News Feature | November 21, 2017

RiskIQ Finds 1 in 25 Black Friday-themed Apps Are Fake

Medical Apps

E-commerce faces greater challenges of fake apps and landing pages than ever.

As the number of consumers planning to engage in the November shopping frenzy reaches a peak this year, threat actors are capitalizing by using the brand names of popular online retailers to exploit user traffic looking for Black Friday deals and coupons. In a recent study, digital threat management firm RiskIQ found that 1 in 25 Black Friday-themed apps are fake, and 32,000 blacklisted apps overall use the branding of the top 5-etailers. This signals big challenges for e-retailers, who rely on the busy shopping season to bolster their overall sales.

According to Adobe Digital Index, in 2016, online shoppers filled e-commerce cash registers with more than $5.27 billion in sales through Black Friday. In fact Black Friday 2016 became the first day in retail history to drive more than $1 billion in mobile revenue, coming in at $1.2 billion. Adobe also forecasts that online sales will pass the $100 billion benchmark, reaching some $107.4 billion this year.  If online retail sales grow at 2016’s year-over-year rate of 16.4 percent, that would mean that approximately $10.8B in revenues could be at risk of diversion and theft.

RiskIQ’s 2017 Black Friday E-commerce Blacklist breaks down the threats for both mobile and online shopping during the season and offers tips to help consumers protect themselves. The information can also help retailers discover and proactively counter potential threats. Consumer spending over the Black Friday weekend is expected to increase by 47 percent in 2017 from the same period in 2016.

RiskIQ ran a keyword query of the RiskIQGlobal Blacklist and mobile app database to uncover instances of the five leading brand names searching alongside the term “Black Friday” in blacklisted URLs or cause page URLs (pages that send users to a page hosting malicious material). The results confirmed that threat actors are consciously leveraging these well-known brands to exploit Black Friday traffic via both mobile and the web.

While the study found nearly 40% fewer blacklisted apps in Q2 2017 over Q1, possible the  result of increased awareness of mobile threats by consumers and app store owners, 4 percent of Black Friday specific mobile apps out of 4,356 are blacklisted (unsafe to use) as malicious. That is 1 in every 25 apps.

Further, at least 15 blacklisted apps for each of the top-five e-tailer brands containing both the branded terms and “Black Friday,” in the title or description, showing clear intent by threat actors to leverage the shopping holiday.

Threat actors have deliberately focused on the top five leading brands in e-commerce, which have a combined total of more than 32,000 blacklisted apps that contain their branded terms in the title or description.

Further, while the majority of malicious apps are hosted on third-party app stores, RiskIQ also found malicious apps on Apple and Google store sites as well.

And when it comes to the web, the analysis demonstrated that the threats are high here as well. Threat actors are often able to mask their infrastructure by using brand names in malicious URLs to fool shoppers into visiting phishing pages, clicking on malware links, or selecting malicious or fraudulent pages.

In the RiskIQ Global Blacklist, the study found 19,218 cause-page URLs contain “Black Friday”;  10,175 Blacklist URLs contain “Black Friday”; and the top five retail brands leading in e-commerce have had a combined total of more than 1,451 blacklisted URLs that contain their branded terms as well as “Black Friday” and are linked to spam, malware, or phishing. Again, it is clear that these malicious threat actors are purposely leveraging the five brands Black Friday presence for their campaigns.

Retailers can help reduce these threats by monitoring apps and websites that use their brands to ensure that only legitimate connections are made.