My favorite childhood memories revolve around the excitement of opening gifts during the holiday season. So this year, for the first time, I decided to save time, take advantage of good deals and explore the online holiday shopping frenzy that took the online world by storm.

The Problem With Online Shopping

With the increase of fraudulent app developers, it has become important to ensure you are not setting yourself up for fraud when you embark on an online shopping adventure. Global data management company Apsalar placed Hong Kong at the top of its “App Install and Transaction Fraud Index,” followed closely by India and Indonesia to round out the all-Asia-Pacific top three.

The study found that global click-to-install fraud rate was 2.57, eMarketer reported. That means for every click that led to a legitimate installation, there were 2.57 fraudulent ones.

Five Tips For Downloading Apps Safely

As scary as it sounds, there are a few things that you and I can do to ensure we do not fall prey to these malicious attacks while crossing off items on our online shopping wish lists. My foray into the world of online shopping certainly left me with a few valuable lessons. Here are five things I learned to keep in mind when searching for the right retail app to download:

1. Make Sure It’s Legitimate

This is your first line of defense. If an app’s legitimacy is even remotely in question, go directly to the retailer’s website to see if it promotes the app. If the retailer does have an app, the official site will direct you to the correct download source.

2. Read Reviews — Lots of Them

Read reviews to get an idea of the app’s pros and cons before you download it. It is always better if you are not the first user — the more informative reviews you can read, the better. Vague reviews raise a definite red flag.

3. Be a Grammar Snob

Be wary of apps that have typos and grammatical errors. This can be a sign that an app was created by an amateur developer, perhaps even a malicious actor. Duplicate apps crop up with minute errors that can be easily missed. A cybercriminal could then use this fraudulent app to steal your valuable data, such as personal details, photos and account credentials.

4. Check App Permissions

It’s important to check permissions and be aware of what information the app is accessing. Scrutinize programs that ask for access to the internet, SD card data or GPS location. It’s important to use common sense when you grant permission to determine which apps need to access your personal information (PI) to do their jobs and which ones do not.

5. Don’t Take the Bait

Beware of apps that make huge claims. Many promise enormous shopping discounts, while others boast of monetary benefits just for downloading them. Such claims are questionable and should make you think twice. Ensure that you check the retailer’s website before downloading apps that offer deals that are too good to be true.

Ideally, the above measures would help eradicate fraud. In reality, that is not the case. The real key is raising awareness, being alert and reporting fraud as soon as you see it.

Learn More About Application Security Testing

To learn more about how you can combat mobile application security risks, please download a complimentary copy of the Ponemon Institute’s 2017 State of Mobile & Internet of Things (IoT) Application Security Study.

More from Application Security

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities. Figure 1 — Exploitation timeline However, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

Overview In this post, IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Over the last few years, public accounts have increasingly shown that less sophisticated attackers are using this technique to achieve their objectives. It is therefore important that we put a spotlight on this capability and learn more about its potential impact. Specifically, in this post, we will evaluate how Kernel post-exploitation can be used…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…