When Google serves fake banking

      No Comments on When Google serves fake banking

So who can you trust if you can’t trust Google to provide safe apps?

Recently, it was found that there were some apps in the Google Play store that looked like real banking apps for ANZ and Commonwealth Bank.

But they were not the real deal. They were look-likes that had slipped through into the store past Google’s vetting process and had hung around undetected for weeks and had tricked over 1 thousand users to download and install the apps.

The apps were pretty simple in the way they went about their business. Once opened they tried to emulate the look and feel of the app and convinced users to enter in banking details or credit card details. Incredibly simple in execution almost to the point of “phoning it in”. No clever passthroughs that act as a middle man to the bank so as to not to raise suspicions, no over-the-shoulder tactics to get login details, not even an effort to go through contact lists.
Just straight up social engineering to grab payment information and empty bank accounts with fraudulent transactions.

So how can we not fall prey to fake apps?
First of all, this is due to Google’s failure to properly vet applications pure and simple. This may not have been the first instance and will certainly not be the last so we need to be smarter when it comes to getting the right app on our phone.
One trick when it comes to getting the right critical app is to get the link direct from the website (the banks should put links to apps on their front page to make it easier).
Go to the website and look for the Apple App Store and Google Play buttons that will take you direct to the right app.

We can hold Apple, Google and others responsible for properly vetting the stores that they claim to be the safest place to get apps but we can’t leave it there. When it comes to our security we have to accept that threats are layered and our defenses must match the threat in structure. We have to remain vigilant at all times and adjust our behaviours to meet the threat.

The rewards for the bad guys are there and while we hold something of value to them (regardless of how valuable we see it) they will continue to find ways to get what is not rightfully theirs. Thankfully we only have to add small tweaks to the way we do things to shut down their efforts.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.