Smartphone users are getting a nasty surprise when they see their monthly bills, discovering that they have run up huge phone bills for premium-rate text messages they did not send. This is one of the latest scams being used by online criminals to profit from the recent boom in smart phones and mobile web applications (apps), experts at GetSafeOnline.org are warning today.
Minister for Cyber Security Francis Maude said: “More and more people are using their smartphone to transmit personal and financial information over the internet, whether it’s for online banking, shopping or social networking. This latest research from Get Safe Online shows that 17% of smartphone users now use their phone for money matters and this doesn’t escape the notice of criminals. So while accessing the web via a mobile device can be fun and save time, it’s important to be vigilant. This week, we are encouraging everyone to take a few moments to visit www.getsafeonline.org and make sure they follow the right advice for using mobile devices securely and safely.”
Fraudsters are using online app stores to entice smart phone users to download rogue apps, says Get Safe Online, the UK’s national internet security initiative. Often masquerading as ‘free levels’ to popular and legitimate online games, or even as security tools, these rogue apps disguise malicious software (malware) which the user unwittingly downloads at the same time.
Once downloaded, this malware enables fraudsters to take control of the victim’s phone, allowing them to make calls, send and intercept SMS and voicemail messages, and browse and download online content. This enables them to gain access to all personal and payment data available on the phone - which can then be sold onto and used by identity fraudsters - and to ‘spam’ other mobile web users to commit further fraud.
In this latest scam, fraudsters are using this access to repeatedly send SMS messages to their own premium-rate services. Often the victim is unaware anything is wrong until they see their phone bill, or their network provider identifies ‘suspicious’ activity - by which time the fraudsters have moved on to other victims. These premium-rate SMS message scams are stealthier than previous premium-rate call scams because they do not ‘tie up’ a victim’s phone line and are able to hide any suspicious activity from the user.
Rik Ferguson, director for GetSafeOnline.org and of security research at Trend Micro, explains: “This type of malware is capable of sending a steady stream of text messages to premium rate numbers - in some instances we’ve seen one being sent every minute. With costs of up to £6 per message, this can be extremely lucrative. The user won’t know this is taking place, even if they happen to be using the device at the same time, as the activity takes place within the device’s ‘back end’ infrastructure. This can often continue for weeks before being noticed.”
Recent activity indicates fraudsters are capitalising on the boom in smart phone use; 59% of current users acquired their device in the last 12 months. This is coupled with the higher bandwidth and ‘unlimited’ web access now standard with many mobile network contracts, which has facilitated the increasing popularity of mobile apps - over a fifth (22%) of British mobile phone users are downloading new apps at least once a month, according to research released today by GetSafeOnline.org.
“With users now installing and removing apps with increasing frequency, the chance of encountering a rogue app is much higher. Smartphone security, such as anti-virus or anti-malware software, is available but not widely deployed. Soon it will need to be common place”, adds Ferguson.
Former high-tech crime investigator and managing director of GetSafeOnline.org, Tony Neate, explains: “Smartphones are now at as much risk from fraud as their computer and laptop counterparts, and represent big business for online criminals. These devices are essentially mini laptops with a wealth of personal information. Eighteen months ago, our primary concern was users not having secured the handset properly, giving fraudsters easy access to our data if it fell into the wrong hands; the majority of malware was relatively ‘trivial’. That has shifted and today there are clear signs of serious criminal intent to defraud users; we are seeing smart phones targeted by sophisticated and lucrative malware scams with increasing frequency and severity.”
Get Safe Online’s advice for avoiding rogue apps includes:
• Unfortunately rogue apps can appear in legitimate app stores as well as unofficial online stores, so it’s important to be extra vigilant when downloading new apps and to monitor your phone for any unusual activity
• Always check reviews and ratings as well as developer information before downloading a new app
• Malware can cause a lot of surreptitious activity on your phone, so battery performance might be a clue. If your battery suddenly starts draining really fast, consider that it might be a malware problem
• Make sure to check your phone bill online periodically - more often than once a month, that way you can keep tabs on any suspicious activity
In addition, Get Safe Online is working closely with PhonepayPlus, the UK’s premium rate phone regulator, in addressing the risks posed by rogue apps. PhonepayPlus has taken action against apps which maliciously charge consumers without their knowledge or consent and has recently issued a consultation on draft industry guidance on tackling this issue.
For more information visit the Get Safe Online and PhonePayPlus websites.
Please note that Action Fraud is not responsible for the content of external websites.
To report a fraud call Action Fraud on 0300 123 2040 or use our online reporting tool.