While many Pennsylvanians found a new smartphone under the tree last month, Secretary of Banking and Securities Robin L. Wiessmann urges consumers to consider several strategies to protect their new smartphones from phony apps that can steal information, take over that new device, and wreak havoc on personal networks.

Wiessmann explains that these phony mobile apps are promoted on websites or through marketing emails, which appear to be legitimate offers from famous companies. However, phony apps are designed to fool users into sharing credit card, banking, or other personal information. Some phony apps also contain viruses, malware, or ransomware, which can take over the phone and steal personal information of people stored in email address books and contact lists.

According to research firm RiskIQ, criminals using phony smartphone apps focus their efforts on imitating the leading brands in e-commerce. These brands have thousands of blacklisted apps that contain branded terms in the title or description.

“The benefits of using e-commerce to buy and sell on computers and smartphones are enormous both for consumers and our economy,” said Wiessmann. “However, in this age where technology makes tasks easier, it is more important than ever for consumers to take the time to investigate the tools they use and take control before handing over money, sharing personal information, and downloading apps to their personal devices.”

Wiessmann points to several strategies that can help consumers protect their smartphones:

° Use official app stores. Download apps only from official app stores such as Google or Apple. Though keep in mind the screening processes offered by these official stores are not foolproof and you should still investigate any potential downloads before proceeding.

° Stay up to date. Keep your phone’s operating system up to date, especially with system patches tagged as “critical security update,” which should be applied as soon as possible.

° Protect personal information. Be careful of apps that ask for permission to access information unrelated to the performance of the app, like access to contacts, text messages, administrative features, stored passwords, or banking and credit card info.

° Don’t be fooled by reviews. Rave reviews can be forged, and a high number of downloads can simply indicate a threat actor was successful in fooling a lot of victims. Before downloading an app, be sure to look at the developer—if it’s not a brand you recognize or has a strange appearance or spelling, think twice. You can even do a Google search on the developer for more clues about its reputation.

° Make sure to research each app. For instance, poor grammar in the description can be evidence of quick and careless development and the lack of marketing professionalism that are the hallmarks of malware campaigns.

° Delete what you’re not using. If you are no longer using an app on your phone, delete or uninstall it.

° Use parental controls. Consider implementing parental controls on your child’s phone so you can review any downloads.
Some phony apps make themselves “invisible” or appear as though you have deleted them. If you believe you have downloaded a phony app, delete the app immediately if you can, restore your phone to its factory settings, and change all passwords.