Scam of the Week: Malicious Apps Asking for Extra Permissions

We live in an app-based world. From laptops to smart TVs, applications are used nearly everywhere. Learning which apps are safe can be tricky as cyber-criminals continue to find new ways to exploit your trust.

The latest scam involves third-party apps that request unusual permissions. Users are easily fooled into downloading these third-party apps because they are registered on legitimate app stores and are designed to work in conjunction with popular products such as Microsoft OneNote or GSuite. The app is pretty harmless on its own, but shortly after downloading it you’ll receive an email related to this app, and the email includes a phishing link. If you click this link, it will cause the third-party application to request special permissions such as the ability to read and write to files on your behalf. If you grant the app these permissions, you’ll give the bad guys unlimited access to your sensitive information.

Don’t fall victim to this scam! Remember the following:

  • Never click on a link within an email that you weren’t expecting.
  • Only download apps from trusted publishers. Remember, anyone can make an application and scammers can use any image, text, or logo to make the app seem legitimate.
  • When using a work device, reach out to your IT department before downloading new apps or granting app permissions. They can decide if the application is legitimate and safe to use.

Stop, Look, and Think. Don’t be fooled.
The KnowBe4 Security Team
KnowBe4.com