My favorite childhood memories revolve around the excitement of opening gifts during the holiday season. So this year, for the first time, I decided to save time, take advantage of good deals and explore the online holiday shopping frenzy that took the online world by storm.

The Problem With Online Shopping

With the increase of fraudulent app developers, it has become important to ensure you are not setting yourself up for fraud when you embark on an online shopping adventure. Global data management company Apsalar placed Hong Kong at the top of its “App Install and Transaction Fraud Index,” followed closely by India and Indonesia to round out the all-Asia-Pacific top three.

The study found that global click-to-install fraud rate was 2.57, eMarketer reported. That means for every click that led to a legitimate installation, there were 2.57 fraudulent ones.

Five Tips For Downloading Apps Safely

As scary as it sounds, there are a few things that you and I can do to ensure we do not fall prey to these malicious attacks while crossing off items on our online shopping wish lists. My foray into the world of online shopping certainly left me with a few valuable lessons. Here are five things I learned to keep in mind when searching for the right retail app to download:

1. Make Sure It’s Legitimate

This is your first line of defense. If an app’s legitimacy is even remotely in question, go directly to the retailer’s website to see if it promotes the app. If the retailer does have an app, the official site will direct you to the correct download source.

2. Read Reviews — Lots of Them

Read reviews to get an idea of the app’s pros and cons before you download it. It is always better if you are not the first user — the more informative reviews you can read, the better. Vague reviews raise a definite red flag.

3. Be a Grammar Snob

Be wary of apps that have typos and grammatical errors. This can be a sign that an app was created by an amateur developer, perhaps even a malicious actor. Duplicate apps crop up with minute errors that can be easily missed. A cybercriminal could then use this fraudulent app to steal your valuable data, such as personal details, photos and account credentials.

4. Check App Permissions

It’s important to check permissions and be aware of what information the app is accessing. Scrutinize programs that ask for access to the internet, SD card data or GPS location. It’s important to use common sense when you grant permission to determine which apps need to access your personal information (PI) to do their jobs and which ones do not.

5. Don’t Take the Bait

Beware of apps that make huge claims. Many promise enormous shopping discounts, while others boast of monetary benefits just for downloading them. Such claims are questionable and should make you think twice. Ensure that you check the retailer’s website before downloading apps that offer deals that are too good to be true.

Ideally, the above measures would help eradicate fraud. In reality, that is not the case. The real key is raising awareness, being alert and reporting fraud as soon as you see it.

Learn More About Application Security Testing

To learn more about how you can combat mobile application security risks, please download a complimentary copy of the Ponemon Institute’s 2017 State of Mobile & Internet of Things (IoT) Application Security Study.

More from Application Security

Does Follina Mean It’s Time to Abandon Microsoft Office?

As a freelance writer, I spend most of my day working in Microsoft Word. Then, I send drafts to clients and companies across the globe. So, news of the newly discovered Microsoft Office vulnerability made me concerned about the possibility of accidentally spreading malware to my clients. I take extra precautions to ensure that I’m not introducing risk to my clients. Still, using Microsoft Office was something I did many times a day without a second thought. I brought up…

3 Reasons Why Technology Integration Matters

As John Donne once wrote, “No man is an island entire of itself.” With digitalization bridging any distance, the same logic could be applied to tech. Threat actors have vast underground forums for sharing their intelligence, while security professionals remain tight-lipped in a lot of data breach cases. Much like the way a vaccine can help stop the spread of infectious diseases, sharing threat intelligence and defense strategies can help to establish a more secure future for everyone.  So what…

Why Your Success Depends on Your IAM Capability

It’s truly universal: if you require your workforce, customers, patients, citizens, constituents, students, teachers… anyone, to register before digitally accessing information or buying goods or services, you are enabling that interaction with identity and access management (IAM). Many IAM vendors talk about how IAM solutions can be an enabler for productivity, about the return on investment (ROI) that can be achieved after successfully rolling out an identity strategy. They all talk about reduction in friction, improving users' perception of the…

Controlling the Source: Abusing Source Code Management Systems

For full details on this research, see the X-Force Red whitepaper “Controlling the Source: Abusing Source Code Management Systems”. This material is also being presented at Black Hat USA 2022. Source Code Management (SCM) systems play a vital role within organizations and have been an afterthought in terms of defenses compared to other critical enterprise systems such as Active Directory. SCM systems are used in the majority of organizations to manage source code and integrate with other systems within the…