Shoppers using apps to research products, compare prices, and find coupons should be vigilant for online scams and thefts while shopping in stores this Black Friday.
Shoppers heading to the stores for Black Friday shopping
this week should be vigilant when using mobile devices as scammers and
criminals will be gunning for them, security experts warned.
Mobile appears to be king on this year's Black Friday,
traditionally the biggest holiday shopping day of the year. Many shoppers will
use their mobile devices to compare prices and research products on while in stores to make sure they are getting
more for their money.
A recent study from Webroot found that nearly half of the
respondents planned to use a smartphone or tablet to purchase holiday gifts
this year and that Android and iOS users prefer using a mobile app rather than
the mobile Web browser when shopping online.
Many online retailers plan to offer mobile-only deals on
Friday after Thanksgiving to lure customers away from brick-and-mortar stores.
Amazon.com is offering shoppers the PriceCheck app to compare deals they are
seeing in the store with what is available on the online retail giant's site.
Retailers that offer their own shopping apps also plan to
offer exclusive sales offers to customers who have these apps installed on
their mobile devices to encourage them to come to their stores. Apps such as
ShopSavvy compare prices across several stores for the consumer. There are also
apps available that take allow users to use alternative payment methods with
All these apps designed to save money and make shopping
easier mean users have to be careful where they are downloading these apps
from, warned antivirus software producer McAfee. Holiday shopping is not the
time to be downloading from unofficial app stores or trying out new payment
apps from unknown companies as many examples of mobile malware masquerade as
Shoppers should also steer clear of using public wireless
networks while shopping. It's very easy for criminals to set up fake hotspots
and intercept login credentials and other sensitive information from connected
users on their mobile devices, Alex Horan, senior product manager at Core
Security, told eWEEK. While that's a good piece of advice to follow year-round,
normally security-conscious users may succumb to the "irresistible"
urge to compare the latest deals available in the store with online retailers
or check their banking balance, according to Kaspersky Lab. Using mobile
carriers 3G networks for mobile browsing is always safer, since criminals have
not yet managed to compromise that.
The Webroot study also found that shoppers are using their
phones to scan barcodes and Quick Response (QR) codes to find out more about
products. There has been an increase in malicious QR codes, where users scan them
using their smartphones thinking they will find good deals or more information.
Instead they get sent to a phishing page. Other malicious QR codes direct users
to a page hosting malicious files that can be downloaded onto the user's
Android phone, according to Kaspersky Lab researcher Denis Maslennikov.
Shoppers are also
susceptible to clicking on links, especially if they think the link is for a
coupon or a deal from sites like Living Social and Groupon, which encourage
friends to spread the link through their social networks. "Attackers know
that users will click on just about anything to save a buck, and during the
holiday season they'll click twice," warned Adam Powers, CTO of Lancope, a
producer of network traffic monitoring technology. Powers also noted that many malicious links
may appear on Facebook. Shortenend links to bad sites may also be sent through
email and Twitter.
Shoppers also have to secure their devices so that if lost,
the devices can't be used to access their personal accounts or steal sensitive
information. Credant Technologies recently surveyed top 15 shopping malls in
the United States and learned that shoppers had lost 2,200 tablets, smartphones
and USB drives in these very public spaces. The Majority of the devices were
found in the food court while the rest were found in restrooms. Half were never
reclaimed, according to Credant Technologies. If those devices didn't at least
have a passcode or PIN assigned, it would be childs play for anyone to access