Forget fake goods, fake shopping apps plagued China’s Singles’ Day
China’s annual shopping festival is bigger than Black Friday and Cyber Monday combined
Most of us know that feeling when we buy something online that looks like the real thing… but ends up being, well, garbage. But a new report says thousands of people have been using fake shopping apps to make purchases -- and the results could be far worse than merely not getting what you wanted.
In preparation for the world’s biggest online shopping festival, Singles’ Day, Chinese online security company 360 Security Brain found that during the past month close to 4,000 fake shopping apps were downloaded on more than 300,000 mobile devices in China.
Much like the fake Gucci and Armani goods, fake versions of popular online stores including Taobao, Pinduoduo, and JD have become common across China. The fake Taobao app, for example, was installed on more than 170,000 phones, according to the Double 11 Online Shopping Security Ecosystem Report 2018.
(Abacus is a unit of the South China Morning Post, which is owned by Alibaba -- which also owns Taobao.)
Counterfeit shopping apps, as the name implies, are apps that impersonate well-known software. They either have the same interface as the original app or use the same name.
Their origin is usually unknown, but the danger is the same as with phishing websites. They can steal account passwords, bank information, spread viruses or simply cheat users out of their money.
Fake apps are nothing new for China. Just this August, Apple purged its Chinese App Store of 25,000 apps including ones offering fake lottery and gambling software. (Gambling is illegal in China.)
360 also reported a number of other scams related to Singles’ Day, which broke another record this year. Aside from the flood of spam messages and trojans installed on shopping websites, one scam operates the other way around -- instead of users preying on other users, the so-called “Wool-pulling Party” are groups of users that target companies.
The term refers to users taking advantage of companies' marketing activities in order to "fleece" them. This usually means raiding platforms for gift coupons and cash incentives provided by companies to acquire new users. Bike sharing platform ofo, for example, had similar troubles with coupon hackers.
These days, however, the fleecing is done by bots. Singles’ Day offers plenty of great online deals -- but you need to be quick to click. 360’s report showed that many shoppers are in fact competing against machines instead of real people for these deals. In October alone, 360 detected more than 67 million "Wool-pulling Party" devices used to imitate actual users.
Other tricks of the trade included contacting users for a refund, citing a shortage of goods or lost delivery, and then leading them to phishing websites. Some fraudsters went even further by setting up fake shopping websites to collect users’ bank account information.
Between September and October, 127 cases were reported, resulting in losses of about 1.15 million yuan (around US$166,000). The report analyzed data gathered by 360 Hunet and the online security division of the Beijing police.
Although the usual stereotype is that older generations fall for this kind of scam, the post-90s generation turned out to be the biggest victims here. The reason behind this? Low supervision on gaming and virtual commodity trading platforms.