How to Avoid RuFraud/ SMS Scams

December 16, 2011

In line with our recent report on the RuFraud Scam, we discovered that SMS fraud similar to this nature is not new to Android. Does this mean that Google needs to tighten their security? We believe this is the case.

If you missed this earlier report we did, you can click on the link and take a look at the apps Lookout Mobile Security discovered as a scam. Even though the discovery of the scam was not confirmed yet, Lookout already described how the scam worked.

“The initial batch appeared as horoscope apps with a fairly hidden ToS indicating charges. The initial application activity presents the user with a single option to continue, which is presumed to be an agreement to premium charges that are buried within layers of less than clear links.”

With Android, because of its more open and unregulated app market, apps are allowed to be distributed without verifying the validity and security of the app first. This is a big issue considering the other mobile platforms have already done their part to ensure the safety of their loyal consumers.

But even without the verification of these apps, SMS fraud is not entirely unique to Android. In fact, it can circulate without the need for an app. Regardless of its utilized mobile platform, SMS phishing scams can easily circumvent around and trick people. Most often, victims of these scams receive a spam text message containing a link. Once they click on the link, it leads to a redirect that ‘approves’ a certain charge to their phone—this is the same way RuFraud scam operates.

However, a more dangerous type of smartphone fraud has recently been reported by Symantec. Fraudsters were successful in marketing a software application known as SMS Privato Spy. For only $50, the app promised to allow users to ‘view the phone screen live, activate and listen on the microphone, view call logs, and perform GPS tracking at all times.’ While it sounds like a really useful app, there is one problem—no such app existed anywhere. Users who were loomed into the marketing tactic and bought the app were fooled into paying for it, not knowing that fraudsters only took the money and ran away.

Even with the absence of a verification process in Android, it does not guarantee that other mobile platforms are free of frauds. iOS can also expose itself to such problems, once they fail to verify the validity of the apps that go through them. Perhaps the best way to avoid such scams is to inform each user to be wiser in approving transactions for apps they are interested in. Since apps are required to disclose information on what they intend to do, it should be the responsibility of each user to read them carefully before they approve and accept the agreement.

How to Avoid Being Scammed from Apps

If you don’t find it helpful to read the Terms of Service included with the app, there are some things you can easily do. Here are some of the best suggestions to avoid getting scammed:

  • Look at the reviews. If there are none, look for the apps that have been heavily downloaded by other people.
  • Look for a free version of the app. Think of it as a way you can get acquainted with the app and if it is good for you.
  • Be more vigilant about permissions that the app is requesting from you—think about it, does Angry Birds really need to send SMS messages in behalf of you?
  • Check whether the developer of the game is real– similar to the case of Angry Birds, everyone knows the developer is Rovio Mobile. If you find information that states otherwise, be cautious.

 

Really, the best way to steer clear from these threats is to gain a better understanding about mobile security. Make use of common sense and be skeptical before you download something new.

Comments