Fleeceware is an important cybersecurity threat to be aware of. Tom Merritt offers five things you should know fleeceware apps.
You've upped your security game. You keep secure backups to help defend against ransomware. You stay patched and up to date to limit your exposure to malware. You put two-factor authentication on everything to ward off credential stuffing. Bad guys… They're ingenious. They're coming for you in a safe, secure place and you'll only have yourself to blame. Here are five things to know about fleeceware.
- You're the vulnerability. Fleeceware uses in-app purchases to fool you into agreeing to high charges without realizing it until it's too late. For instance, it will give you a free trial with a subscription price of $9 a week, hoping you don't notice that it was a week, not a month. Or, they may charge you $200 a month hoping you'll read it as $2.00.
- Uninstalling doesn't help. Most fleeceware sets up recurring charges. Deleting the app does nothing to the recurring charges.
- They don't even break the rules. The prey on your inattention. They obtain the necessary permissions, usually by users tapping a bunch of OKs. It's not against most app store rules to charge a lot.
- App stores have charge limits. But, they have to be high to allow certain legitimate apps to work. A high-end design app might legitimately charge $400.
- Fight fleeceware by canceling. Actually fight fleeceware by vetting what apps you give your payment info too. All of us make mistakes, so if you do realize you just agreed to a fleeceware app, go cancel it in the OS subscriptions area right away.
Sophos estimates apps that meet the description of fleeceware have been downloaded 3.5 million times on iOS and more than 100 million times on Android. Only download apps you're certain come from legitimate developers and only give your payment information and agree to subscriptions when you've carefully determined what you're signing up for.
Subscribe to TechRepublic Top 5 on YouTube for all the latest tech advice for business pros from Tom Merritt.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Security Awareness and Training policy (TechRepublic Premium)
- Kubernetes security guide (free PDF) (TechRepublic download)
- Information security policy (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- All the VPN terms you need to know (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)