Fake Alert Scams Increasingly Targeting Mobile Networks

CyberPanther

Level 7
Thread author
Verified
Well-known
Oct 1, 2019
303
Malicious actors have substantially evolved the use of fake alert scams in recent years, in particular, the increasing targeting of mobile users, according to a new report by Sophos.

The investigation, authored by Sean Gallagher, senior threat researcher at Sophos, found that “a vast majority” of the fake alerts in malvertising networks targeted mobile users. This is partly because mobile has become a greater source of internet traffic, but these devices also offer easier modes of attack compared to desktop. For instance, iOS Safari’s accessibility function allows pop-up ads to make phone calls to lure victims to a dodgy app on the corresponding app store without scammers needing to cold call or voice-phish victims.

Gallagher added that most of the iOS fake alerts discovered were linked to App Store listings for a group of apps that claimed to be virtual private networking and site blocker tools. These apps all included in-app purchases, requiring payments to be made following a trial period.

The study also observed that desktop tech support scam operations have evolved over the past decade, primarily shifting from call center cold calls to more automated targeting techniques. These include pull-based attacks based on Google search ads and search engine optimization, vishing campaigns prompting the target to call back and email or text phishing campaigns to lure targets to a fraudulent website.

In addition, it was highlighted how malicious alerts masquerading as pop-up/pop-under ads, such as PopCash.net and PopAds.net, are being routed through legitimate advertising networks. They are therefore able to slip through as blocking them would substantially disrupt these advertising networks’ business models.
 
  • Like
Reactions: ForgottenSeer 85179

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top