Massive spike in mobile app fraud

Cybercrime has spread from computers to our smartphones with fake apps, phishing scams and social media all part of the problem. Here's how to stay safe.

The proportion of cyber fraud carried out using mobile apps has jumped from 5% in 2015 to 39% in the first three months of 2018 but it’s a problem that’s likely to get even worse.

Hackers have ramped up their targeting of mobile channels, a report from RSA Fraud and Risk Intelligence has warned, as criminals try to take advantage of the increased number of legitimate transactions being made using mobile apps.

And, worryingly, many apps lack sufficient protection for their users.

“Unfortunately, many mobile apps fail to build security from the ground up,” warns Daniel Cohen, director at the organisation.

“This means cybercriminals and fraudsters are able to slip through the cracks, hijacking mobile applications and siphoning off credentials and funds.

“As mobile-related fraud continues to grow, consumers and businesses alike need to be aware of the risks.”

Whatever you want to do, there’s an app for that. From learning French to conceiving a baby, there are apps designed to help with almost everything we have to do or to provide some entertainment if we’re doing nothing.

Now read: Spear phishing – when scammers know your real information  

So for many smartphone users, our lives are filled with apps. As fraudulent activity grows, so does the risk.

What are the risks?

Mobile app fraud is a growing problem but some key risk themes are starting to emerge.

Some examples of the dangers include illegal, fraudulent versions of genuine mobile apps. Not only do such phoney apps steal revenue from the real publishers but they may also carry dangers for the innocent customers who download them.

They may capture data from users, stealing their identities for nefarious purposes. They may incorporate excessive levels of advertising. They may steal money from businesses by fabricating clicks that the company has agreed to pay for under an affiliate marketing scheme.

As this is emerging technology, the risks to customers of being hacked or losing data thanks to a fraudulent phone app are only just emerging.

That’s why mobile users need to really stay ahead of the risks. Criminals go after the easiest possible targets and if you are careful to avoid unprofessional or cloned apps then you’re much less likely to fall victim to.

Of course, those are just some of the risks involved with mobiles. There are other ways that criminals can target you through your ubiquitous handset – and knowing about them can help you stay safe.

Read our introduction to in-app purchases and how to stop them

Social dangers

Fraudsters know that we’re not just banking more with our phones, we’re using them more for everything.

If you spend time browsing Facebook or updating Twitter and other social media platforms using your phone then you still need to be aware of fraudsters.

Often you’re checking your phone on the go or in relaxed, less formal situations than when you’re on a computer. And that can increase your vulnerability to fraudsters.

RSA urges people to avoid clicking on links within text messages and emails from people they don’t know, to avoid falling into scams.

And it’s also important to be aware that criminals can send text messages that appear to be from your bank and look powerfully plausible. They can even insert messages in existing threads so it can be hard to tell which text is legitimate and which is from a scammer.

In January, NatWest customers were sent texts purporting to be from the bank, captured here in an image by Action Fraud:

Fraudulent texts purporting to be from NatWest (image: Action Fraud)

Users of the messaging app WhatsApp were recently targeted by fraudsters claiming to be offering free Ryanair flights.

You can read more about the dangers in our guide to ‘smishing’ text message scams

Criminal networking

The trouble is that the fraudsters themselves are enabled by social media and handset technology.

Because they can use burner phones to communicate, plan and then destroy the evidence, cybercriminals are thriving. RSA says that around four out of five hackers have used burner phones to carry out fraudulent transactions and avoid being caught.

“Social media provides the perfect control station for cybercriminals, who can easily create profiles using fake details to operate on the platforms before collaborating with other fraudsters in closed groups, or peddling stolen wares in online marketplaces,” explains Cohen.

“Social media’s scalability, anonymity and reach is providing cybercriminals with the perfect disguise; they can jump between accounts and devices at will, rarely using the same device twice.

“This makes it much easier to dodge the authorities and continue scamming. Reddit has recently banned a number of subreddits dedicated to fraud, where hackers were exchanging contacts, advertising services and sharing reliable sources of Dark Web fraud forums.”

Now read: Printer helpline scam; how to stay safe

So not only are our phone habits helping criminals target us in new ways, but their phone habits are helping them dodge the authorities and to support one another.

This is a problem now but it’s important to remember that criminals are constantly innovating and often sharing (or selling) their innovative new techniques to other criminals.

And so whether you’re on your computer, your phone or another device, you need to remain aware of the risks – and how they are developing.

Staying safe

While many of us now know the basics of keeping safe using our computers and treating cold calls with suspicion, there’s not as much knowledge out there about mobile app fraud.

It’s just not on the radar for a lot of people, but with such considerable growth in attacks it clearly needs to be

RSA Fraud and Risk Intelligence advises users to be extremely wary about the apps they download as one in 20 fraud attacks now associated with a rogue mobile app.

“People must practice caution when downloading new apps, making sure to verify the publisher and pay close attention to what permissions each app requests,” recommends a spokesperson for the organisation.

One in 20 fraud attacks may not seem like much, but this is one area of fraud we can expect to grow. Being aware of the risks means you’re more likely to stay safe.

If you've been the victim of fraud, contact the police and Action Fraud immediately.

Are you aware of the dangers of app fraud? Have you seen dodgy apps in action? Please take our poll and share your experiences with other readers using the comments below.


Be the first to comment

Do you want to comment on this article? You need to be signed in for this feature

Copyright © All rights reserved.