Thursday, March 29, 2018

New Play Store scam uses Google’s own pop-ups to steal money

Play Store

  • New type of subscription scam found on Play Store
  • Pingu Cleans Up may have tricked thousands of users into paying cash every week.
  • App has since been removed, but the scamming method is likely to crop up again in the future.

Android users should be wary of a new type of Play Store subscription scam that utilizes Google's own prompts and innocuous-looking free games to steal cash. The scamming method first showed up in an app called Pingu Cleans Up, which has since been deleted from the Play Store but not before it amassed between 50,000 – 100,000 downloads.

The scam works by fooling users into accidentally accepting a weekly subscription fee. In the case of Pingu Cleans Up, once the game starts you're then told to create a custom penguin avatar. The game then asks you to confirm the character design via a Google Play pop-up window. This is repeated a second time, followed by a third pop-up which is where the scam really kicks in.

Editor's Pick

If you have a credit or debit card registered already, the final pop-up will show a subscribe button alongside a confirmation that you wish to pay a €5.49 weekly fee. If you accept the prompt, that weekly charge won't go away unless you manually cancel the subscription. If you don't have a card registered, the last pop-up will ask you to input card details instead.

The scam is hoping to trick those in the former scenario and is banking on the fact that unsuspecting users will repeatedly tap the confirm button without checking what they're actually signing up for.

We've seen plenty of scams prey on user complacency before, especially those targeted at a younger audience who will click anything to actually play the game. The big difference is that the method seen here also abuses the trust many users will have when seeing an official Google prompt.

Several red flags alerted many users to the scam leading to some negative reviews on the Play Store and its eventual removal. These included terms and conditions links that outright didn't work and, despite somehow achieving an overall rating of two and a bit stars, user comments that outlined the app's maliciousness.

If you've fallen foul of the scam, fear not as Google has already stepped in and stopped all subscription charges by removing the app from its digital storefront. The key bit of advice to avoid scams like this in the future is quite simple: don't register a credit/debit card on your phone if you're going to let your kids use it without supervision!

Up next: How to delete your Instagram account



from Android Authority https://ift.tt/2GhBRD8
via IFTTT

No comments:

Post a Comment