You are here

Regulator fines three companies over mobile malware

19th December 2014

PhonepayPlus - the UK’s premium rate phone number and service regulator - has fined three companies £330,000 after breaching their Code of Practice. 

The three companies were fined after PhonepayPlus uncovered mobile malware that concealed charges to Android phone users. The mobile applications containing malware downloaded onto users’ phones after they browsed online, then charged their phone bill without their knowledge.

The malware was investigated by PhonepayPlus’ research team, following initial identification by Kaspersky Lab and using data provided by the internet security company. Consumers are being warned to look out for anything out of the ordinary on their phone bill.

The malware was contained in a number of adult applications, which downloaded automatically without users’ consent whilst they visited an adult website. Once installed consumers could inadvertently initiate a subscription by clicking anywhere on the screen. The app suppressed premium rate text messages, such that the phone’s owner would not know that they were being charged. 

Not obtained consumers consent

All three companies were unable to show that they had obtained consumers’ consent to be charged.

A number of consumers reported receiving explicit text messages, and told PhonepayPlus that they were shocked, describing themselves as “extremely upset” by “these vile messages”.  Amongst those who complained were a woman aged over 60 years old, parents who reported on behalf of teenage sons and daughters and one person who had been out of work for six months.

One complainant reported being billed £231, another reported that their daughter was charged £150 more over a three month period than usual, and another said that they had been receiving the explicit text messages for over two years before approaching PhonepayPlus.

Refunds for consumers 

Joanne Prowse, Acting Chief Executive of PhonepayPlus, said: “This mobile malware downloaded without mobile owners’ consent and hid the charges. It was found thanks to the work of PhonepayPlus’ research team and Kaspersky Lab. As a result of our investigation the companies involved have been fined £330,000 and refunds have been ordered for consumers.

“The digital economy is ever more central to people’s lives, bringing new opportunities for business, but also new risks to consumers through evolving mobile malware. Tackling this threat and supporting genuine innovation and good business within premium rate services is one of PhonepayPlus’ key priorities. This case of mobile malware is not typical of the majority of PRS businesses, which offer services that consumers enjoy and find convenient to use. 

“If the UK’s digital economy is to fulfil its potential we must all play our part, business, regulators, and government alike, in driving bad practice out of the market. We are working closely with business, online security experts and other regulators to ensure that consumers are protected from these risks.”

Read more on the PhonepayPlus website.

Please note: Action Fraud is not responsible for the content on external websites.

If you’ve lost money or information or your computer/smartphone has been taken over by a phishing or malware attack report it to Action Fraud.