When it comes to downloading retail apps, Better Business Bureau and KnowBe4 wants consumers to think before they click. Apple’s App Store and Google Play are both getting crowded with fake, impostor retail apps.
The counterfeiters have posed as retail chains like Dollar Tree and Foot Locker, department stores like Dillard’s and Nordstrom, online product bazaars like Zappos.com and Polyvore and luxury-good makers like Jimmy Choo, Christian Dior and Salvatore Ferragamo.
They appear to be legitimate retail store apps — in some cases, they fill a void left by retailers that don’t have apps — but when users install them, the criminals can steal victims’ personal information, or install Trojans that ex-filtrate confidential information from smartphones and tablets.
How could this be happening?
Google and Apple’s algorithms to keep malware out of the app store are highly automated, and that is where the problem lies. These apps don’t have malicious code. They simply aren’t what they say they are, and that takes a human to see. Apple and Google are having trouble keeping up.
Consumers initially rejected store-specific apps because there was no real value. Now, like the Starbucks app, these apps have become gift cards with benefits and people love them. So, what changed is “digital stored value” that make apps like debit/credit cards. Other retailers are racing to copy them. Dunkin Donuts was first, then CVS, and now McDonald’s, for example.
The retailers who are most exposed are the ones with no app at all. Dollar Tree and Dillard’s, for example, have no official iPhone apps, which made it easier to lure their customers to the fake apps. Consumers are willingly loading credit cards into these apps, which really opens the door for the scam artist.
Better Business Bureau and KnowBe4 have 5 things to keep in mind about this scam:
- Be judicious in deciding what app to download. Better safe than sorry.
- If you do decide to download an app, the first thing to check is the reviews. Apps with few reviews or bad reviews are a big red flag.
- Never click on a link in any email to download a new app. Only go to the website of the retailer to get a link to the legit app on AppStore or Google Play.
- Give as little information as possible if you decide to use an app.
- Be reluctant to link your credit card to any app.
For more information, follow your BBB on Facebook, Twitter, and at bbb.org