sb-nz logo
Story image

FaceApp: Pro version scams, privacy concerns

22 Jul 2019

The latest hype around the FaceApp application has attracted scammers who want to make some quick profits, ESET research has found.

Scammers have been using a fake “Pro” version of the application as bait and have made an effort to spread the word about this fictitious version of the currently-viral app.

One form of the scam uses a fake website that claims to offer a premium version of FaceApp.

The second type of scam includes YouTube videos again promoting download links for a “Pro” version. One of the fraudulent YouTube videos had over 150,000 views at the time of writing this research.

The legitimate FaceApp application offers various face-modifying filters and is available for both Android and iOS.

While the app itself is free, some features marked as “PRO”, are paid.

Along with the viral potential of its popular filters, FaceApp has recently generated a huge wave of media attention amid concerns about online privacy.

In one of the scams we have seen, attackers use a fake website that claims to offer a premium version of FaceApp.

In reality, the scammers trick their victims to click through countless offers for installing other paid apps and subscriptions, ads, surveys and so on.

The victim also receives requests from various websites to allow the display of notifications.

When enabled, these notifications lead to further fraudulent offers.

The YouTube videos contain download links that point to apps whose only function is to make users install various additional apps.

The shortened links could lead to users installing malware as well.

“There were well over 200,000 stories online this Thursday about the fake and fictitious FaceApp Pro. Only one of the YouTube videos we found had more than 15,00 views, however, its malicious links were clicked over 90,000 times,” says ESET researcher Lukas Stefanko.

“Legitimate businesses don’t even dream of such high click-through rates as these cybercriminals have been able to achieve,” he adds.

Before joining the hype, users should remember to stick with basic security principles.

Regardless of how exciting the ‘opportunity’ seems, avoid downloading apps from sources other than official app stores, and examine available information about the app (developer, rating, reviews, etc.).

As insurance in cases where the user falls victim to a scam, having a reputable security app installed on a mobile device can help prevent some negative consequences.

Other security experts have commented on the security and privacy concerns users need to be aware of when using apps like FaceApp.

Forcepoint security strategist senior director Alvin Rodrigues

The face is your personal copyright.

From a security perspective, you are giving away your ability to use your face as a password to log files or to lock your devices, the way several mobile companies are currently using facial recognition technology to allow users’ to lock their phones.

This facial password, your face, is something that cannot change. It is personal and permanent.

Secondly, the photographs being uploaded to the cloud are at risk of being targeted by hackers who may use them for running facial identification to compromise individuals and companies.

By using the app, we may be surrendering copyright to our face and there are implications of reselling your face or reusing your face for commercial applications.

Kaspersky South East Asia general manager Yeo Siang Tiong

Yet another viral app taking several social media channels by storm is a recurring phenomenon.

In this age where users jump onto a bandwagon because it’s fun or trendy, FOMO or the Fear of Missing Out can overshadow basic security habits – like being vigilant on granting app permissions.

There is no harm in joining online challenges or installing new apps - the danger lies when users just grant these apps limitless permissions into their contacts, photos, private messages, and more.

Doing so allows the app makers possible, and even legal, access to what should remain confidential data.

When this sensitive data is hacked or misused, a viral app can turn a source into a loophole which hackers can exploit to spread malicious viruses.

Carbon Black Security Strategy Head Rick McElroy

FaceApp serves as an important reminder that free isn't free when it comes to apps. The user and his/her data is the commodity, whether sold for purposes like marketing or more nefarious things like identity theft and creation of deep fakes.

Don't use apps that need access to all your data and be sure to read the EULAs to ensure the app gives users some sort of control and protection based on where the data is stored and processed.

Story image
Romanian nationals jailed for card skimming
The equipment was used to obtain credit card details of more than 122 New Zealanders, and to steal approximately $75,380 from many of them.More
Story image
Microsoft takes legal action to disrupt botnet and combat ransomware
Microsoft has announced it took action to disrupt a botnet, Trickbot, one of the world's most infamous botnets and prolific distributors of malware and ransomware.More
Story image
Experiencing ransomware significantly impacts cybersecurity approach
"The survey findings illustrate clearly the impact of these near-impossible demands. Among other things, those hit by ransomware were found to have severely undermined confidence in their own cyber threat awareness."More
Story image
BayCom partners with NICE inContact to offer cloud contact centre platform in NZ
“With our extensive experience in the industry, BayCom has the ability to design, implement and support CXone nationwide, providing organisations with an industry-leading Contact Centre as a Service (CCaaS) solution to deliver on their customer experience strategies.”  More
Story image
Report reveals relationship between boardroom and cybersecurity investments
“While boards are definitely listening and stepping up with increased budget for cybersecurity, they tend to view any investment as a cost rather than adding business value."More
Story image
BlueVoyant acquires Managed Sentinel, builds out Microsoft MSS offerings
“Combining Managed Sentinel’s Azure Sentinel deployment expertise with BlueVoyant’s MDR capabilities will help customers operationalise and maximise Microsoft security technologies."More