November 15, 2016
Want to give personal information to a scammer this holiday season? There’s an app for that. Actually, there are hundreds of apps for that and many are masquerading as legitimate retailers, like Dillard’s and Overstock. According to a recent article in the New York Times, there’s a new kind of ID theft just in time for holiday shopping called App ID Theft.
As part of your anti-phishing tactics, you’re likely already cautioning your employees against opening emails from unknown sources and clicking any links. Now is a good time to also alert them to not be lured into downloading apps that could be damaging.
According to the report, Apple’s App Store is getting crowded with fake impostor apps and Google Play is having the same problem. The apps appear legitimate but when users install them, the criminals can steal victims’ personal information, or install Trojans that steal confidential information from smartphones and tablets.
“Google and Apple’s algorithms to keep malware out of the app store are highly automated, and that is where the problem lies,” writes Stu Sjouwerman, KnowBe4, Inc. founder and CEO. “These apps don’t have malicious code. They simply aren’t what they say they are, and that takes a human to see. Apple and Google simply cannot keep up.”
Consider the possibility of an employee doing some last minute shopping with the Dillard’s app they’ve just downloaded to their company-issued iPhone. Dillard’s doesn’t have an app, but the scrooge lurking behind the fake app may have just acquired access to everything on that phone. And if that happens? Well, talk about feeling the holiday blues – don’t let it happen.
Here are some tips to protect your organization, as well as your friends and family, from fake apps:
1) Never click on a link in any email to download a new app.
2) Go to the website of the retailer to get a link to the legit app.
3) Once in the app store, click on the publisher that is listed under the app’s name. (It’s a red flag if this is its only app or the other listed apps look fishy.)
4) Read the reviews, but be cautious because these could be fake too.
5) Hold that credit card – at least slow down and follow your instincts before entering it into any app.
A final tip for your employees might be: When in doubt, check it out with IT.
Have concerns? Let PrivaPlan help. For more information or other services PrivaPlan provides, contact our HIPAA experts at firstname.lastname@example.org or call 877-218-7707.