Shopping on Black Friday and Cyber Monday often means wading through mobs of customers seeking out “dangerously low” prices.
However, two security firms have warned about fake Wi-Fi hot spots inside malls and fake reward apps offering deals that could pose a real, digital danger to consumers.
Scam artists and hackers create phony traps for phones to capture account numbers and steal personal information.
Internal industry statistics show 90% of people say they use smartphones in stores to check comparisons and reviews, said Brian Duckering, head of product marketing at the technology security company Skycure.
“That means shoppers are also looking for Wi-Fi networks to connect their phones to in order to save on their data plans. While many stores and malls offer Wi-Fi for their customers, so do cyber criminals,” Duckering wrote in a blog post.
Smartphone shoppers made up 34% of all purchases made during Thanksgiving and Black Friday in 2015, according to data from Adobe.
Adobe also noted $4.45 billion was spent online alone during the same consumer holiday time period.
While the fake Wi-Fi hotspots target shoppers in physical stores, the fake apps disguised with brand names in the Google Play and Apple App stores target people shopping from home, The New York Times
Consumers can lose money directly and businesses can lose their customer’s trust if they’re targeted by a holiday scam, pointed out Michael Browning, manager of content strategy at the digital security company RiskIQ.
“These apps use well-known branding to attempt to fool users into entering credit card information, which opens them up to potential financial fraud,” Browning wrote in RiskIQ’s blog post. “Some fake apps contain malware that can steal personal information or lock the device until the user pays a ransom and others encourage users to log in using their Facebook or Gmail credentials, potentially exposing sensitive personal information.”
RiskIQ ran a threat analysis of mobile shopping and found “one out of 10 Black Friday-themed mobile apps were blacklisted (by RiskIQ) for being malicious or fraudulent.”
Cyber attack: ignorance and inaction are no defense
Casino attack: Cyber threat increasing
“Cyber is a buzzword” – Ed CIO