Counterfeit Retail Apps Are Putting Your Business Data at Risk This Holiday Season
December 7, 2016
Bring Your Own Device (BYOD) policies lower the cost associated with providing corporate devices, and offer more flexibility, by encouraging employees to use their personal devices for work (ex: laptops, tablets, and mobile phones). As personal devices are used more frequently within corporate networks, the start of the holiday season adds an additional layer of security concern. Many consumers rely on the use of mobile applications to shop online during the holidays. In fact, it’s projected that online sales this holiday season will increase between 7-10% to almost $117 billion (National Retail Foundation, 2016). It comes as no surprise that this is the perfect time for cybercriminals to target consumers.
One of the methods employed by threat actors to target consumers is the use of counterfeit retail apps. Although these apps are uncommon (hundreds in the context of over 2 million apps), when combined with phishing emails and the use of fraudulent downloads, they can have a significant impact. These malicious applications often slip through the cracks as a result of apps not getting vetted properly. Additionally, they may only be available for download a short time before they are reported, but a new one will be created just as quickly.
For BYOD enterprises, counterfeit apps can be especially troublesome. If an employee downloads a potentially harmful application on a device being leveraged to access corporate data, this can mean that the cybercriminals could gain access to corporate assets and information. Even worse, when the infected device connects to the corporate network, it can spread malware or ransomware to other devices connected within the network, much like a viral flu.
It is essential for businesses relying on BYOD to educate their employees on how to identify counterfeit apps.
Consider the following red flags when downloading retail applications:
- Consistently bad reviews from other users
- Application asks for more permissions than necessary (e.g. a retail application asking for permission to access phone contacts or camera)
- Spelling mistakes in names of retail applications
- Application asking for unnecessary information (e.g. asking for financial data before the user’s intent to make in-app purchases)
- Application causing device problems (e.g. system crashes, reboots, etc.)
- Unusually low number of downloads
- Use of broken language of origin in menus or descriptions
- If using a browser, ensure website has SSL encryption enabled (https:// vs. http://).
- Note: Encrypted websites will have a green locked padlock icon.
When in doubt, do not download the app.
As consumers begin to rely more and more on mobile applications to complete daily tasks, including holiday shopping, enterprises must be vigilant and ensure proper security measures are in place to protect the endpoint & keep corporate information from cybercriminals.
If you’d like support in deciphering the complex endpoint security market, please reach out to a Herjavec Group Security Specialist today.
[contact-form-7 id="99" title="Contact Herjavec Group"]
About Herjavec Group
Dynamic IT entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. Herjavec Group delivers SOC 2 Type 2 certified managed security services supported by state-of-the-art, PCI compliant, Security Operations Centers, operated 24/7/365 by certified security professionals. This expertise is coupled with leadership positions across a wide range of functions including consulting, professional services & incident response. Herjavec Group has offices globally including across Canada, the United States, United Kingdom, and Australia. For more information, visit www.herjavecgroup.com.