December 20, 2016 By Preethy Soman 2 min read

My favorite childhood memories revolve around the excitement of opening gifts during the holiday season. So this year, for the first time, I decided to save time, take advantage of good deals and explore the online holiday shopping frenzy that took the online world by storm.

The Problem With Online Shopping

With the increase of fraudulent app developers, it has become important to ensure you are not setting yourself up for fraud when you embark on an online shopping adventure. Global data management company Apsalar placed Hong Kong at the top of its “App Install and Transaction Fraud Index,” followed closely by India and Indonesia to round out the all-Asia-Pacific top three.

The study found that global click-to-install fraud rate was 2.57, eMarketer reported. That means for every click that led to a legitimate installation, there were 2.57 fraudulent ones.

Five Tips For Downloading Apps Safely

As scary as it sounds, there are a few things that you and I can do to ensure we do not fall prey to these malicious attacks while crossing off items on our online shopping wish lists. My foray into the world of online shopping certainly left me with a few valuable lessons. Here are five things I learned to keep in mind when searching for the right retail app to download:

1. Make Sure It’s Legitimate

This is your first line of defense. If an app’s legitimacy is even remotely in question, go directly to the retailer’s website to see if it promotes the app. If the retailer does have an app, the official site will direct you to the correct download source.

2. Read Reviews — Lots of Them

Read reviews to get an idea of the app’s pros and cons before you download it. It is always better if you are not the first user — the more informative reviews you can read, the better. Vague reviews raise a definite red flag.

3. Be a Grammar Snob

Be wary of apps that have typos and grammatical errors. This can be a sign that an app was created by an amateur developer, perhaps even a malicious actor. Duplicate apps crop up with minute errors that can be easily missed. A cybercriminal could then use this fraudulent app to steal your valuable data, such as personal details, photos and account credentials.

4. Check App Permissions

It’s important to check permissions and be aware of what information the app is accessing. Scrutinize programs that ask for access to the internet, SD card data or GPS location. It’s important to use common sense when you grant permission to determine which apps need to access your personal information (PI) to do their jobs and which ones do not.

5. Don’t Take the Bait

Beware of apps that make huge claims. Many promise enormous shopping discounts, while others boast of monetary benefits just for downloading them. Such claims are questionable and should make you think twice. Ensure that you check the retailer’s website before downloading apps that offer deals that are too good to be true.

Ideally, the above measures would help eradicate fraud. In reality, that is not the case. The real key is raising awareness, being alert and reporting fraud as soon as you see it.

Learn More About Application Security Testing

To learn more about how you can combat mobile application security risks, please download a complimentary copy of the Ponemon Institute’s 2017 State of Mobile & Internet of Things (IoT) Application Security Study.

More from Application Security

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Audio-jacking: Using generative AI to distort live audio transactions

7 min read - The rise of generative AI, including text-to-image, text-to-speech and large language models (LLMs), has significantly changed our work and personal lives. While these advancements offer many benefits, they have also presented new challenges and risks. Specifically, there has been an increase in threat actors who attempt to exploit large language models to create phishing emails and use generative AI, like fake voices, to scam people. We recently published research showcasing how adversaries could hypnotize LLMs to serve nefarious purposes simply…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today