Mobile Threat #5: Dummy Apps
Today’s mobile app users are intelligent and savvy. Yet, they are also early adopters. This means they may be vulnerable to fraudsters preying on tech newbies. With unfortunate regularity, smartphone owners download bogus applications from popular app stores, such as Google Play and the iPhone App Store. Falling for the download is easy to do, as most of these bogus apps are look-alike imposters designed specifically to steal sensitive data and information from the smartphone user.
Once users enter their information (e.g. user IDs, passwords, etc.) into the fake application, fraudsters use that information to access other resources tied to the customers. Often the ultimate goal is to steal the user’s identity.
To lessen the risk:
True, app companies, such as Apple, have formal procedures in place to certify apps stored in their properties, and this reduces the likelihood of a perpetrator placing a look-alike in the iPhone App Store. Yet, it happens.
Your first step when evaluating any mobile banking or payments app for rollout at your financial institution is to be sure the app has been certified by the app store provider(s). After launch, instruct your customers to download the app only from the location to which you direct them (rather than searching for it in an app store).
It’s also a best practice to provide educational information to customers pertaining to phishing and social engineering perpetrations, as they continue to improve and become more effective at their nefarious deeds.
Next time, we’ll talk through ensuring the security of data as it is transmitted to and from a mobile application.