In its latest security report, digital threat management firm RiskIQ estimates that one in 25 apps touting Black Friday deals are fake.
“To fool consumers into giving up their login credentials and credit card information, threat actors use the keywords, brand names and branding of popular e-tailers alongside ‘Black Friday’ in fake apps and landing pages promoting deals and coupons,” researchers at the firm said in their report.
The company said that over 32,000 “malicious mobile apps are leveraging the branding” of top online retailers. “These apps seek to trick shoppers into entering credit card information, giving up Facebook and Gmail credentials, or downloading malware that steals personal information or locks devices until ransoms are paid,” the company said adding that malicious apps “represent 4 percent of the 4,356 total Black Friday-themed apps available in app stores today.”
“Not only should buyers be aware, but online retailers should heed the wake-up call to better protect their reputation and extend protection to their consumers,” authors of the report noted. “With online fraud, data leakage and ransomware on the rise, online retailers have ample reason to redouble their focus on how their brands are being used fraudulently by external threat actors across the Internet and global mobile app ecosystem to target their customers.”
The malicious apps are “linked to spam, malware or phishing” schemes the company said, adding that as online and mobile shopping continues to grow, it expects “threat actors to redouble attack strategies” by using “convincing, fake landing pages and mobile apps to lure unsuspecting shoppers into giving up their data.”
RiskIQ’s “blacklists” of malicious sites and apps is drawn from Internet data while also using the firm’s own “virtual user crawling technology.” The company said that it “actively scans, crawls and passively senses the Internet including web pages, mobile apps and stores, and the most popular social networks.”
As a result, the technology has the capacity to cover more than two billion HTTP requests each day across 783 locations in over 100 countries via 20 million mobile apps and 300 million domains.
For More Business News From WWD, See: