top of page
Admin

Fake Apple Apps Scamming Many; How To Avoid It

Published: August 03, 2021 on our newsletter Security Fraud News & Alerts Newsletter.



Fake apps have been an ongoing problem for the official Apple App Store. With nearly 1.8 million apps in their Store, Apple estimates making $65 billion a year from the apps alone. They also have a dedicated “Discovery Fraud Team” and technology to keep scam apps out. But, they still find a way of sneaking in. A Washington Post report found that out of Apple’s 1,000 highest-grossing apps, nearly 2% are some type of scam. Many fake apps can deliver malware to a device, but others are just looking to make a quick buck with financial scams.


Apple insists they take great strides to keep infected apps out of their store, saying that in 2020, they removed over 400,000 apps from their Store for assorted reasons. But to those who have fallen victim to these fake apps, the company didn’t go far enough. According to Appfigures research, fraudulent apps cost users an estimated $48 million last year. That’s a hefty price tag for app lovers to pay, but it’s important to know there are ways to help keep from downloading the next scam app.



App Scams Look Like…


The road to downloading a safe app can be challenging, but not hopeless. For sure, never, ever sideload apps, which is downloading apps from other than the official app stores. Since many bogus apps misuse company names for cover, a closer look at the app title can be revealing.


In one case, Samsung TV owners can go to Apple’s App Store and download the “SmartThings” remote control app. One security researcher did just that and came across an app called “Smart Things.” After forking-over $19 for the Smart Things app, you too will find you’ve just been scammed. The difference between the two? The scam app has a space separating both words. One added or deleted space is sometimes all it takes to fall prey to sneaky fraudsters.


Messing with app names is very similar to typosquatting, also called URL or domain hijacking, when a bad actor misspells a domain name to get traffic to their website. The same is done with apps, and as the example above shows, scam apps can hide in plain sight.


The Devil’s in the Details


Scrutinizing app names for subtle differences is a proven way to protect yourself from copycat app scams. We already know relying on app reviews for legitimacy is risky business since they too can be faked. Scammers count on users not checking name details, allowing them to typosquat app names to their advantage. The lesson learned is to check and double check app spellings, looking for typo’s, strange spacing, misspellings, and more.

Want to schedule a conversation? Please email us at advisor@nadicent.com

13 views0 comments

Comments


bottom of page