What is fleeceware and why should you care?

shape
shape
shape
shape
shape
shape
shape
shape

Malware. Adware. Ransomware. So many “wares” thrown around these days in the world of cybersecurity. The latest addition to this list is known as ‘fleeceware’. The term was coined by UK cybersecurity firm Sophos in September 2019. This was following the firm’s discovery of a new type of financial fraud on the Google Play Store.

Fleeceware refers to situations where app developers manipulate loopholes in the Play Store’s trial period policies to charge excessive fees from users. The process involves the usual trial period sign up procedure. You fill in your details along with your payment information at sign up. The fine print within the software agreement will usually indicate that users are required to inform developers in order to opt-out of the trial. If not, users may be charged cancellation fees. These fees may sometimes be abnormally high, and this too may be included in the fine print so that users don’t pay keen attention.

Over the years, app users would just uninstall an app as the trial period ends and this is usually enough for a user to opt-out of the app completely. Ideally, this would stop a trial period and prevent the user from being charged for the app. However, a loophole in Google’s policies allowed apps to charge users even after apps are deleted. This is because an uninstall doesn’t necessarily inform the developer that the user doesn’t want the app.

In terms of Google, these developers generally follow Google’s rules and apps function as they are intended. Therefore, Google doesn’t technically recognize these types of developers as scammers.

A few weeks ago, Sophos announced that as many as 600 million Android users have installed fleeceware apps from the Google Play Store. Initially, the company came across 24 fleeceware apps. These apps charged users as much as $240 per year for basic functionality like calculators and QR code readers. However, a report in January stated that this number is far higher.

Sophos claims that more than 600 million Android users could be vulnerable to different types of fleeceware apps. But Sophos mobile malware analyst Jagadeesh Chandraiah suspects that actual installs could be lower. Chandraiah states that its possible these apps used third-party pay-per-install services to boost install counts, followed by fake five-star reviews to boost ranking on the Play Store to attract many users. Additionally, its also unlikely that all users who installed these apps signed up for a trial period. But in case if you’re one of those who did, its best to check your Play Store payment history.

The issue goes beyond just fleeceware

Of course, it isn’t just fleeceware. Scams ranging from phishing to lottery scams have been around for decades. Even in 2020, attackers continue to trick daily.

Take phishing for example. According to f-secure, more than one-third of security incidents start with phishing emails or malicious attachments sent to company employees. At a basic level, phishing scams usually occur via emails or social networks. Usually, attackers would email you in a way that tricks the user to provide personal and sensitive information.

At first glance, these emails will seemingly look like they’ve come from an official source. This makes it easier to convince users to click on a particular link. If you’re not careful, you might unknowingly provide your personal information straight to the attackers themselves.

Another classic internet scam is the lottery scam. Typically, an attacker would send a conspicuous email claiming that you’ve won a lottery. Though these types of scams become fairly obvious when you see the rather dodgy email of the sender. People might not be as gullible these days, it still happens, nonetheless.

The point is scams in the digital space have been happening for many years. These take different forms of technology progress through the decades. Emails, SMS, social media, smartphone app stores, attackers will continue to manipulate existing systems if it presents an opportunity to extort money out of people. But in any case, how does one safeguard themselves from such scams?

How to protect yourself from fleeceware and other scams

The problem with fleeceware apps is that these can get through Google’s approval process since its not malware and the app itself isn’t malicious. So, what can you do to keep away from fleeceware? For starters, reading that fine print when signing up for a trial will help. It’s advisable to avoid apps with very short trial periods, such as less than 7 days. Also, pay attention to any mention of cancellation fees when signing up for trials on Play Store apps.

Scams that extend fleeceware, while it takes many forms, usually operates through emails and social networks. Email services like Gmail are typically well equipped to identify suspicious emails. But there are always those few that can get through to you as legitimate emails. As with fleeceware, the best course of action is to be generally more aware when communicating online. If any process requires you to share your personal data, you should take care to be extra vigilant.

In terms of putting up software safeguards, one possible method is to use a paid anti-virus guard. Often, these paid anti-virus Softwares come with protection layers that go beyond just virus protection. On mobile phones, it is perhaps best to disable the setting that allows you to install apps from third party stores. Additionally, if you use company email accounts, try to use these email accounts via Gmail or a similar email client instead of the default email client. This would help block out suspicious emails better. Of course, these don’t protect you from fleeceware and other related scams entirely. These are only just a few things you could do to protect yourself better. Fleeceware is an apt example of how scammers continue to deploy new devious methods to compromise unsuspecting users.  Hence why more awareness about these types of attacks is vital for the general populace. As such, we hope this article helped shed light on the matter.