Police Warn Holiday Makers About Fake Travel Website.

Police Warn Holiday Makers About Fake Travel Website.

Action Fraud (Holiday)

Holiday makers are being warned about the dangers of online fraud when booking a trip this summer.

It comes as a new report reveals that 1,500 cases of Holiday fraud have been reported to the Police in 2014. The people behind the scams have stolen around £2.2m from travellers they have duped, the average loss was around £889.

Many tourists only found out they had been scammed when they arrived at there accommodation and discovered no booking was ever made.

The findings come from the City of London Police, who have joined forces with Get Safe Online which is a government supported organisation and the UK travel association ABTA to highlight some of the scams tourists could fall victim to in the coming months.

The have published a free PDF which offers advice on spotting holiday scams.

The most common type of scam involves the fraudsters setting up a fake website and adverts so they can trick you into believing you are dealing with a genuine holiday company.

Most people who fall victim to the fraud pay in ways that make it almost impossible to get their money back, like bank transfer.

People booking caravan holidays in the UK are also being targeted by the fraudsters posting a fake advert on Facebook, Gumtree and Craigslist.

Another way the scammers can lure victims is by offering a ‘free’ holiday at a seminar, where they are then sold a fake timeshare.

If you believe you have been a victim, or if you are worried about a booking that you have made, call Action Fraud on 0300 123 2040 or use it’s fraud-reporting tool

 

Share Button

How to Spot a Fake App

How to Spot a Fake App

watch-out-for-fake-android-apps

We all need to be careful as the next app we download could be a dangerous Trojan. Below I will explain how to spot fake or malicious apps for your phone or tablet.

Android malware is on the rise. Kasperkys (in partnership with Interpol) latest Mobile Cyber Threats Survey found there were six times the amount of malicious apps in July 2014 than in August 2013.

You can see the attraction of targeting Android devices from a hacker’s point of view. Your Android devices contains things like your personal details, logins and passwords, private notes, messages and of cause your photos, it could even be linked to your bank account or credit card too.

Hackers simply have to create a Trojan and disguise it as something you might want and they can then get their hands on all that valuable data. Facebook fakes, video apps and too-good-to-be-true antivirus apps are circulating in there thousands right now, just waiting for you to download and install them.

Hackers, like all conmen, give themselves away by making simple mistakes.

Its ‘Facebook’ but not as you know it

Genuine social apps never ask for 'device administrator' permissions

Genuine social apps never ask for ‘device administrator’ permissions

Mobile malware makers love Facebook. According to Cheetah Mobile the makers of Clean Master, no fewer than 15,000 fake social networking and messaging Android apps have appeared between January and August 2014, More than half of these were dodgy Facebook clones. Thousands more are pretending to be WhatsApp, Twitter and Instagram.

Hackers use the apps to steal your username and password, which they assume you are probably going to use the same details on other accounts to.

Malicious clones often have really poor spelling and badly reproduced branding, but you might not always notice this until its to late and you have downloaded the app and entered your password and username. By that time its to late as the app has done its job.

There are a few ways to check and see if a big-name app is the real thing before downloading it. First, see how many people have downloaded if from the Google Play Store. At the time of writing this the real Facebook app for Android has been downloaded almost 23 million times. If you are looking at a ‘Facebook’ app that has only been downloaded 200 times or only has a few “user” reviews its not the real deal.

You need to be wary of believing everything you read in the Play Store reviews. It’s very easy for app developers to buy fake reviews and ratings from feed back touts like App Reviews Mart, and get 5 star reviews from BestReviewApp. If in doubt its always best to click on the reviews name and see what else they have reviewed. If all there reviews are worded exactly the same or sound suspiciously generic (“Great App, Just what I needed”), take them with a large pinch of salt. You can report apps, reviews or comments that you think are suspicious to Google.

Lots of generic, short reviews may be a sign of a fake app

Lots of generic, short reviews may be a sign of a fake app

It’s not in the Google Play Store

If you are not sure that the brilliantly reviewed, but badly spelled app is legitimate, bookmark the Play Store page and then come back to it a few days latter. Fake apps don’t last long in the Play Store. Those that are not blocked instantly by Google’s app-scanning tool, Bouncer are usually removed within a few days according to F-Secure latest Mobile Threat Report.

Google can’t police the entire Internet; so bogus apps always find other ways to get distributed, like Facebook comments, emails, online adverts or an independent Android app website like AppBrain. All the fake apps identified by Cheetah, were downloaded from outside they Play Store.

Never download apps via adverts or links in Facebook Comments

Never download apps via adverts or links in Facebook Comments

Independent Android sites are not always dangerous, but please bare in mind they don’t scan the apps as thoroughly as Google. Earlier this year security firm Opswat found a third of all Android apps outside the Plat Store were infected with malware.

Similarly, if you are using an iPad you should only download apps from the App Store and iTunes (not that you get much choice). The tightly controlled nature of iOS tends to prohibit third party app markets and this helps keep hackers at bay, which I think is a good thing.

It’s too Good to be True

Hackers know that we can all be slaves to our desires, so if they promise to give you exactly what you want, you are less likely to trust your better instincts.

In June of last year, Ransomeware on Android arrived in the shape of Simlocker Trojan; it was packaged as a porn-video app. Not long after that, hacker’s striked again this time exploiting political fervor by spreading spyware among Hong Kong protesters, who thought they were downloading a pro-democracy app.

The Angry Birds Transformers app contained a "vandal' Trojan that destroyed data

The Angry Birds Transformers app contained a “vandal’ Trojan that destroyed data

You also need to be on the lookout for apparent collaborations, because in September last year, there was a new Angry Birds app called Angry Birds Transformers in the Google Play Store, which turned out to contain the Elite Trojan. Security researchers at Dr Web discovered the Trojan in October Last year and they categorized the Trojan as a “Vandal Program” as it destroys the victim’s data. When you launched the app for the 1st time it would ask for ‘device administrator’ permissions (These are normally only needed by apps that let you lock or wipe your phone remotely) and then immediately format your SD card if you have one installed, and block all of your messaging apps.

If an app ever says it can remove all of the manufactured pre-installed software with out you having to root you device or reveal who is looking at your Facebook profile, its lying!!

 

You Have Never Heard of it

New apps from companies you have never heard of that promise the earth are very unlikely to be what they seam. According to Kaspersky, fake antivirus apps are a big problem.

April Last Year, an antivirus app, called Virus Shield by the developer Deviant Solutions managed to sneak through Google’s app scanner and it was downloaded 30,000 times, and cost £2.38 the app its self was not malicious but it was totally useless (expect to its developer who became quite rich from it). When the scam was found Google was forced to refund all of the 30,000 customers who had purchased it.

Don’t be tempted by ‘novel’ antivirus apps. Most of the big antivirus companies out there make safe reliable tools to help protect your devices from malware and fake apps; they are also regularly updated to help keep your devices safe from the latest treats.

So be aware of the apps you are downloading are what they say they are. Stay safe and keep alert for the scammers, all they want is your money and to cause as much trouble as they can!!!!

Share Button

Are Scam Downloads Getting Harder to Spot?

Are Scam Downloads Getting Harder to Spot?

Scam Alert

Malwarebytes have revealed the latest strategy’s that are being used by scammers, which has worryingly shown that the scams are getting harder to stop.

You might have decided you need a new antivirus program from a trustworthy company like AVG, Malwarebytes, Norton or McAfee. It downloads without any problems, you accept the terms and conditions and the familiar installer starts, all seems to be going fine until half way through the installation when you get an error message that advises you to ring a phone number. You could easily think this is the antivirus helpline.

But you would be wrong! In fact this is the latest trick used by scammers to steal your money. The software is fake and if you call the number in the error message, you will get through to an Indian call center where they will tell you your computer is crawling with viruses and that they will clean if for a fee. Of course this is a lie.

This type of scam is easy to fall for, but what is worse is that fraudsters are starting to hack genuine security programs so that you pay them instead of the software company. Malwarebytes have detected criminals doing this. Senior security researcher Jerome segura, said: “A few weeks ago we documented a US-based company using our software against our Terms and Conditions. They were charging four times the price and worst of all the license keys were all pirated.”

Its not difficult for criminals to build fake programs that mimic legal ones. Egemen Tas, Comodo’s Vice President of Engineering said that Scammers don’t need to create a fake antivirus from scratch, instead they can “simply take a genuine AV product, modify it and distribute it”.

So how can you protect yourself? You should only download programs from the developers’ official site, or from a reputable site like CNet, TechSpot, or FileHippo. You also need to be cautious when using the Windows Store on Windows 8, as it was recently reported by technology site How to Geek as being filled with fake software.

Malwarebytes, which highlighted these scams on its blog, says that a fake version of genuine software will be flagged by Windows before you download it with the following message: ‘The publisher could not be verified’ or ‘driver have been altered’. These warnings mean the download has not been digitally signed by the programs developer, most reputable software should all be signed. You should click Cancel, not Run, and leave the box ‘Always ask before opening this file’’ ticked.

So despite the increasing deviousness of the scammers you can still shield yourself from their attack, Thankfully, it’s not impossible to spot them, but its definitely getting harder. So stay alert and above all keep safe from these scammers!!!!!

Share Button

Avoid dodgy Android Apps

Avoid dodgy Android Apps

Over the past few years there have been an increasing number of Android apps that don’t work as described or that can even pose a security threat to your phone or tablet. Below I will try to explain how to spot them and report them.

Do

Choose security apps from a known company.

Back in April, Google had to refund more than 30,000 customers who purchased the £2.38 fake anti-virus app Virus Shield, from developer Deviant Solutions. The app claimed to protect Android users from “harmful viruses, malware and spyware”, but it did nothing other than change from a red cross to a tick when you taped it. Apart from Google allowing the app to be sold in the Play store in the 1st place, the most worrying part of the story is how the Virus Shield app managed to reach a 4.7-out-of-5 user rating and was in the store’s Top New Paid Apps Chart!

Virus shield fooled more than 30,00 customers in to thinking it was a worthwhile app

Virus shield fooled more than 30,00 customers in to thinking it was a worthwhile app

So you don’t fall for a similar scam, its wise to stick with anti-virus apps from a well-known company. Most of the big names provide tools to help protect your android device from malware, like AVG, Avast and Comodo. Using these apps will help you be sure they will work properly and detect and remove infected files, and they are also regularly updated so they can combat the latest threats.

This does not mean you can always trust a name you recognise. Last month, Kaspersky found fake anti-virus apps imitating their products in both the Play and Windows Phone stores. Roman Uncheck, a Senior Malware Analyst at Kaspersky Labs said, “its quite possible that more and more of these fake apps will start appearing. One thing that’s for sure is that official stores cannot cope with these kinds of scams and need better security measures in place.

Don’t

Believe everything you read on Google Play

User reviews can be helpful when you are not sure about installing an app, especially one that you have to pay for. If you find an app that has mostly bad comments that suggest the app is slow, prone to crash or doesn’t work as described you will want to steer clear of these. Surely if an app has received five-star glowing reviews it must be good, even if you have never heard of them right? This is not always the case as is has become increasingly common for apps developers to buy fake reviews and ratings for their products on the Play and iTunes app store, much like the way you can pay and get thousands of fake Twitter followers.

Companies like BuyAppStore Reviews and BestReviewApp have masses of paid reviewers, who are selling their opinions, you can then buy in bulk to get positive feedback and download for your app. Buy AppStore Reviews have promised that “each of their reviews they provide will be given 4 or 5 stars”, they charge $19.99 (£11.95) for 10 ratings and five reviews to $74.99 (£44.80) for their Gold Promotion Pack of 50 ratings and 30 reviews. Another trick developers can use is to include a message in their apps, that will then encourage the user to give them five stars reviews in exchange for an in-app bonus.

Google is aware of this type of scheme and on its ‘fake Ratings and Reviews’ support page states “you should not attempt to influence your app’s ratings and reviews, by posting fake ratings or reviews”. Google has said that developers should not offer users rewards for giving positive reviews of their apps. “But it’s acceptable to ask users to rate the apps without giving them an incentive”.

The tell-tail signs to see if a review is real or paid for are: click on the reviewers name and see what else they have reviewed, look at the comments they have left, are they all identical if so this would indicate they have just cut and pasted the review especially if they use vague comments like: – “Great app, Just what I was looking for!” these type of comments are easy to repeat across most apps. Apps with higher ratio of reviews to ratings should raise your suspicions (only around 20% of users would rate an app but not bother to review it). Watch out for fake negative reviews and ratings, as spiteful developers are also using them to bring down their rivals’ averages.

If however you think you have found a false review hover your mouse over it and click the flag icon to mark it as spam. Games are the ones most likely to attract this sort of review, according to TechCrunch, so always take what you have read with a pinch of salt.

Do

Research unfamiliar app developers

Google play prides itself in having more of an ‘open’ app store unlike Apple, this means developers only need to certify apps themselves before they are made public. Apps that are made available for iOS will have to go through rigorous testing and be approved by Apple before they are allowed into Apple’s Store (but some questionable apps have still slipped through Apples testing process).

This makes Google’s Play store a grate way for 1st time-developers to showcase there apps, but it also means there is little quality control, other than Google’s Bouncer tool, which scans all submissions for malware.

To help reduce the risk of downloading a dodgy app you should always read the description carefully and look for signs like poor spelling and grammar (a professional developer will always proofread their submission carefully); vague details about what the app does; lack of screen shots; incorrect company logo. You should always click the developers name to see what else they might have made and the reviews they might have gotten.

Look for the top developer label as a mark of quality and reliability

Look for the top developer label as a mark of quality and reliability

Google labels their popular app creators as ‘Tip Developers’, but this does not always mean you should dismiss anyone who does not have a history of making apps. If you are ever in doubt, you could always contact the developer directly and ask for more information about the app, if its legitimate they won’t mind replying to help reassure you.

Don’t

Install apps from outside Google Play

There have been a fair share of dodgy apps hosted by Google Play in the last few years, Recent figures from cyber-security firm Opswat found that a third of all Android apps outside the Play store were infected with malware, while two-thirds could be regarded as “suspicious”, this also included repackaged versions of popular apps like Angry Birds and Twitter.
To help stop risky apps being installed on your Android phone or tablet, go to: Settings, Security and Swipe to ‘Unknown sources’ and untick ‘Allow installation of apps from sources other than the Play store’.

You should also make sure that ‘Verified Apps’ is ticked, doing this will help to warn you about potentially dangerous apps, but this is not a substitute for a dedicated mobile security app. The problem with blocking everything from outside of the Play store is you then cant install apps that are safe but Google objected to, the most notable one being Adblocker Plus, which was pulled last year from the Google play store, you can still install it from its website. Android will not let you block some apps but let other pass, so it’s a case of all or nothing.

You can only install Adblock Plus by allowing apps from unknown sources.

You can only install Adblock Plus by allowing apps from unknown sources.

Do

Check permissions before and after installing

List of Permissions Gmail Requires

List of Permissions Gmail Requires

The permissions required by some Android apps can sound a lot more alarming than they are, but some do go beyond what we expect, apps that require “full internet access” or to be able to “Directly call phone numbers” for no obvious reasons should set your alarm bells ringing. This is especially true when an app requests that you update it manually, so it can add a new permission.

When you install an app from Google Play, it will ask for permissions so you can decide if you want to still install it. If you want to check the permissions apps have on your device, go to settings, Apps and select an app, Swipe to permissions section and press one to read more about it.

You can always use F-Secure App Permissions to review all the app on your device and the permissions they have, so you can see which ones might cost you money, use your current location, see all your personal info and can make changes to your system settings. Unfortunately you can’t revoke permissions (at least, not on a non-rooted device), but if you are not happy with the permissions an app has you can always uninstall it.

Do

Request refunds for rubbish apps

In the past, if you bought an app from the Play Store and it was a letdown, you only had 15 minutes to claim a full refund, this is still what Google has on its ‘Return paid apps and games’ page and in the box that opens when your buy an app.

The Android Police did some research and discovered Google had quietly changed its returns policy, by extending the time limit for an app refund from 15 minutes to 48 hours, Google also issue the refunds themselves rather than passing the option to the developer. Once you have been granted a refund the app will disappear from your device.

You might still be able to get a refund after 48h, but there would need to be a good reason why. Google covers the cost of the refunds themselves, protecting developers from lost sales. Following the embarrassment of the fake Virus Shield app, Google offered every one that purchased the add $5 (£2.99) to spend in the Play store as well as a full refund, but please don’t expect this for ever bad app in the Play Store!

You have more than 15 minutes to claim an app refund, despite what the Play store states

You have more than 15 minutes to claim an app refund, despite what the Play store states

Share Button