Header Ads

Beware while Online Shopping Using Your Smartphone

Black Friday and Cyber Monday holiday shoppers using smartphones should beware Wi-Fi hot spots inside malls and other open networks, The security firms Ethical Hackers Club warns.

It's very easy for any professional hacker to use these connections to steal your Payment Details.

"Black Friday or Cyber Monday," are treasure island for cyber criminals warned Bhairav Bose, mobility strategist for Ethical Hackers Club & Secret to Success, an enterprise security firm. "Going to physical stores and connecting to risky Wi-Fi networks, or shopping online both increase the risks we should all be aware of."

Ethical hackers Club, a security company started in 2010, said that risk  on smartphone is higher this year as compared to 2015. There are more active cyber criminals and many more customers using smartphones to shop products online, either via Wi-Fi in stores or online in other locations.

RiskIQ predicted nearly 30% of spending on Black Friday and Cyber Monday will take place on mobile devices. While Ethical Hackers Club's analysts predict, four times as many mobile payments will be conducted in 2016 as compared to 2015. Online shopping from all venues equaled ₹-397.42 billion on Black Friday and Cyber Monday in 2015, according to the Adobe Digital Index.

The active increase in mobile e-commerce is not only because of the increased number of mobile users, but also the increase in minutes spent on a smartphone every day as compared to a laptop or desktop, said Vinay Vishwakarma, MD of Ethical Hackers Club, in an interview. "If I'm a hacker I will to maximize my expense and go where the crowds are, and the crowds are on mobile phones," he said.

Must Read: CNN Showed Porn for Half an Hour

Many smartphone users compare prices and estimate products while shopping inside a physical store, which means they are probably connected to a Wi-Fi network. Often, stores and malls offer Wi-Fi for the utility of customers, but cybercriminals also use such networks or set up fake Wi-Fi hotspots to steal data.

The cyber criminals may monitor consumer conversations over legitimate Wi-Fi hotspots that haven't been properly configured and expose a user's conversations openly.

While shopping online anywhere, users need to be aware that hackers have created fake apps that look like genuine ones and attract smartphone users with deals and rewards.

Based on its own security tests of the India's busiest malls, Ethical Hackers Club states its more than easy for any cyber criminal to steal your details from such connections and open Wi-Fi's.

it's easy for any malicious hacker to use man-in-the-middle exploits on poorly secured but reliable Wi-Fi networks to gain access to user data. A hacker will examine unencrypted traffic or even manipulate the content the victim sees online to redirect the user to a malicious website or to download malware.

When a hacker sets up a fake Wi-Fi network, the hacker will copy a genuine network, usually using the same name. Hackers might set up a network that uses the word "free" in the name to attract victims. Even short access to a malicious network may give a hacker enough information to later access bank accounts, social media accounts or corporate accounts.

Ethical Hackers Club found fake Wi-Fi networks at shopping centers in Mumbai.
Ethical Hackers Club warned in a white paper: "If you see a Wi-Fi that is named as if it is hosted by a shop, but that shop is nowhere nearby, just don't connect." Also, Wi-Fi hotspots that use the term "free" like "FreePublicWiFi" are suspicious.

Ethical Hackers Club found it easy for hackers to repackage genuine apps on your device using such Wi-Fi so that the fake app looks exactly like the real one. The fake app works in the background to steal data or spy on the user. The security firm tested a repackaged version of a well-known shopping Giant app (name not mentioned for security reasons as requested from Store authorities) and said users can avoid the problem by installing the official app from the stores.

It's Even Easy for hackers to create a fake app from scratch. One hacker created an app called "Amazon Rewards" even though no such apps exists in the official app stores, ETHICAL HACKERS CLUB found. Such fake apps ensure rewards to get people to download the apps. With the fake Amazon Rewards app, Ethical Hackers Club found it was actually a trojan that spreads by using SMS messages with fake Amazon vouchers and a link to a fake website. It even accesses the user's contact list so that it can send SMS messages to even more people.

Must Read: How Ethical Hackers club operates.

We found more than 1,000 Black Friday-specific apps that were malicious or that could be used to trick a user into downloading malware or giving up login credentials or credit card information.

We also found that of the biggest five leading e-commerce brands, there were more than 1 million apps that we have blacklisted that were using the brands in the title of the app or the description of the app. That 1 million "is a huge number but we monitor hundreds of online stores and millions of apps.

Many of the blacklisted apps can be found in hundreds of third-party app stores outside of the Apple and Google app stores that don't have the most severe requirements for banning malicious apps.

We also found that the five major e-commerce brands were connected to nearly 2,000 blacklisted URLs that contained their branded names and the words "Black Friday" that Ethical Hackers Club linked to phishing, malware or spam.

Ethical Hackers Club creates its blacklists by collecting data via scanning, crawling and sensing internet traffic on mobile apps, web pages, and social websites. The company runs apps in sandboxes to see how they behave and then looks at the underlying code for malicious code tied to known hacker signatures.

Ethical Hackers Club developed its list of fake Wi-Fi zones in malls by checking the Wi-Fi networks used by its thousands of enterprise and millions of consumer end users, in monthly security tests from July to September. All those users had installed a free Ethical Hackers Club app, available for both consumers and enterprise customers to download from our official Facebook Page Ethical Hackers Club and Secret to Success.

How to Protect yourself against fake Apps

Download apps only from Google and Apple official app stores or official websites.
Beware of apps that ask for access permissions like  to contacts, messages, stored password, or credit/Debit card information.
Be suspicious of favorable reviews for apps, since fake reviews can be fabricated. Also, examine the developer of the app to see if the app comes from an unusual developer or if the app description uses suspicious spelling or poor grammar. A Google search will tell more about the developer.
Read the warnings on your device and don't click "Continue" if you don't understand the vulnerability level.
Update your device to the most current operating system.
Disconnect from the network if your phone behaves oddly, has frequent crashes or receives a warning notice.
When visiting shopping sites on the web, look for the "s" in HTTPS when you visit; without the S there could be weak encryption.
To protect against fake and insecure Wi-Fi:

Avoid "free Wi-Fi networks" since 20% of malicious networks use the word "free" in their name.
If a Wi-Fi zone is named as if it is hosted by a store and the store isn't nearby, don't connect.

Experts also advised consumers to use common sense. We Believe in the long old quote "If it sounds too good to be true, it probably is."

To express your thoughts on Ethical Hackers Club content, visit Our Facebook page, and Our Twitter stream.
Powered by Blogger.