By Maximilian Clarke

Smartphone users are getting a nasty surprise when they see their monthly bills, discovering that they have run up huge phone bills for premium-rate text messages they did not send.

This is one of the latest scams being used by online criminals to profit from the recent boom in smartphones and online apps, experts at GetSafeOnline.org are warning today.

“More and more people are using their smartphone to transmit personal and financial information over the internet, whether it’s for online banking, shopping or social networking,” said Francis Maude, Minister for Cyber Security.

“This latest research from Get Safe Online shows that 17% of smart phone users now use their phone for money matters and this doesn’t escape the notice of criminals. So while accessing the web via a mobile device can be fun and save time, it’s important to be vigilant. This week, we are encouraging everyone to take a few moments to visit www.getsafeonline.org and make sure they follow the right advice for using mobile devices securely and safely.”

Fraudsters are using online app stores to entice smart phone users to download rogue apps, says Get Safe Online, the UK’s national internet security initiative. Often masquerading as ‘free levels’ to popular and legitimate online games, or even as security tools, these rogue apps disguise malicious software (malware) which the user unwittingly downloads at the same time.

Once downloaded, this malware enables fraudsters to take control of the victim’s phone, allowing them to make calls, send and intercept SMS and voicemail messages, and browse and download online content. This enables them to gain access to all personal and payment data available on the phone – which can then be sold onto and used by identity fraudsters – and to ‘spam’ other mobile web users to commit further fraud.

In this latest scam, fraudsters are using this access to repeatedly send SMS messages to their own premium-rate services. Often the victim is unaware anything is wrong until they see their phone bill, or their network provider identifies ‘suspicious’ activity – by which time the fraudsters have moved on to other victims. These premium-rate SMS message scams are stealthier than previous premium-rate call scams because they do not ‘tie up’ a victim’s phone line and are able to hide any suspicious activity from the user.

Rik Ferguson, director for GetSafeOnline.org and of security research at Trend Micro, explains: “This type of malware is capable of sending a steady stream of text messages to premium rate numbers – in some instances we’ve seen one being sent every minute. With costs of up to £6 per message, this can be extremely lucrative. The user won’t know this is taking place, even if they happen to be using the device at the same time, as the activity takes place within the device’s ‘back end’ infrastructure. This can often continue for weeks before being noticed.”

Recent activity indicates fraudsters are capitalising on the boom in smart phone use; 59% of current users acquired their device in the last 12 months. This is coupled with the higher bandwidth and ‘unlimited’ web access now standard with many mobile network contracts, which has facilitated the increasing popularity of mobile apps – over a fifth of British mobile phone users are downloading new apps at least once a month, according to research released today by GetSafeOnline.org.

“With users now installing and removing apps with increasing frequency, the chance of encountering a rogue app is much higher. Smart phone security, such as anti-virus or anti-malware software, is available but not widely deployed. Soon it will need to be common place”, adds Ferguson.

Former high-tech crime investigator and managing director of GetSafeOnline.org, Tony Neate, explains: “Smart phones are now at as much risk from fraud as their computer and laptop counterparts, and represent big business for online criminals. These devices are essentially mini laptops with a wealth of personal information. Eighteen months ago, our primary concern was users not having secured the handset properly, giving fraudsters easy access to our data if it fell into the wrong hands; the majority of malware was relatively ‘trivial’. That has shifted and today there are clear signs of serious criminal intent to defraud users; we are seeing smart phones targeted by sophisticated and lucrative malware scams with increasing frequency and severity.”

Join us on

powered by Typeform