Android is one of the most popular operating systems in the world, and while that’s good, it also comes with the bad, as scammers hit hard. What’s happening?
With Android found on practically every phone that isn’t made by Apple, cybercriminals have a target picked out for them, and it’s so common, it can make for some easy pickings.
It’s not that Android is easy to break into, but it can be easier than other operating systems, and while some phones have security baked into them, that’s not the case with every, and most people don’t buy into security.
That’s made for an interesting situation on the Android front, as Symantec has reportedly picked up on more scams making the jump from computers to mobiles, arriving in the form of the friendly “You’ve won” concept where users are given bait and then click (or touch, since this is a mobile) only to find disaster at the end of the rabbit hole.
According to a recent blog by Symantec on the subject, the scams can appear real because of localisation, taking advantage of your geographical location and simulating big brands you may recognise for their scams. They may even use the right logo from the company they’re faking, and offering a prize or cryptocurrency like Bitcoin, all in exchange for information, such as your name, your email address, phone number, and so on.
Fake online comments also help reinforce the idea that the scam is real, creating fraudulent pages made to look like Google or Facebook pages, which in the end only look real, though they can be convincing.
And while you might say that they only want a bit of information, the reality is that much like the fake social posts to help push you over the line, you’re not quite being fed the truth.
According to Symantec, some of these forms will lead to applications that will install themselves onto your phone without warning, while others will provide a time delay before they give you the payload, usually of advertisements meant to bombard your device with things that will make them money and frustrate you in the meantime.
“The malware might hit ad services to collect ad attributions, it might present a web dialog that tricks the user into giving up personal data (that malicious actors could then sell), or it might even install other malicious applications,” said Shawn Aimoto, Technical Product Owner for Norton at Symantec.
Unfortunately, installing an application and giving it admin rights is all too easy these days, because much like the terms and conditions of an internet service, few really read what they’re being asked to sign.
These days, every app is required to ask you for permission for access to services, something that usually happens upon first use of the app, not first install. Most will just click and provide access without even thinking, and fraudulent apps will likely hide their real app names in the process, disguising intent through deceit. That in turn can lead to an app having admin access, and to cybercriminals gaining access to your phone.
According to Aimoto, the scams can run on any Android device including that of Android Wear, but these won’t specifically run on the iPhone. That said, Aimoto does warn that iPhone owners aren’t completely immune.
“The majority of functionality is content presented from the server side,” said Aimoto to Pickr, highlighting how the Android scams work, but he added “similar scams are also present on iPhone.”
So what’s the solution?
Like most security squabbles, you’ll want to think before you click or touch, but it might be time to look into seeing whether your phone has security installed from the get-go, or whether you need to download and pay for some.
Security on phones is usually a yearly thing, though app scanners are generally free, and warn you before applications are going to try and take admin rights.
Devices like those made by Samsung, Sony, and Oppo may, in fact, have security built in, as more manufacturers are embracing a secure phone from the beginning, helping the out of the box experience altogether.
Check your phone by looking into its security settings or seeing if Norton, McAfee, AVG, Kaspersky, or any of the other many security solutions is installed in the apps section, and if not, check on the Google Play Store for one of them to find out if you can. If anything, even the free version should provide just a little bit of a sanity in this new battleground of phones.