Beware: Holiday Shopping May Be Hazardous To Your Mobile Device

Cyber criminals know to target large and vulnerable populations, and what better target group of victims is there than holiday shoppers?

The 2017 holiday shopping season may be the riskiest ever to your smartphone. More online shoppers are using their mobile phones (46%), more money is spent on digital advertising than ever before ($209B in 2017), and even when shopping in brick and mortar stores 77% of shoppers use their mobile devices. And one of the easiest ways for hackers to compromise your device or steal your data is through the Wi-Fi networks you connect to – and when shopping that means malls.

Symantec analyzed mobile incident data from in and around the 30 most visited malls from Q3 of 2017 (July through September) and found that Wi-Fi networks used by customers at Fashion Show Mall in Las Vegas were shown to be the riskiest Wi-Fi networks amongst the most visited US malls, with almost 54% more incidents than second place Houston Galleria. Incidents include networks found inside the malls and also in the area surrounding each mall by less than a mile.

Mobile devices are making our lives so much easier in many ways – easier to communicate, easier to manage and access information, and easier to shop. Unfortunately, cyber criminals are making all of these activities riskier every year, constantly finding creative ways to steal and expose sensitive data, and exploit that information for their own gain.

Risky Wi-Fi comes in various forms. Some are simply misconfigured so communications are not sent securely, like a “Dennys_Guest_WiFi” in Del Amo Fashion Center, while others are deliberately misleading to steal your data. Near MetroTech in Brooklyn, New York, someone apparently set up a fake Wi-Fi hotspot called Apple Store – nowhere near an actual Apple Store – so that any device in the area that previously connected to a real Apple Store Wi-Fi will automatically connect to this hotspot where the hacker can view all of its communications.

No Bargains Here

Shopping online can be hazardous as well, as shoppers search for deals and install store apps or apps that promise discounts at your favorite stores.

In our data, we found several types of misleading and potentially dangerous apps. We encountered repackaged apps that look and behave exactly like the real store app, but has additional malicious code injected. We also saw completely fake apps promising rewards, but from stores that don’t have such an app. Other shopping oriented apps have contained Trojans, like Wroba, designed to steal user data.

But not all the news is grim.

Although many shoppers will not be thinking about security while stressing about finding the perfect gift, there are things you can do to reduce the risk of getting caught in one of these attacks. In fact, the report identifies the top 8 safety tips for shoppers.

• For example, avoid any Wi-Fi that uses the word “Free” in the name, as ten percent of malicious Wi-Fi networks use that word to lure victims.

• Be sure to only install apps from the official App Store or Google Play. While that is not a guarantee to avoid malware, you are much safer doing so than installing off of websites or from emails.

• Also, always update your mobile operating system to the latest version to be sure all known security vulnerabilities are patched.

• Of course, the best thing you can do to protect your mobile device and all of your sensitive information is to install the leading mobile threat defense solution.

Check out the Mobile Holiday Shopping Report to learn all about the risks shoppers face while shopping and how to go about protecting your mobile devices, including the top 8 safety tips for shoppers. Enterprise IT security admins should be aware that all of their employees may potentially expose their organizations to the prying eyes of hackers, simply by shopping.