The Internet has dissolved the geographical boundaries and technological limitations that have constrained organized cybercrime in the past. We now live with cybercrime syndicates based in the US, Russia, Asia and all over the globe. When hackers in the US are sleeping, the ones in China are flexing their fingers on their keyboards, and the ones in Eastern Europe are waking up. Cybercrime never stops.
The brave—and ballooning—new world of smartphones and tablets offers tremendous scope and volume for these organizations. Mobile devices run on different operating systems and use different apps from PCs and Macs, which presents opportunities to create new device-specific attacks.
Even more interesting, mobile devices require an entire ecosystem of businesses to make them work. Data you transmit or receive has to make it through a conga line of companies that can include your device manufacturer, wireless carrier, app developer, app store, website host and email provider. Motivated by money and information, criminals exploit flaws in the underlying software and information handoffs of each of these players.
Here are two examples of how malicious software (malware)—downloaded through a fake app, a phishing or text message, or from a website—can net the criminals your information.
Text messaging fraud – Cybercriminals have figured out how to incorporate text messaging (SMS) into banking frauds. When you log on to perform a transaction (like checking your balance), banks often send a validation code to your mobile device via SMS. Banks figure if you are logging onto their website through your mobile device, a separate authentication through text messaging will help ensure that it’s really you logging in and provide an extra layer of security. However, mobile malware can collect that validation code and send it, along with your account number, password and “secret” security question to a cybercriminal. The perpetrators repeat this process reliably, victim after victim, bank after bank.
Premium SMS scams. Other malware can run so-called “premium SMS” scams, where you get billed for sending text messages you didn’t consciously send, or receiving messages you didn’t ask for. The malware on your device is doing the communicating—and conceals any confirmation message so you won’t notice until your bill comes. Organized crime networks have the sophistication and relationships to put together these sorts of multifaceted moneymaking schemes.
These guys are good at their jobs—they are truly organized and professional. Everything they do is about monetizing your information—your personal life. That’s why it’s critical for you to educate yourself on why you need mobile security and what scams are out there.
Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! (Disclosures)