Not all app updates are created equal, some are disguised malware waiting to steal private information to make illegal transactions online.
On 1 December, The Association of Banks in Singapore (ABS) issued an advisory on a specific malware that has been targeting mobile banking customers on the Android platform. ABS released a statement urging consumers to “be vigilant when using their smartphones for mobile banking”.
In addition, ABS director Ong-Ang Ai Boon said that since September, about 50 mobile users have fallen victim to the malware, reporting losses of up to several thousand dollars after clicking the ad on a link.
The malware poses itself as a software update for Android smartphones, or as a service for updating WhatsApp. For WhatsApp, the malware takes the forms of a pop-up advertisement.
The "ad" urges consumers to tap it and download a new version of the program or risk losing access to the service. After downloading the update, the application prompts the customer to input confidential information, such as credit card details, which is then used to commit fraud.
Current victims have lost up to a few thousand dollars from fraudulent online purchases made by cyber criminals, Ong-Ang said.
With m-commerce and mobile banking dominating the digital landscape, would incidents like these push the mobile industry two steps back?
More than meets the ad
Mobile players and banks in particular, have been proactive when it comes to robust security measures but such incidents only highlight how vulnerable consumers still are in the cyber space.
Pierre De Luca, managing director of Mediatropy, explained the problem arose out of the current mobile commerce and advertising ecosystem. Powered mainly by ad dollars spent on ad exchanges, this ecosystem is unregulated with a piece-meal approach to regulating it only surfacing now.
As such, advertisers enjoy a situation where cheap advertising inventory is available. "However, with the advent of HTML5 formats, there comes trouble. Android systems are particularly vulnerable due to the flexible nature of the operating system, yet iOS users should not consider themselves untouchables."
Hacks such as the WhatsApp malware are inevitable and will happen again.
Nonetheless, De Luca does not believe that such hacking incidents would impede the mobile and e-commerce industry - for now. However, the repetition of such events will in the long run affect the growth of mobile transactions.
"Only when that bottom-line is affected will the industry seriously look at solutions. For the moment, I believe that we will continue to enjoy cheap low quality inventory because the demand is there," De Luca said.
James Hawkins, CEO of Dentsu Möbius, also predicts the mobile industry will go on business as usual:
Nothing will halt the pace at which we adopt m-commerce and the rate at which mobile continues to define how, what and where live our lives (with our mobile device).
Since mobile devices have become users' primary connection point, consumers are becoming more comfortable with transacting via this platform.
"Time is short and convenience is paramount, we are all time poor. If we have the opportunity to quickly, efficiently and safely transact we’ll take it," Hawkins said.
Will consumers be more cautious of mobile ads?
Perhaps for a while people will be a bit more cautious, but such malware issues have not prevented the e-commerce industry to enjoy steady growth for years, De Luca noted.
Likewise, Hawkins pointed out that to buffer malware scams like these industries such as consumer banking need to consider the security of their customers as they increasingly use mobile devices for certain transactions.
"But this should not come as a surprise, there will always be scammers, theft and opportunists that are looking to exploit weakness in any system," he said, adding:
"The brands that can win the trust of their customers on the mobile platform will win. The stakes are getting increasingly higher and it is a race."
Jeremy Bek, general manager of Isobar Singapore, noted that as malware is not isolated to m-commerce and exists across platforms, consumers need to be savvy with cyber security as they increasingly engage in mobile activities.
"Malware is increasing looking more and more like official sites and communications, and users need to be extra vigilant in ensuring that the links, particularly if personal information are being requested, are from official sources."
In general, Bek does not think that such isolated incidents will impact the confidence of users and deter them from continuing to perform mobile or m-commmerce activities.
Meanwhile, ABS advised consumers to take the following precautions:
- Secure your smartphone with a password
- Install system updates to get the latest security features
- Install applications from trusted sources such as "Google Play"
- Only click on hyperlinks from messages and emails from a trusted source
- Visit your bank's website for more information
Ong-Ang said : “ABS would like to remind mobile banking customers that smartphones are as susceptible to malware as desktop computers or laptops. Consumers are reminded to download applications only from trusted sources. As cyber criminals’ mode of operations and the malware are constantly evolving, visit your bank’s website for more information, latest updates and malware signs to watch out for.”
The major retail banks in Singapore have seen an increase of mobile banking customers from 1.5 million in 2013 to 2.4 million in 2015, according to ABS.