Nedbank warning to people with smartphones in South Africa

Nedbank warned that scammers use fake mobile apps disguised as trusted brands to steal your personal and banking information.

New scams are popping up all the time, and many of them will disguise themselves as communications from legitimate brands and service providers, making them harder to spot and easier to fall for.

“The threat is real, and falling for a scam could cost you a lot of money,” Nedbank said.

According to the bank, the latest malicious fraudulent scheme could allow cybercriminals to take control of your phone and gain full access to all your bank accounts and personal information.

“Be on high alert if you’re asked to download an app on your phone to access an offer that seems too good to be true.”

“Even if it appears to come from a reputable company that you’ve bought from in the past, you must take precautions before you download a new app.”

“Often, app downloads require you to accept several permissions on your mobile device, which can give fraudsters access to your phone – so be wary when you’re asked to give these permissions.”

Because of modern security measures meant to protect users, like biometric controls, passwords, and One-Time Passwords (OTPs), it has become increasingly difficult for scammers to defraud victims.

Interestingly, to do so, they need the victim to participate in their own fraud by, for example, giving them their OTP or, in this case, accepting app permissions.

Nedbank cautioned that when it comes to app download scams, fraudsters can now make images and videos look more authentic, which enables them to disguise themselves as well-known brands.

“They often steal real images from the brand and create similar adverts and apps — with company logos and legitimate-looking content created with artificial intelligence software — to establish credibility.”

Nedbank warning

Although it can be easy to overlook the warning signs, especially when you’re excited about a good deal, Nedbank warned that fake apps can risk your data and privacy.

“Scammers use these fake identities to offer tempting deals on social media and other messaging platforms and target victims through direct marketing.”

“You might get a call or email from someone claiming to represent a popular streaming service, a well-known airline, or even a big chain store. They’ll get you hyped up with offers of discounted subscriptions or free tickets and vouchers.”

“They might offer you entry in competitions with big prizes. But these offers come with a catch – you’ll need to download an app to participate.”

Nedbank said many fake ads on social media target anyone looking for a good deal. Cold calls are another tactic scammers use to commit this crime. Fraudsters call victims with special offers to try to entice them.

“If you respond to an ad or show interest in the deal on the phone, the scam will quickly move to the next phase and invite you to chat on WhatsApp or other messaging platforms.”

“There, the con artist will send you a link to download their app and ‘unlock’ your rewards. In reality, you’ll be downloading a malware app.”

This is what makes this scam so dangerous, Nedbank said. “When you click on the link, the app will ask you to approve quite a few permissions.”

“This is standard when you download a new app – most will ask for access to your phone’s functions so they can operate properly. And ideally, you should read every line of what you’re agreeing to on those permissions before you accept them.”

Most people simply click and accept permissions blindly without knowing what they are giving approval for when installing a new app or updating a device.

“If we’re interacting with a brand we’ve used before and have grown to trust, it just seems so much simpler to select ‘accept’ on every permission and get the app working as fast as possible,” Nedbank said.

“That’s what the scammers are counting on. By accepting these permissions, you could be giving them full access to your device.”

“They can install malware and spyware, which can compromise any sensitive data stored on your phone, like your banking information, home address and credit card details.”

The bank explained that the malware will send all your information to the fraudster, who can then use it to get access to all your bank accounts.

“You may not even realise that your security has been breached until it’s too late.”

How to stay safe from app scams

To prevent yourself from falling victim to this kind of scam, Nedbank advised that users stick to official app stores.

“Download apps only from trusted sources like Apple Store, Huawei AppGallery, Galaxy Store or Google Play. These platforms have strict security measures that help weed out malicious apps.”

“If you receive a link to download an app from somewhere else, don’t tap on it – instead, open your app store using the store app icon on your phone and search for the app you need to install.”

The bank explained that simply listening to your device will also help keep you safe. “Most smartphones are designed to protect you from threats and come with preinstalled security apps.”

“If your phone warns you about installing an app from an unknown source, don’t ignore the warning. Always read pop-up messages, and don’t just tap ‘accept’ to get rid of the pop-up. If in doubt, check directly with the company that claims to be running the promotion.”

“If you receive a suspicious message or app download request, report it to your bank’s fraud department right away”

Nedbank added that users should also verify unusual offers first.

“If you receive an offer that seems out of the ordinary, it’s always best to check with the company supposedly offering the deal.”

“Most reputable companies won’t ask you to download an app through a link sent in a text or WhatsApp message, or a social media direct message. A quick call or email to their official customer service centre can save you a lot of trouble.”

Carefully considering app permissions is another way users can keep themselves safe.

“Be cautious of apps that ask for too many permissions, and read them all carefully to know what you’re agreeing to. For example, a travel app probably doesn’t need access to your microphone or camera.”

“When reading through the permissions, ask yourself if they make sense for the app you’re downloading.”

In the case where a user has already downloaded a fake app, Nedbank urged consumers to act quickly.

Delete the app, clear your cache, check for hidden apps, and change your banking passwords using a secure device. Update your phone’s software and report any suspicious activity to your bank immediately.

“These steps can help prevent further damage, but the best approach is to avoid these scams altogether by being cautious and aware of the tactics that fraudsters use,” Nedbank said.

“Stay alert, only download apps from trusted sources, and always read through the app permissions before you tap ‘allow’.”

“Unfortunately, if you download a fake app that compromises your digital banking security, you will be liable for any losses you may suffer. Always take the time to verify any offer before giving a new app access to your digital devices.”

This article was first published by Daily Investor and is reproduced with permission.