Today, RSA released its Q2 2018 fraud report, providing an inside look at the cybercrime and fraud trends observed across attack vector, digital channels and region. One insight that stood out was the growth of rogue mobile applications as a fraud attack vector. Over one in four, or 28% of all fraud attacks detected by RSA in the second quarter were attributed to a rogue mobile application. But what exactly does that mean?
Rogue mobile apps take on many faces. Fraudsters take advantage of the trust many consumers place in the mobile channel by creating malicious applications that appear genuine, but are used for fraudulent purposes. They can be likened to phishing emails, only using a mobile app. One popular example is fake banking applications asking for extensive permissions that enable fraudsters to gain almost exclusive access to a user’s mobile phone. Most often, these apps are used to divert the out-of-band SMS codes used in identity verification from the genuine user’s phone to one managed by the fraudster. Other apps developed to gain these permissions also use the face of popular games or trusted consumer brands.
However, rogue mobile apps do not always encompass a “fraud attack” in the traditional sense of targeting consumer financial information. Another common example of a rogue mobile app often uncovered by RSA is the unauthorized use of a legitimate trusted brand for profit. An example of this might be a third-party developer creating (Read more...)
*** This is a Security Bloggers Network syndicated blog from RSA Blog authored by Heidi Bleau. Read the original post at: http://www.rsa.com/en-us/blog/2018-08/rsa-report-rogue-mobile-apps-account-for-28-percent-of-fraud-attacks.html