Wednesday, October 27, 2021

Fake Netflix apps spread malware

by TERRI DICKERSON/CDA Press Consumer Gal
| September 16, 2021 1:00 AM

Consumers love a bargain, but when receiving online or text message coupons and discount codes, be careful. There's an increase in fake apps and services that are intent on stealing your personal information and it's only getting worse.

The security company Pradeo recently reported that fake Netflix apps are injected with malware. These offers usually claim that Netflix is giving away free subscriptions or extending service for a huge discount, but to take advantage of the offer, users are asked to provide personal details.

Often these infected applications are promoted to users through ads displayed in applications downloaded from official app stores or through phishing campaigns. When counterfeit apps are able to impersonate reliable apps, it tricks users into trusting and clicking on links, which then allows the bad actor to steal personal information including your banking and credit card information.

Here are some tips to stay away from fake apps:

• Be on the lookout for smishing (SMS phishing) and phishing campaigns. These are unsolicited text messages or emails that urge you to click on a link or download an attachment.

• Never click on links in unsolicited text messages or emails, particularly when you don’t know the sender.

• Go directly to the source to determine if the offer is legitimate. Many companies have reported they're not offering free or discounted subscriptions, which has helped save many consumers from being taken advantage of.

• Download apps only from the official app stores. Avoid third-party app stores or links to apps through online ads. The pitfall to using third-party apps is it can lead you to a fake website infected with malware.

• • •

Avoid drive-by roofing salesmen

A Coeur d’Alene reader recently had an encounter with a roofing salesman from Spokane Valley. After inspecting the roof, the salesman offered to tear off the wind-damaged roof on the whole house and replace it for what the insurance company would pay.

On the surface, it sounded like a great deal. Below the surface is where the offer breaks down.

The salesman wanted the customer to essentially sign a blank contract, which would be filled out later back at the office. The problem with the contract is it did not specify the exact services other than tearing off old and replacing with new roofing materials. That’s a pretty broad statement in a contract and subject to wide interpretation.

Also, companies that offer to replace something for what the insurance company will pay will likely not take a loss if the customer’s insurance policy pays actual cash value or ACV. ACV essentially is a method of valuing insurance property not equal to replacement cost value but rather it is computed by subtracting depreciation from replacement cost.

This method often yields a very low dollar payment so it's doubtful a company would stay in business for too long if it had to eat the difference between actual replacement cost and what an insurance company might pay.

In cases like this, who comes up with the shortfall? You guessed it, the customer.

Once the customer received the actual bid from the roofing company, it was $4,000 more than what the insurance company would have paid. Because the customer refused to sign the blank contract and did not rely on the verbal sales pitch, he did not engage this company for service. The good news is he isn’t out any money.

Bottom line: Be wary of any verbal sales pitch that tells you they will accept an insurance payment as full compensation but then ask you to sign a blank contract to be filled out later. This might sound like a good deal but do you want a properly fixed roof? Remember the old adage, if the deal sounds too good to be true, it probably is.

• • •

Protect your wireless account

With the most recent T-Mobile data breach, it's more important than ever to protect your wireless account from hackers. In fact, it has been reported that AT&T has also been hacked although AT&T has denied the allegation. Still, cybersecurity experts say a hacker is selling the data of over 70 million AT&T customers.

An online advocacy group, Restore Privacy, has independently verified that a data sample included legitimate information from AT&T customers. Data included names, phone numbers, physical addresses, email addresses, Social Security numbers and dates of birth. This is all the information a scammer needs to commit identity fraud.

Targeting large groups of people can be quite lucrative for cybercriminals. Presumably the hacker set a starting price of $200,000 on a dark web forum for the sale of the AT&T database with its 70 million customers' Social Security numbers and dates of birth.

One way to protect your account is to set up a PIN code. Without a PIN, hackers can hijack your mobile phone, take control of your phone number and use that number to gain access to online accounts. At least with a PIN, it's one more security step that hackers must breach to get your personal information.

Other things you can do include freezing your credit accounts, constantly monitoring your credit reports and bank statements, inspecting any unexpected bills, changing passwords frequently and not sharing your personal information with anyone over phone, text or email unless you initiated the transaction.

• • •

Remember: I’m on your side.

• • •

If you've encountered a consumer issue that you have questions about, or think our readers should know about, please send me an email at or call me at 208-274-4458. As The CDA Press Consumer Gal, I’m here to help. I’m a copywriter working with businesses on marketing strategy, a columnist, a veterans advocate and a consumer advocate living in Coeur d’Alene.