How often do you go over your mobile phone bill at the end of the month? Tap or click here for five ways to save money on your phone bill. Have you ever noticed anything strange, like a large number of text messages? If you have, you may have fallen victim to a dangerous new scam.
Cybercriminals are now going for a one-two punch by infecting your phone with malware and stealing your credit card details in the process. Research done by security firm Pradeo unraveled just how brazen cybercriminals are becoming.
Scammers are combining old tricks with new methods to spread chaos and get rich in the process. Falling victim to this scam will lead to enormous phone bills and banking fraud.
Here’s the backstory
Cybercriminals will first send a malicious text message to get your personal information for the attack to be successful. This is also known as a smishing Trojan. In it, the criminals claim that you need to pay a small fee for a package delivery by following a link.
Once you click on the link, a message will inform you that you need to update your Google Chrome to the latest version to proceed. Unsuspecting users will continue with the suggested update, but it’s nothing but cleverly disguised malware.
Once you have completed the transaction for the package delivery, which is usually no more than $2, the criminals have your credit card details. Not only did you hand over $2, but also the ability for them to drain your account.
But how did they get your number? Well, that is where the fake Google Chrome app comes in. The malware isn’t designed to steal your info but uses your phone as a proxy for sending out thousands of texts like the one you received.
“By combining an efficient phishing technique, a malware to propagate actively, and methods to bypass security solutions, this campaign is particularly dangerous,” Pradeo’s researchers explain in a blog post.
The fake Chrome app will also wreak havoc on your mobile phone bill. By using your number, the fake app sends more than 2,000 SMS per week. It’s active every day for two or three hours. The numbers targeted are seemingly random but follow a sequential pattern.
How to stay safe
The golden rule of online safety is never to trust anything from a person you don’t know. If the message or email seems strange, it’s always best to delete it. If you are not expecting a package delivery, there shouldn’t be any reason for you to follow the link and pay a fee.
Never give your credit card details to anybody that you can’t independently verify. In this case, it would be best to check with the package delivery company to authenticate the message. If a tracking number hasn’t been provided, it’s probably fake.
For Android users specifically, always download apps from the official Google Play Store. And never blindly follow a link in an unsolicited text or email. It could be malicious and infect your device with malware.