We use cookies on the site to improve our service. By clicking any link you are giving consent for use of cookies. Click here for more information
Personal
Business

Rogue Apps Sting Smart Phone Users in Premium Rate SMS Scam

• Fraudsters take control of phones and run up huge bills for victims

• Smart phones now ‘big business’ for online criminals

• Mobile malware has increased by 800% in just 4 months [1]

Smart phone users are getting a nasty surprise when they see their monthly bills, discovering that they have run up huge phone bills for premium-rate text messages they did not send [2]. This is one of the latest scams being used by online criminals to profit from the recent boom in smart phones and mobile web applications (apps), experts at GetSafeOnline.org are warning today.

Minister for Cyber Security Francis Maude said: “More and more people are using their smart phone to transmit personal and financial information over the internet, whether it’s for online banking, shopping or social networking. This latest research from Get Safe Online shows that 17% of smart phone users now use their phone for money matters and this doesn’t escape the notice of criminals. So while accessing the web via a mobile device can be fun and save time, it’s important to be vigilant. This week, we are encouraging everyone to take a few moments to visit www.getsafeonline.org and make sure they follow the right advice for using mobile devices securely and safely.”

Fraudsters are using online app stores to entice smart phone users to download rogue apps, says Get Safe Online, the UK’s national internet security initiative. Often masquerading as ‘free levels’ to popular and legitimate online games, or even as security tools, these rogue apps disguise malicious software (malware) which the user unwittingly downloads at the same time.

Once downloaded, this malware enables fraudsters to take control of the victim’s phone, allowing them to make calls, send and intercept SMS and voicemail messages, and browse and download online content. This enables them to gain access to all personal and payment data available on the phone - which can then be sold onto and used by identity fraudsters - and to ‘spam’ other mobile web users to commit further fraud.

In this latest scam, fraudsters are using this access to repeatedly send SMS messages to their own premium-rate services. Often the victim is unaware anything is wrong until they see their phone bill, or their network provider identifies ‘suspicious’ activity - by which time the fraudsters have moved on to other victims. These premium-rate SMS message scams are stealthier than previous premium-rate call scams because they do not ‘tie up’ a victim’s phone line and are able to hide any suspicious activity from the user.

Rik Ferguson, director for GetSafeOnline.org and of security research at Trend Micro, explains: “This type of malware is capable of sending a steady stream of text messages to premium rate numbers - in some instances we’ve seen one being sent every minute. With costs of up to £6 per message, this can be extremely lucrative. The user won’t know this is taking place, even if they happen to be using the device at the same time, as the activity takes place within the device’s ‘back end’ infrastructure. This can often continue for weeks before being noticed.”

Recent activity indicates fraudsters are capitalising on the boom in smart phone use; 59% of current users acquired their device in the last 12 months [3]. This is coupled with the higher bandwidth and ‘unlimited’ web access now standard with many mobile network contracts, which has facilitated the increasing popularity of mobile apps - over a fifth (22%) of British mobile phone users are downloading new apps at least once a month, according to research released today by GetSafeOnline.org [4].

“With users now installing and removing apps with increasing frequency, the chance of encountering a rogue app is much higher. Smart phone security, such as anti-virus or anti-malware software, is available but not widely deployed. Soon it will need to be common place”, adds Ferguson.

Former high-tech crime investigator and managing director of GetSafeOnline.org, Tony Neate, explains: “Smart phones are now at as much risk from fraud as their computer and laptop counterparts, and represent big business for online criminals. These devices are essentially mini laptops with a wealth of personal information. Eighteen months ago, our primary concern was users not having secured the handset properly, giving fraudsters easy access to our data if it fell into the wrong hands; the majority of malware was relatively ‘trivial’. That has shifted and today there are clear signs of serious criminal intent to defraud users; we are seeing smart phones targeted by sophisticated and lucrative malware scams with increasing frequency and severity.”

Get Safe Online’s advice for avoiding rogue apps includes:

In addition, Get Safe Online is working closely with PhonepayPlus, the UK’s premium rate phone regulator, in addressing the risks posed by rogue apps.  PhonepayPlus has taken action against apps which maliciously charge consumers without their knowledge or consent and has recently issued a consultation on draft industry guidance on tackling this issue [5].

  • Unfortunately rogue apps can appear in legitimate app stores as well as unofficial online stores, so it’s important to be extra vigilant when downloading new apps and to monitor your phone for any unusual activity
  • Always check reviews and ratings as well as developer information before downloading a new app
  • Malware can cause a lot of surreptitious activity on your phone, so battery performance might be a clue. If your battery suddenly starts draining really fast, consider that it might be a malware problem
  • Make sure to check your phone bill online periodically - more often than once a month, that way you can keep tabs on any suspicious activity

Get Safe Online Week 2011
The increase in smart phone malware is one of the key threats being highlighted at the annual Get Safe Online Summit taking place in central London this morning, marking the start of this year’s Get Safe Online Awareness Week, which runs from the 7th to 11th November. At the Summit, Get Safe Online will also launch its 2011 Report, UK Internet Security: State of the Nation.

For information and advice on how to guard against online fraud and other internet crime, visit the Get Safe Online website at www.getsafeonline.org. Web users affected by the ‘premium rate SMS scam’ should contact PhonepayPlus via www.phonepayplus.org.uk.  

 

Notes to Editors:

[1] Trend Micro’s Threat Spotlight, August 2011, based on data collected 2011 
[2] ‘Smart phones’ refer to mobile devices with internet access. ‘SMS’ and ‘text messages’ refer to the short message service format. 
[3] Ofcom Adults’ Media Literacy Report 2011 
[4] Unless otherwise stated, all figures are taken from the 2011 Get Safe Online survey, independently carried out by ICM Research in September & October 2011. The survey interviewed 1,000 adults over the age of 18 with access to the internet.
[5] For further information, please refer to the PhonepayPlus website.