Fake apps are an ongoing problem for the Apple App Store. With nearly 1.8 million apps in their store, Apple estimates it makes approximately $65 billion a year from the apps. They have a dedicated Discovery Fraud Team and technology to keep scam apps out. But, fraudsters still find a way of sneaking in. A Washington Post report found that out of Apple’s 1,000 highest-grossing apps, nearly 2% are some type of scam. Many fake apps can deliver malware to a device, but others are just looking to make a quick buck with financial scams.

Apple insists they take great strides to keep infected apps out of their store, saying that in 2020, they removed over 400,000 apps from their store for assorted reasons. But for those who have fallen victim to these fake apps, the company didn’t go far enough. According to Appfigures research, fraudulent apps cost users an estimated $48 million last year. That’s a hefty price tag for app lovers to pay, but there are ways to avoid downloading the next scam app.

What Apple app scams look like

The road to downloading a safe app can be challenging, but not hopeless. You should never sideload apps, which is downloading apps from other sites other than the official app stores. Many bogus apps misuse company names for cover, taking a closer look at the app title can be revealing.

For example, Samsung TV owners can go to Apple’s App Store and download the SmartThings remote control app. One security researcher did just that and came across an app called Smart Things. After paying $19 for the Smart Things app, you will discover you’ve just been scammed. The difference between the two? The scam app has a space separating both words. One added or deleted space is sometimes all it takes to fall prey to sneaky fraudsters.

Messing with app names is very similar to typosquatting, also called URL or domain hijacking, when a bad actor misspells a domain name to get traffic to their website. The same is done with apps. As the example above shows, scam apps can hide in plain sight.

The devil is in the details

Scrutinizing app names for subtle differences is a proven way to protect yourself from copycat app scams. Relying on app reviews for legitimacy is risky business since they too can be faked. Scammers count on users not checking name details, allowing them to typosquat app names to their advantage. Check and double check app spellings, looking for typos, strange spacing, misspellings, and more.

For more articles on phishing scams, cybersecurity and related topics, visit Mid Oregon’s Security and Fraud Center.