Malware infested apps can send hundreds of premium texts, warns Get Safe Online
Smartphone users could be thousands of pounds in the red before they know it thanks to malware and rogue apps, a government backed Internet safety initiative has warned.
Fraudsters are currently loading rogue, malware infested apps onto legitimate app stores as well as unofficial online stores, according to Get Safe Online, an internet initiative backed by government, police and industry. Downloaded by users as ‘free levels’ to popular online games, or as security tools, compromised apps give criminals free rein over the victim’s phone.
Criminals can then make calls, send and intercept SMS and voicemail messages, and browse and download online content, said the organisation in a statement. They can also gain access to all personal and payment data available on the phone, which may then be used to ‘spam’ other mobile web users to commit further fraud, or sold onto and used by identity fraudsters.
One scam every minute
“The latest scam,” warns Rik Ferguson, director of Get Safe Online and also director of security research at Trend Micro, “Allows fraudsters to send a steady stream of text messages, up to one text message every minute, from an infested phone to their own premium-rate services, at a cost of up to £6 per message.”
Often the victim can remain unaware for weeks; until they see their bill, or their network provider identifies suspicious activity. This is because, unlike previous premium-rate call scams, these do not ‘tie up’ a victim’s phone line, with activity taking place within the device’s back end infrastructure.
The number of users transmitting personal and financial information on their smartphones has grown to more than 17 percent, while 22 percent of users download new apps at least once a month, according to the latest research from Get Safe Online.
This trend, along with the boom in smartphone use; 59 percent of current users acquired their device in the last 12 months, and the increase in mobile network contracts offering web access as standard, is creating new ways for criminals to extort money.
Serious criminal intent
“Smart phones are now at as much risk from fraud as their computer and laptop counterparts, and represent big business for online criminals. These devices are essentially mini laptops with a wealth of personal information. Eighteen months ago, our primary concern was users not having secured the handset properly, giving fraudsters easy access to our data if it fell into the wrong hands; the majority of malware was relatively ‘trivial’. That has shifted and today there are clear signs of serious criminal intent to defraud users; we are seeing smart phones targeted by sophisticated and lucrative malware scams with increasing frequency and severity,” said Get Safe Online managing director, Tony Neate,
“With users now installing and removing apps with increasing frequency, the chance of encountering a rogue app is much higher. Smart phone security, such as anti-virus or anti-malware software, is available but not widely deployed. Soon it will need to be common place”, added Ferguson.
Until then, Get Safe Online working closely with premium rate phone regulator, PhonepayPlus, to address the risks posed by rogue apps, reccomends being vigilant when downloading new apps and monitoring your phone for any unusual activity, including sudden increases in battery drain, a possible sign of surreptitious activity on your phone. The organisation also urges users to check reviews and ratings as well as developer information before downloading a new app. A good way of keeping an eye out for suspicious activity is by checking your phone bill more than just once a month, according to Get Safe Online.