It’s almost midnight. The streets are dark and hundreds of early morning shoppers are gathered outside of malls across the country, ready to brave the impending insanity for the sake of amazing holiday deals. In the U.S., Black Friday and Cyber Monday shopping madness is right around the corner, and many consumers will soon “be consumed” with seeking out the best deals when buying holiday gifts. With mobile device use already on the rise, many consumers will rely on their smartphones and tablets to reduce holiday anxiety. However, as we prepare to find the best deals and perfect presents, we open ourselves up to cybercriminals waiting to steal valuable information from our most convenient gadgets.
There are more holiday-themed scams each year, but many are now focusing on mobile users and the considerable revenue that mCommerce will be generating. To highlight these risks and put a damper on cyber Scrooges, McAfee recently launched its annual 12 Scams of the Holidays list, which aims to educate users about the most common seasonal scams that criminals use to steal credit card and other sensitive information.
While cybercriminals target users year-round, we are especially vulnerable to scams during the holidays. Malware can easily slip in among the massive flow of holiday deals floating around this time of year. With more of us storing financial and other sensitive data on our mobile devices, the risks can be even higher for those of us looking to shave some time off our holiday shopping by utilizing the convenience of a smartphone or tablet. A whopping 51% of U.S. adults bank online and 32% use mobile banking regularly, meaning lots of critical information is stored on devices at any given time. Once criminals have a way in, be it through a QR code, risky app, phony website or fake coupon, they can not only get to stored financial information but take over your entire device—including your camera and microphone.
Staying safe when the Black Friday buying frenzy ensues is dependent upon you being aware. Below are some common holiday mobile risks to look out for along with tips for protecting your data and your identity during this shopping season.
Not-So-Merry Mobile Apps
Mobile apps have made staying connected seamless, whether you’re checking to see if your favorite sports team is winning or organizing your daily calendar. But before you download that app to help with the planning of your holiday shopping, be wary of potentially dangerous software. Don’t be fooled by official looking descriptions and a five-star rating—malicious apps may have an appearance of legitimacy, but can be designed to steal and even worse, send out valuable information.
For example, the Android.FakeInstaller mobile malware passes itself off as the installer for a legitimate app, and then sends text messages to premium rate numbers, without your consent. This can eventually rack up your phone bill by hundreds of dollars, and you won’t know until the bill arrives.
What should you do? Thoroughly research the latest and greatest mobile apps before downloading, especially free ones released around the holidays. To ensure validity, look out for comments or reviews by third parties, and when in doubt, don’t download. Always download from trusted online sources, such as the Apple App Store and Google Play.
Holiday Mobile Message Scams – SMiShing and Phishing
SMiShing, also known as phishing via text message, is a common way scammers try to trick users into revealing passwords or clicking on malicious links. Clever criminals will send out genuine-looking text messages, often masquerading as a valid organization, asking users to confirm their identity for account security purposes.
Aside from nasty text messages, malicious emails can do the same amount of damage to a mobile device as they can on a computer. Be wary of messages from unknown senders and check for inconsistencies like misspellings or strange characters or symbols.
What should you do? Always be suspicious of messages from unknown senders or even ones that appear to be from your bank. A legitimate organization will never ask for account details, so if it does, delete the message immediately. The same goes for checking emails via your mobile device—never click on links if you don’t recognize the sender and never share personal information.
Seasonal Travel Scams
Aside from buying gifts, the holidays are synonymous with traveling. Many people will be spending time with friends and family away from home, but the same security threats follow wherever you go. Scammers will try to snare you with seasonal travel deals that end up with you downloading malware.
People are especially vulnerable to scams when out of their element, and public Wi-Fi is a prime example. Not having the comfort and security of your home network is an inevitable part of holiday commuting, but think twice before logging on or checking your account balances via public connections. Cybercriminals troll public Wi-Fi connections looking for unprotected devices to hack and grab usernames, passwords, and even banking information.
What should you do? As always before clicking on that link promising amazing savings to plan your holiday travels—be wary of any deal that looks too good to be true, and exercise caution before clicking through. When traveling, or even when out shopping near home, don’t connect to Wi-Fi unless the connection is secure and trustworthy. Wait to check sensitive things like bank accounts and email until you can use a password-protected connection.
Malicious Mobile Games
Dangerous apps are an issue any time of the year, but with many people preparing to travel for the holidays, they are looking to be entertained. A three-hour layover is infinitely better with the help of a fun mobile game, but not all of these apps are nice. Scammers make fake versions of popular games to trick unsuspecting users into downloading them instead of the real ones. These faux-games can look nearly identical to their legitimate counterparts, with slight variations such as spelling errors or color schemes.
What should you do? Beware when downloading games on your mobile device, research the app before downloading, and again, only download or buy games from reputable app stores.
Bogus Deals and Malicious QR codes
While there is no shortage of amazing savings during Black Friday and Cyber Monday, as I’ve stated before—anything that seems too good to be true, probably is. And one area where this rings especially true is with QR codes. They may seem like fun little squares of surprises, but QR codes can also be used to spread malware, and clever criminals will often house them in legitimate looking advertisements to throw off suspicion.
What should you do? Always check the source and validity of an offer before clicking through. Call the retailers listed on the deal, or check their website before opening an email or scanning a QR code that promises to whisk you away to savings.
Just as the Grinch stole Christmas, cybercriminals can easily steal information from our mobile devices and ruin the holidays. Using the above tactics will definitely help you stay one step ahead of cyber Scrooges. Additionally, here are some general mobile security tips to keep in mind year-round:
- Limit third-party app access. Always be careful about what permissions each app is allotted on your mobile device, be it to your photos, microphone or location information.
- Only download apps from official sources. Third-party app stores and websites are known for fostering risky apps and malware. Stick to downloading from trusted online sources, such as the Apple App Store and Google Play.
- Update your mobile software. Make sure you are using the latest versions of your mobile operating system, browser, and security software.
- Search with caution. Protect your device and your data when searching for holiday gifts by using a safe search plugin such as McAfee® SiteAdvisor® that comes with McAfee® Mobile Security.
- Use comprehensive mobile security software. McAfee Mobile Security for both your Android smartphone and tablet comes with many features to help protect your mobile devices from a variety of threats. And until December 13, 2013, it’s available for a discounted price. US residents only.