Fake e-commerce apps and websites proliferate over holiday season

By

Robin Driver

Published
Jan 30, 2020

With global online sales rising 13% to a record $1 trillion during holiday 2019, RiskIQ has released a report identifying the major threats that faced online shoppers over the holiday season.
 

The report highlights that, with 53% of Black Friday e-commerce traffic coming from smartphones, one of the fastest growing ways for bad actors to target shoppers was through fake mobile apps.

From November 29 to December 31, 2020, RiskIQ blacklisted 1,180 apps that could be found by searching for terms related to holiday shopping as malicious, with 72 “highly concerning” apps found to contain not only holiday terms in their title or description, but also branded terms relating to the top-10 e-commerce websites.

Indeed, the strategy of using the brand names of leading e-tailers was found to be particularly popular among e-commerce predators. 3,839 blacklisted apps, for example, were found to be using the branded terms of the top-10 most trafficked sites on Thanksgiving weekend.

In the UK, 35 apps using the branded terms of the top-five “elite” retailers in their title or description were also blacklisted.
 
With so many potential threats around, RiskIQ also looked into consumer behavior to see if shoppers were taking appropriate precautions, discovering that large numbers of e-commerce users continue to put themselves at risk.
 
24% of consumers were found to have unknowingly downloaded an app outside of the Google Play or Apple App stores, while 33% said that they do not read or are unsure if they read the permissions of an app before downloading it.
 
53% of consumers said that they do not check the name of an app’s developer before downloading it.
 
As for websites, a total of 1.9 million featuring holiday terms in their URLs were blacklisted by RiskIQ over the holiday period, and the firm also identified 72 incidents of domain infringement involving the names of the top-10 e-commerce sites and terms related to holiday shopping.
 
Once consumers are tricked into using these malicious apps or websites, some hackers take the opportunity to snatch their login credentials or credit card information. For example, RiskIQ detected 2,671 credit card skimmers being used during the fourth quarter of 2019.
 
As well as the evident issues that these online threats create for consumers, RiskIQ was also keen to point out the problems they make for retailers.
 
“For businesses, what begins as an event that significantly boosts sales can turn into a major security fiasco that erodes the trust of customers and prospects,” the firm said in the report.
 
Founded in 2009, RiskIQ is a San Francisco-based company specialized in digital threat management.