into banking apps with malware is becoming a major problem as identity thieves use this tainted apps to gain access to their victims’ bank accounts.

TIPS

One thing you should do to protect yourself is to limit your downloading of apps to well known, legitimate vendors such as Google Play.  Google scans all apps before it adds them to the Google Play store to make sure that they are not infected with malware.  Also, as I have advised you in the past, you should also protect your smart phone with a strong password, install security software, encryption software and include anti malware such as the app Lookout, which for $29.99  per year has a feature that continually scans your other apps for viruses and malware as well as also permitting you to lock your phone remotely or eliminate all of your stored data if your smartphone is lost or stolen.

Scam of the day – April 1, 2013 – Android identity theft danger

A new strain of a malicious software that is unwittingly being downloaded by Android smart phone users is presenting a great risk of identity theft and even enabling the identity thieves to avoid authentication programs used for electronic money transfers on Android smartphones placing Android users in extreme danger.  A patch for this particular malware has still not been developed so your efforts must be focused on avoiding the malware on your own.  This new malware program is primarily being spread through a phony email that appears to come from the IRS.  It is important to remember that the IRS will never initiate communications with you by email so if you receive an email that purports to be from the IRS, you should delete it immediately.

TIPS

A good rule for keeping your computers, smart phones and other portable devices malware free is to never click on links or download anything that comes in an email unless you are absolutely sure that it is legitimate.  Even if you receive an email from a friend with a link or download, you should consider that your friend’s email may have been hacked and the email you received is not from your friend, but rather from an identity thief.  A good practice is to confirm with any friend who sends a link or download before you actually click on the link or download the file.  Even then you run the risk that your friend may unwittingly be passing on tainted malware without knowing it.  It is also important not to install apps on your Android device unless it is distributed through Google Play.  Getting apps elsewhere carries too much of a risk that the app may contain malware.  You should also make sure that the “Allow Unknown Sources” option in the security settings of your Android phone is disable so that only apps that come from Google Play can be installed on your phone.