2:34 am (UTC-7) | by Noriaki Hayashi (Senior Threat Researcher)
One-click billing fraud, a scheme known for targeting PC users in Japan, now appears to target smartphone users as well.
The scheme, as its name suggests, tricks a victim into registering and paying for a certain service after being falsely led to a specific website. Instances of successful attacks have been increasing in Japan since 2004, which already amounts to 903 inquiries to the Information Technology Promotion Agency Japan in November 2009.
A typical attack involves a spam sent to the victim, which includes a link to a website that hosts free videos. The website lists videos with sensational titles to catch users’ attention. Trying to view any of the video displays a trailer, which explains why viewing it is free.
Once the trailer ends, a link that says “view more” is displayed, which the users must click to supposedly see the video they originally wanted to view. Instead, users are redirected to a page that they should register first to in order to become a member and are told to pay a fee. The window that informs users to pay will continuously be displayed on the screen unless they pay the said amount.
During our monitoring of sites related to this threat, I found one interesting URL that contains a Quick Response (QR) code and text that says, “Please kindly visit this site by mobile phone.”
When I scanned the code, I found that it leads to the same URL as the one that displayed in the QR code, except that it displays an adult site when accessed via a mobile device.
Checking the site’s Terms of Service, I found that the site charges a service fee of 49,800 Yen and is set to immediately charge a user once he/she has registered.
Clicking any of the videos in the site leads to an age verification page. Once users confirm their age and clicks “Register,” it triggers another display that says that data from the mobile device is now being transferred and registered.
Now, one can imagine how alarming the message can be to an average user, given that the website involved is an adult site. However, the fortunate truth is that the site is not capable of retrieving information from the device and of sending this to a remote website. The site simply displays information about the device such as the IP address as well as a customer ID and a device ID supposedly assigned to the user in an attempt to scare him/her into paying.
However, what makes this fraud noteworthy is that users may be convinced that their information was really sent to the adult site. In turn, they may be willing to pay the specified amount, fearing that not doing so may cause them trouble and embarrassment.
So why are cybercriminals who conduct this kind of scheme targeting smartphone users? My assumption is that they are leveraging the fact that mobile device users are still not fully aware that they are becoming a primary target of cybercrime. Also, smartphones have small screens, causing the URLs to not be fully displayed, which makes it difficult for users to verify if the URL is malicious or not. Smartphone users also tend to easily save their personal information such as private pictures, addresses, and schedules in these devices, making them prime targets of information theft.
With this, users are strongly advised to consider investing in an effective mobile security app. iPhone and Android mobile device users can respectively try out the Trend Micro Smart Surfing for iPhone and Trend Micro Mobile Security – Personal Edition apps.
Share this article