Are you paying a small fortune for cheap and easy fleeceware? : Internet Scambusters #912
Fleeceware is the new term for rip-off smartphone apps that cost victims hundreds of dollars.
Often, they’re tricked into paying large sums for services they could get elsewhere for free, as we explain in this week’s issue.
We also have the lowdown on five new Coronavirus scams that are active right now.
Let’s get started…
Fleeceware: The Big App Rip-Off – Plus 5 New Coronavirus Scams
People who use smartphones and tablets are being warned about an avalanche of fleeceware that could potentially take them for a small fortune.
“Fleeceware” is a relatively new term to describe apps that simply rip off users, either by overcharging them at the outset, or sneaking up on them after they’ve installed the app with new and often recurring charges.
A report a few months ago from online security firm SophosLabs — who coined the fleeceware term — claimed that more than 600 million copies of 25 offending apps had been downloaded by Android users. More recently, the firm says it has found 30 fleeceware apps on Apple devices.
The problem for both Google (which runs the Google Play store for Androids) and Apple (for iOS apps) is that the software is not illegal or malware-laden, so it may not initially be spotted through security checks.
Both firms have acted to remove apps when they become aware of the excessive charges but then others appear, more notably on Android devices.
Tech magazine Wired explains: “Though fleeceware apps don’t grab your data or run ad fraud from your device, they often flout the standards that Apple and Google set for when and how developers can present in-app purchases and subscription fees.
“Some claim to offer a trial period but will prompt you to pay the first time you open the app. Others say that a subscription will be one amount in most of their app materials, but then actually charge a higher fee at checkout.”
The apps also exploit users who don’t know how to cancel subscriptions and, in some cases, ignore even those who do know and try to cancel. They just keep on taking the money.
Some of these rogue app developers are charging what Sophos refers to as “obscene fees” for fairly basic products. A horoscope app, for example, was offered at $70 — not for a year or even a month but for a week. That adds up to more than $3,600 a year!
According to Wired, fleeceware is often found in the same genre of apps that are used for mobile scams and attacks.
“These are generally benign-looking tools like simple photo and video filters and editors, horoscope apps or fortune-telling tools, QR code and barcode scanners, or utilities like flashlights and custom keyboards,” magazine senior writer Lily Hay Newman explains.
Sophos also suspects that some of these scammers may have found ways of posting fake five-star reviews about their apps to encourage users to opt for them. They may also disguise the fact that what appears to be a monthly fee is actually charged weekly.
Another trick is to set an impossibly short free-trial period and then hit the victim with an annual lump sum fee. If they don’t cancel within as little as 48 hours, they face a full year’s subscription.
Both Google and Apple claim to be tightening up on attempts to sell fleeceware on their app sites. Google has changed its policies on making charges explicit from next month and Apple’s rules already prohibit unreasonable pricing or the use of tactics to lure in victims and then charge them more.
“While pricing is up to you,” Apple tells developers, “we won’t distribute apps and in-app purchase items that are clear rip-offs. We’ll reject expensive apps that try to cheat users with irrationally high prices.”
But these policies may still leave a little wiggle room for scammers, since the question of what is reasonable is a matter of opinion rather than fact.
How Not to Get Fleeced
So, what can you do to avoid fleeceware scams? Here are seven key actions:
- When considering buying an app, check reviews elsewhere, not on Google Play or the App Store. Also beware of five-star reviews that just use two or three words.
- Compare prices and features of similar apps.
- Preferably buy apps from established developers who already have good reviews of multiple products.
- Use the “subscriptions” feature on your device (look it up if you don’t know how) to see exactly how much and how often you’re paying, or to cancel these subscriptions. This isn’t infallible, though. In a trick encountered by a Scambusters team member, multiple “free” apps were used that eventually required him to pay a subscription outside of the official stores. The developer then ignored all his cancellation requests and he was forced to change his credit card account to stop the scam. Fortunately, the credit card company refunded $90 of payments the scammers had already taken.
- Don’t sign up for free trials offering less than a week of use.
- Read the small print in the app’s description. Again, this isn’t infallible but if it’s poorly worded or confusing, that’s certainly a red flag.
- Know that, despite what you may think or are tricked into believing, removing a fleeceware app from your device doesn’t cancel a subscription.
5 Latest Coronavirus Scams
Here’s a brief rundown of latest Covid-19 scams and misleading claims that have crossed our desks in recent weeks:
- The US Federal Trade Commission (FTC) has warned another 50 firms about making unproven or misleading claims about products they suggest can help treat or prevent the virus.
- Malware-infected Excel spreadsheets are being sent out as email attachments purporting to come from respected organizations. The spreadsheets supposedly carry data and updates on the pandemic. Don’t click on them!
- Crooks are posing as members of contact tracing teams. They make calls or send out messages saying the recipient may be infected and then ask for personal details such as Social Security numbers and financial account details. Genuine tracers won’t ask for this information.
- Scammers are cashing in on stay-at-home victims’ desires for pets as company. Posing as breeders, they offer pets at outrageous prices and then simply disappear with the money.
- Don’t believe the latest “free groceries” scam that claims retailer Target is giving away products. A text or email message says the recipient is entitled to $175 worth of groceries. But if they click the link in the message, all they end up with is malware.
That’s it for this week but stay vigilant for those Coronavirus scams. They’re spreading almost as fast as the disease!
Time to conclude for today — have a great week!