As the biggest shopping weekend of the year in the US approaches, Skycure is advising shoppers to beware of mobile threats while browsing in both physical and online stores.
Researchers found that mobile shopping dangers are not limited to dangerous Wi-Fi in malls. Malicious apps masquerading as legitimate online stores or ways to get online shopping bargains also appear this time of year, hoping to lure unsuspecting shoppers eager to make a quick purchase on their phones or tablets.
“Black Friday and Cyber Monday are a recipe for cyber-scams,” said Yair Amit, CTO and co-founder of Skycure. “The first brings large groups of people using their mobile phones to one place. The second attracts people who might overlook security to get a better deal. Unfortunately, mobile threats exist for shoppers whether they’re shopping in a store, or on a mobile device from the comfort of their own home or workplace.”
Top 10 riskiest shopping malls for mobile
According to industry statistics, 90 percent of shoppers used a mobile phone inside of a physical store to either look up product information, compare prices or check reviews online in 2015. But before pulling out their mobile phones, shoppers should beware of joining risky Wi-Fi networks while out shopping this holiday season.
Malicious Wi-Fi are set up by cyber criminals specifically to steal shoppers’ data, while risky Wi-Fi networks are misconfigured and expose sensitive mobile data to hackers. Both are dangerous and put mobile shoppers at risk. The most popular data to steal are usernames and passwords.
Below is the list of the top 10 malls with highest number of suspicious Wi-Fi networks. All the shopping centers listed below were found to have five or more risky Wi-Fi networks:
- Fashion Show, Las Vegas, NV
- Tysons Corner Center, McLean, VA
- Yorktown Center, Lombard, IL
- Town Center at Boca Raton, Boca Raton, FL
- Sawgrass Mills, Sunrise, FL
- Mall of America, Bloomington, MN
- Houston Galleria, Houston, TX
- King of Prussia Mall, King of Prussia, PA
- Westfield Garden State, Paramus, NJ
- Memorial City Mall, Houston, TX.
Avoid malicious commerce apps
Criminals know that people are shopping for bargains around the holidays, and there are many ways to lure people with fake coupons or too-good-to-be-true offers. One way is to offer apps that look like they are from legitimate online stores, either designed to make shopping easier, or to offer discounts or rewards.
Researchers found multiple examples, including the following:
- A repackaged Starbucks app. Repackaged apps look exactly like the official apps offered by legitimate retailers and other businesses, but have a small amount of malicious code added in.
- An app called “Amazon Rewards” which is actually a trojan that spreads using SMS messages that fake Amazon vouchers with a link to a fake website. It accesses the user’s contact list so that it can send SMS messages to even more people.
Both apps are examples of ways that hackers use trusted brands and shoppers thirst for deals to infiltrate a mobile device, then steal user data, banking, and/or credit card information.
Safety tips for shoppers
Skycure offered the following quick tips for mobile users traveling to high-risk destinations:
1. Avoid “Free Wi-Fi” networks (10 percent of malicious networks have the word “Free” in their name).
2. If you see a Wi-Fi that is named as if it is hosted by a store, but that store is nowhere nearby, don’t connect. Skycure found multiple networks named “Apple Store” or “Macysfreewifi” where the named stores were nowhere nearby. Remember that mobile devices automatically join “known” Wi-Fi networks without any user intervention.
3. Only download mobile apps from reputable app stores such as the Google Play store and Apple’s App Store.
4. Read the warnings on your device and don’t click “Continue” if you don’t understand the exposure.
5. Update your device to the most current operating system.
6. Disconnect from the network if your phone behaves strangely (e.g. frequent crashes)
7. Protect your device with a mobile security app.