Serving the needs of Northeast Tennessee since 1952
Scam Of The Week: Fake Apps
The New York Times warned about a new kind of ID theft: App ID theft just in time to deceive holiday shoppers. It's something you need to alert your employees, friends and family about because it can be damaging in several ways.
So-called "retail apps" are cool again, but think before you click! Apple’s App Store is getting crowded with fake impostor apps and Google Play is having the same problem.
The counterfeiters have masqueraded as retail chains like Dollar Tree and Foot Locker, big department stores like Dillard’s and Nordstrom, online product bazaars like Zappos.com and Polyvore, and luxury-goods makers like Jimmy Choo, Christian Dior and Salvatore Ferragamo.
They appear to be legitimate retail store apps — in some cases, they fill a void left by retailers that don’t have apps — but when users install them, the criminals can steal victims’ personal information, or install Trojans that exfiltrate confidential information from smartphones and tablets.
How could this be happening?
Google and Apple's algorithms to keep malware out of the app store are highly automated, and that is where the problem lies. These fake apps don’t have malicious code. They simply aren’t what they say they are, and that takes a human to see. Apple and Google simply cannot keep up.
Consumers initially rejected store-specific apps because there was no real value. Now, like the Starbucks app, these apps have become gift cards with benefits and people love them. So, what changed is “digital stored value” that make apps like debit/credit cards. Other retailers are racing to copy them. Dunkin Donuts was first, then CVS, and now McDonald’s, for example.
The retailers who are most exposed are the ones with no app at all. Dollar Tree and Dillard’s, for example, have no official iPhone apps, which made it easier to lure their customers to the fake apps. Consumers are willingly loading credit cards into these apps, which really opens the door for the scam artists.
But scammers are now creating fake apps, trick you into downloading them to your smartphone or tablet, and ask you to load your credit card information in these apps. You can guess what happens next.
Here are 5 things to think about:
1. Be very judicious in deciding what app to download. Better safe than sorry.
2. If you *do* decide to download an app, first thing to check is the reviews, apps with few reviews or bad reviews are a big red flag.
3. Never click on a link in any email to download a new app. Only go to the website of the retailer to get a link to the legit app on the AppStore or Google Play.
4. Give as little information as possible if you decide to use an app.
5. Be very, very reluctant to link your credit card to any app!
Help Stop the Data Breaches!
As you are well aware, merchant data breach is a chronic issue that costs credit unions millions of dollars each year. Large scale breaches like Target, Michaels, Home Depot, Neiman Marcus and Jimmy Johns get national attention, but small breaches at local stores also increase costs for credit unions. CUNA has been actively advocating changes to federal law to address this issue; they have engaged industry stakeholders in the financial services sector and the retail industry; they have helped credit unions identify law firms to help litigate class action suits; and they have pressed this issue in national and local media. But Congress has not moved and the situation has not improved for credit unions, which is why CUNA, along with State Leagues are taking steps to ratchet up our efforts even further.
With two major breaches in recent weeks and with Congress at home preparing for the upcoming elections, we believe it’s the right time to remind elected officials who pays the price for merchant data breaches. Let’s face it – the window of opportunity to capture Congress’ attention on these breaches is relatively short, and in the weeks prior to an election, elected officials are acutely aware of the concerns of their constituents. We have a rather unique opportunity to shape this debate going into the latter part of this year.
Even though the likelihood that Congress will enact data security legislation in the lame duck is very remote, it is important that they hear about the impact these breaches have on credit unions and their ability to serve their members. We know credit union executives and members are frustrated about these breaches. The fact is that Congress may never deal with this issue unless they hear the frustration of credit union members and the best way for us to do that is through grassroots action.
Every time you click on an external link, you may be leaving the NCCU web site and linking to an alternate web site that is not operated by NCCU.*
Let's Take Action Together
Contact your Member of Congress by visiting StoptheDataBreaches.com and clicking on the “Take Action” link.
Stay engaged with the campaign by following our Twitter handle @CUNAadvocacy and #StoptheBreaches, as well as the CUNA Advocacy Facebook page.
Continue to stay abreast of new developments by checking the latest news at StoptheDataBreaches.com following the social media platforms above, and keeping in touch with your league.
It’s time to tell Congress we need to stop the data breaches and raise the impact they have on credit unions and our members.
Phishing for Member Information
Automated Call and Text Message Scam
There has been an increase in reports from banks and credit unions around the U.S. whose customers are receiving automated calls and text messages asking them to enter personal information over the phone. Known as "phishing," these calls are a fraudulent attempt to steal members debit and credit card information. Members should hang up and immediately disregard these calls and text messages.
Pleas be advised that Northeast Community Credit Union will never ask for your personal information - including debit and credit card numbers - during an automated or unsolicited phone call or text message. If you think your account has been compromised or you are a victim of fraud, please call us at 423-547-1200.
Your Insured Shares:
Your shares are insured up to $250,000 by the National Credit Union Share Insurance Fund (NCUSIF), an arm of the National Credit Union Association. Not one penny of insured savings has ever been lost by a member of a federally insured credit union. The NCUSIF is backed by the full faith and credit of the United States government. Your money is safe with us.
Equal Housing Opportunity Member NCUA
Rates subject to change without notice
Certain Restrictions Apply
© 2008 Northeast Community Credit Union
ABA / Routing # 264278827