Scams target smartphones and utility company customers

Taking Back the ID: Identity theft prevention analysis

On Jan. 7, SC Magazine reported that IntelCrawler, a cybercrime research company in Los Angeles, detected a new type of malware, "XXXX.apk," which has infected close to 24,000 smartphones. (See Thousands of smartphones infected with 'spy' malware, by Tim Ring.)

The smartphone brands infected so far, according to IntelCrawler in Ring's article, include the HTC Sensation and Amaze 4G, the Google Nexus, the Samsung GT I9300 and Galaxy Note II SCH-I605. He writes that malware also has been found on the LG Motion 4G (MS770), Huawei U8665 and Alcatel One Touch. No doubt, other brands will be infected over time.

At this point, according to IntelCrawler in the SC Magazine article, cybercriminals are using the XXXX.apk malware for spying on individuals; collecting technical information about each of their smartphones, including its location, "phone model, encryption method, password, use of Wi-Fi networks"; and to act as "zombies" to collect data about surrounding hotspots.

The list of hotspots extracted from the compromised smartphones, according to IntelCrawler in the article, include "restaurants, VIP lounges in the international airports and luxury hotels, to corporate wireless and SOHO [‘small office, home office'] networks, from peaceful citizens to government employees" from locations in China, the U.S., the EU, Israel, India, Singapore and Russia. This definitely indicates that the malware is widespread, which doesn't speak well for its potential for criminal activity.

This malware, according to IntelCrawler in the SC Magazine article, has the technical ability to detect a connection to users' PCs through USB ports. Cybercriminals use this connection to hack into PC users' home wireless networks, infect them with malware and steal personally identifiable information.

A spokesman at IntelCrawler, according to the SC Magazine article, said the malware was probably included in fake mobile apps, which users purchase. Cybercriminals have had a history of constructing fake apps infested with malware and selling them on mobile marketplaces.

Of course, not all mobile apps contain malware, but history tends to indicate that those offered on the Apple iTunes market go through more rigorous, stringent security checks than the Android market. Of course, this is the reason malware developers prefer to target the Android operating system.

These threats will increase as more organizations allow their employees to access corporate data with their smartphones and tablets using a BYOD policy or "bring your own device."

According to a Jan. 8 article, Security researchers discover new smartphone threat, on the Proofpoint website, "XXXX.apk's presence in the mobile threat landscape is a reminder to BYOD-adopting firms of just how critical an effective data protection strategy is in light of the growing interconnectedness of devices. If the malware were to infect an employee smartphone, it could relay corporate data to hackers or infect company-owned computers to which the individual connected the device."

Don't let a harmful app ruin your day

Google offers advice for those using devices with its operating system in Protect against harmful apps.

About verifying apps

• "Some applications can harm you or your device. You can choose to verify apps in order to help prevent harmful software from being installed on your device."
• "If you attempt to install an app from any source while app verification is turned on, your device may send information identifying the app to Google."
• "If the app is harmful, Google may warn you not to install it, or it may block the installation completely. Google will also periodically scan for harmful apps that are already installed. For a potentially harmful app, you'll be notified that you should uninstall it. If an app is known to be unsafe, Google may remove it from your device."
• "When you verify applications, Google receives log information, URLs related to the app, and general information about the device, such as the Device ID, version of the operating system, and IP address."

Control app verification

• "Android devices that have Google Play installed have the option of using Google as an application verifier. App verification is turned on by default, but no data is sent to Google unless you agree to allow this when asked in the dialog that appears prior to installing the first app from a source other than Google Play."
• "To manage app verification, go to your device's apps menu and touch Google Settings > Verify apps. Touch the box next to verify apps; the setting turns on when the check mark appears. If your device is running Android 4.2 and higher, you can also go to Settings > Security > Verify apps."
• "If you have a tablet with multiple users, only the tablet's owner can change this setting."
• "App verification is available when you choose to install apps from sources other than Google Play. To install apps from other sources, go to Settings > Security, then touch the box next to Unknown sources."

"If you attempt to install an app that may be unsafe, you may see one of the following dialogs: ‘Installing this app may harm your device' or ‘Installation has been blocked.' "

Scan for harmful apps

• "When "Verify apps" is turned on, Google regularly scans for potentially harmful apps that are already installed."
• "After an app is scanned, you may see one of the following screens: ‘Google recommends that you immediately uninstall this app' or ‘To protect you, Google uninstalled this app.' "

Turn off app verification

• "If you wish to stop verifying applications at any time, go to Google Settings > Verify apps, then touch the box to remove the check mark."
• "For devices running Android 4.2 and higher, you can also go to Settings > Security > Verify apps."

Users should always use mobile security software from vendors they can trust and install apps from the main app stores.

Scam continues to target utility customers

I've reported on this scam before (Fraud Magazine, July/August 2014) but it bears repeating because fraudsters are still using it with different iterations.

According to New Scam Targets Utility customers, by Herb Weisbaum, on Oct. 9, 2013, by CNBC on the Yahoo! Finance site, Duke Power sent a fraud alert to their business and residential customers in South Carolina, Kentucky, Indiana, Ohio and Florida, which warned them of a scam that's spreading throughout the U.S.

A fraudster will call you and claim to be from your local power company. He says your account is delinquent, and you must pay your bill immediately to prevent disconnection. He uses spoofing technology to display the name and telephone number of your power company on your caller ID.

Panic might prevent you from thoughtfully considering the call and realizing it's a scam. Companies, such as restaurants, are vulnerable because no electricity means no customers.

The fraudster orders you to: 1) purchase a Green Dot MoneyPak card (a prepaid debit card) and 2) call the fraudster back to give him the number on the card, which he uses to transfer the money.

These fraudsters like to use the MoneyPak cards because many of them are making their calls from other countries. They can transfer the money on the cards quickly from anywhere in the world without being caught.

Individuals have lost hundreds of dollars each to this scam and some businesses have lost thousands. Fraudsters often will call victims back to try the scam again. As with many lucrative scams, this one is difficult to shut down, and so it persists.

Energy companies usually don't call customers and threaten to disconnect their power. They usually send notices and give customers time to work out plans and pay their bills. Also, they won't call and say "pay it with a Green Dot MoneyPak card."

Of course, when you get a call like this, hang up. If you have any questions about your bill, call the power company but obviously don't use the number on your telephone ID display.

More help for the community

I hope you'll share this information with your family, friends and clients and include it in your outreach programs. We must step up our efforts to educate the public on how to safeguard their devices from cybercriminals to avoid having sensitive information stolen, which will help to reduce identity theft.

Cybercriminals take advantage of any opportunity to develop schemes to rob consumers of their resources. Even though the hackers have the upper hand, an educated community will help curb the damage.

Please contact me if you have any identity theft issues you'd like me to research and possibly include in future columns, or if you have any questions related to this column or any other cyber security/identity theft questions. I don't have all the answers, but I'll do my best. Stay tuned!

Robert E. Holtfreter, Ph.D., CFE, CICA, is distinguished professor of accounting and research at Central Washington University in Ellensburg, Wash. He serves on the Advisory Council and the Editorial Advisory Committee for the ACFE.

Read more insight and discuss this article in the ACFE's LinkedIn group.

The Association of Certified Fraud Examiners assumes sole copyright of any article published on www.Fraud-Magazine.com or ACFE.com. Permission of the publisher is required before an article can be copied or reproduced.