#package #delivered #scam #diverts #data #clicks #smartphone
On the online scam side, it’s “one of the hits of the summer.” Except that the online pirates, in order to make new victims, have made something new out of the old. They reused the “package delivered” SMS scam technique, which had been around for several years, inviting would-be victims to click on a link to receive this non-existent package, but this time by diverting the victims’ phones.
“It is a process that had been triggered during the second confinement, with the boom in deliveries and that returns sporadically during the sales period,” explains Jean-Jacques Latour, knowledge manager at Cybermalveillance, the national assistance system for the victims.
These experts have seen this scam bounce back this summer. “We saw an increase in the phenomenon at the end of June, we told ourselves there was a problem because people have normally been aware of it for several years. We typically get fewer than ten support requests on this topic per day. At the end of June we had peaks with between twenty and thirty daily calls for help”, says Jean-Jacques Latour.
Only at the end of July, with the arrival of telephone bills, was the scope of the number of victims of this SMS that could have been sent to millions of people in recent weeks known. Because this time, cybercriminals have upgraded your device. Instead of the classic phishing, which implies that you would have to pay to receive your package, the new scam consists of recovering all the data on the phone and using this same phone to spread the virus.
One version for Android, another for iOS
Sekoia’s cybersecurity engineer, Quentin Bourgue, had received an SMS inviting him to click on a link at the beginning of the summer… This is what prompted him to investigate it. “What happens is that we arrive at a site that behaves differently depending on our situation: it is an error page if we are not in France, it discreetly installs malware (invisible and stealthy software) under the guise of an Android update. On iOS, it offers fake identification form in Apple ID. »
In any case, this “scam” has the same objective: to steal passwords, bank details, contacts, installed applications and calls made… It is through Android that the scam is most vicious since it intends to install, in two clicks. and without seeing anything, a fake application, which takes over the codes of the Google Chrome browser and asks for authorizations. Through iOS, all the information stored in the Apple ID is stolen. The pirates’ goal? Resell this information for gold.
Since the beginning of July and this alert from Sekoia, it is the fourth scam (out of fifty) that has sought the most help on Cybermalveillance. In the same period, the article about this threat, which has just been updated, is the second most read article on the cybermalveillance.gouv site. “Right now, 200 people come to read these precautions every day,” reveals Jean-Jacques Latour. Sekoia estimated that 70,000 French people had clicked on the link and/or downloaded the malware without their knowledge. “But every week, this number increases,” explains Quentin Bourgue.
a time bomb
Through Android, the infected phone is used to send malicious messages. In turn, it is used to send fraudulent text messages all over the world, leading to huge phone bills. That’s when the victims discovered that their phone was sending messages.
“This visible part of the scam attracts consumers. We must consider that your phone and all your accounts are compromised. Changing the SIM card is useless, warns Jean Jacques Latour. Hacking mailboxes, recovering identifiers, taking out consumer credit… People can have more problems later, overbilling is just the tip of the iceberg. The online hacker has stolen all the data from him, it’s a ticking time bomb”.
In Le Parisien, a telephone operator confirms having noticed “in July a (small) increase in people outside the package”. “These are a few thousand customers who have stepped out of the package without their knowledge and have contacted our customer service and been reimbursed,” he specifies. A victim who received this SMS says: “I clicked on this link which led nowhere. But this same SMS is now being sent every day on my mobile, all over the world and resulted in my overbilling. »
What to do if your phone is infested
It is possible to see if your Android smartphone is infested by the presence of a second Google Chrome app. “One of the two is malware and needs to be removed,” explains Quentin Bourgue.
The Cybermalveilence assistant device remembers your advice. “If you’re offered, on Android, to update Chrome after clicking this link or providing your credentials to Apple, it’s a scam. On iPhone, try to change your Apple IDs as soon as possible, before the hacker gets them.” then return to a specialist as soon as possible to reset the phone. Then it will be necessary to restore only your data and not the applications. Not forgetting to change all the passwords that were used on the phone once you have reinstalled them all. Report these scams to 33700 by forwarding the received scam SMS”, concludes Jean-Jacques Latour.