Attention smartphone shoppers, watch out for cybercriminals using phony apps or messages in an effort to hijack your device or steal your data. Law enforcement and security experts say that as more people use their mobile devices in stores and on open Wi-Fi networks, the risks are increasing as well.
The FBI-backed Internet Crime Complaint Center is warning consumers to be on the lookout for fraudulent apps, messages and Wi-Fi networks. “Many times, e-mails, texts or phone calls will look or sound like they are coming from a well-known retailer, stating a need to ‘verify’ the full credit card number you used for a purchase or ask
you to click a link to update personal account information,” says a spokeperson from the center.
Android devices are often targeted by spyware, including one system called FinFisher, capable of taking a mobile device, or Loozfon- an information-stealing piece of malware.
Security firm McAfee’s Gary Davis says that as the popularity of apps surges, “so have the chances that you could download a malicious application designed to steal your information or even send out premium-rate text messages without your knowledge.”
Davis says some fraudsters are using Twitter ads offering special discounts for popular gifts, linking to malicious software. “Criminals are getting savvier with authentic-looking social ads and deals that take consumers to legitimate looking websites,” he adds.
“In order to take advantage of the deals or contests, they ask them for personal information that can obtain a shopper's credit card number, email address, phone number or home address.”
Lookout, a security firm offering free apps for Android and iPhone, also urges prudence.
“Be careful what you do on public Wi-Fi networks especially when you're shopping. Do not expose, account numbers or credit card information unless you are certain that you are on a secure connection," said a company statement, adding, “Use discretion when downloading apps. Even the most innocent-looking shopping app can contain software designed to steal personal data, make fraudulent charges or even hijack your phone.”