Scammers are turning to mobile app fraud - know the risks - Photo by Sora Shimazaki on PexelsThe ease with which online users can now access almost any global service within the palms of their hands is somewhat inspiring. On the grand scale of things, we’ve moved from bulky desktop computers to laptops to mobile devices within a very short time. It is a sterling achievement. But the ease with which individuals around the world can enjoy online shopping or banking has provided challenges too.

Fraudsters are now successfully targeting mobile users with the same tried and tested cybercrime techniques that most people would associate with desktop browsing experiences. The risks are real, and the effects of mobile app fraud can be crippling.

M-Commerce and mobile banking are on the increase, and fraudsters have noticed

Time for some context. E-Commerce’s share of global retail sales was growing steadily before the COVID-19 pandemic, as was its counterpart M-Commerce. Both were forecast to grow considerably by 2025-30.

The same applied to digital banking and mobile banking through apps. The pandemic simply hastened the prognosis by a few years. This was due to the necessity for businesses to expand their presence online and provide additional choices through mobile services and payment/transaction options.

Why is this important? Because where there’s an opportunity for businesses to go mobile and make money, there will always be fraudsters lurking in the background to take advantage. They are always trying to find weak spots (there are many) to defraud both merchants, financial institutes and their customers. Enhanced mobile app security is a must.

Fraudsters use tools and knowledge found on the dark web

The murky underbelly of the internet, the dark web, is awash with forums and marketplaces. It is where the knowledge and tools used to commit fraud are readily available (for a small fee, of course). It is also possible to purchase stolen bank and eCommerce account details.

Fraudsters, even with mid-level tech skills, can effectively pull off successful fraud attempts with ready-made tools and data. This ease of access has had an impact on those involved in fraud. In times of financial impacts and job losses due to pandemic lockdowns, many younger tech-savvy individuals turned to fraud to make quick money. They’ve seen how easy it can be, leading to an increase in global fraud rates.

Achieving success through fraud is easier than you think. The reason? Some companies opt for ineffective rules-based fraud systems. It might be better than having no anti-fraud in place, but it is not desirable. Even some advanced rules-based systems can be bypassed (fooled, even) by determined fraudsters.

Given the professionalisation of fraud tools, fraudsters don’t need to spend a lot of time and effort achieving their fraudulent goals through complicated hacking or cracking of encryption. They just need businesses to have ineffective security measures, including employees opening malware via email or simply relying on customers to slip up. If this is still happening worldwide with basic security, just think how inadequate mobile app security can be for average users.

What types of fraud affect mobile users?

The fraud we most often associate with desktop browsing is increasingly being adapted to mobile devices. It’s not that the mobile environment is unsafe. It’s actually safer than desktop browsing. But the false sense of security in mobile devices is a notion which needs to change. The proof? The most effective fraud attempts are based around social engineering attacks. This is where fraudsters aim to gain people’s trust to unintentionally aid the process of fraud.

Common attacks are performed via phishing emails. A potential victim receives an email, often looking credible (but with minor differences, for example, to the URL or imitation graphics used), enticing or adding pressure to act and click on a link. The aim is to steal users’ precious data that can then be used to action an account takeover (ATO) and/or identity theft.

Unsuspecting online users, unfortunately, accomplish half the work of fraudsters. The effects can lead to huge financial losses for victims.

How are social engineering attacks being adapted to mobile users?

A phishing link may include the ransomware/malware to steal people’s data, but it may also contain a link to download a fake app. Such apps are built to imitate legitimate ones found in the Apple App Store and Android’s Google Play.

Apple and Google continue to make efforts to remove these fake apps from the iOS and Android platforms. But, by the time this is done, they may have been downloaded 100,000+ times and have aided the theft of account details. The same pressure can be applied to users via SMiShing (SMS messages) and Vishing (voice calls). The fraudsters spoof the caller IDs to look like legitimate services.

In more technical terms, a user’s phone can also be completely controlled with the help of root and jailbreak software. It overrides Apple and Android security settings that prevent 3rd party (illegal) software from being installed. Fraudsters will try to mask such attempts – something that ineffective anti-fraud may not pick up.

Even remote access tools (now available as apps on mobile devices, such as TeamViewer) can be taken over, with device files and data readily available for transfer. Think for a moment about the personal files you have on your phone. What files on your device may contain valuable personal information? Or consider the next time you type in a login password – is it being logged by a fraudster? The theft of your personal information is a very real prospect.

How to stop the fraudsters? With a little knowledge and advanced FinTech

It’s easier than you think to fall for such scams, especially if a user is not fully aware of the dangers of the online environment. In fact, with the increase in global smartphone ownership continually growing, it is inevitable that not all users of such devices will fully understand threats to their personal and account data.

Learning about good digital hygiene practices can appear patronising at times. However, most successful fraud attempts are based around social engineering attacks. It is essential to use strong passwords, use encrypted password managers, and keep all software (operating systems, anti-virus and even apps) up to date to patch security flaws. But most importantly, it is important to spot the signs of fraud attempts. If an unsolicited email, SMS or call feels fishy, it most likely is! But education is only one part of the solution.

Companies must fully understand their users

Fraudsters can purchase or steal account details or identities online. It makes it necessary for companies to fully understand their users. They should not just accept customer login attempts at face value.

Tools are available on the dark web for fraudsters to mask their true digital footprints (device setups, IP address, time zone, browser settings, and even graphics card and processor details to name a select few). However, fraudsters always slip up.

It is necessary to interpret every single user interaction and effectively determine device setups and user behaviours. Analyse digital fingerprints and behavioural biometrics. Advanced systems, powered by artificial intelligence (AI) and machine learning (ML) models, can analyse 5000+ pieces of device data and interactions. All this takes place automatically and in real-time. Importantly, it can effectively identify fraud attempts before a fraudster has even had a chance to get the ball rolling.

Nethone is one such company that has built an advanced fraud solution, which relies on tech and the knowledge obtained by fraud intelligence specialists that scour the dark web on a daily basis to understand the latest developments in cybercrime circles. We know that mobile app fraud is on the rise, but we also have the means to prevent it.

CTA: If you liked this article and would like to learn more about expert anti-fraud analysis and mobile app fraud solutions, visit Nethone’s website:

nethoneStarted in 2016, Nethone is a fraud protection company committed to solving fraud and reducing unnecessary transaction friction through a better understanding of online users. Our advanced proprietary Profiler and machine learning models effectively prevent payment fraud and protect merchants and their clients by understanding every user behind a transaction. Nethone has grown to over 70 employees including a dedicated team of Data Scientists and IT security experts who cooperate with global players in eCommerce, digital goods, and financial industries.


Please enter your comment!
Please enter your name here