Toll fraud: Lurking thieves steal money through your texts

Toll fraud — no, it’s not driving through the E-ZPass lane when you pay cash. It’s a growing threat to your smartphone, and it’s one of the biggest of the year, according to a recent study by security company Lookout Mobile.

“It’s abundantly clear that toll fraud is taking over,” said Derek Halliday, Lookout Mobile’s lead security project manager in an interview with VentureBeat. “Malware developers are following the money and that’s something you can expect them to do. The money is in toll fraud. It’s the simplest way for a malware writer to steal money.”

You know those commercials that say, “Text 555555 to get a new ringtone everyday!”? When you text to that number, a trusted chain of about five steps happens:

1. A customer texts the number, alerting an aggregator — working for the ringtone provider — that he wants to order daily ringtones.
2. Through the aggregator, the ringtone provider sends a confirmation text message to the customer (or sometimes two depending on that country’s regulations) to the customer.
3. That customer approves the charges and starts getting ringtones.
4. The customer is billed through his wireless carrier.
5. The wireless carrier receives payment and sends out the ringtone payment to the provider.

Make sense? Here’s how the malware, notably the most popular form called FakeInst, works:

1. A customer downloads an app that sends out an SMS message to that same ringtone provider.
2. The ringtone provider sends the confirmation message, but instead of reaching the smartphone owner, the malware blocks and confirms the text message before the user ever knows.
3. The malware writers further jumps in between the wireless carrier and the ringtone provider, pretending to be an aggregator, and collects the money you just paid through your bill.

Toll fraud strains such as FakeInst are also able to get past antivirus software by masquerading as a new and unique piece of malware. Antivirus software comes packed with a knowledge bank of what different malwares look like and receives updates as new malware is found. But Fakeinst’s malware writers are able to sneak past antivirus walls simply by inserting a new element, such as an image, into the code. It makes the malware just different enough that the antivirus software can’t detect it.

The majority of phones infected have been Androids, but that’s likely because Android phones are able to download apps from anywhere, as opposed to iOS devices, which only accept apps from Apple’s App Store. But that doesn’t mean your iPhone isn’t susceptible.

“In general the method of fraud — and toll fraud in particular — can be cross platform,” said Halliday “Anything that’s able to send a message.”

And protecting yourself against toll fraud really comes down to some simple measures. Halliday suggests your should check your phone bill, be aware of what you’re downloading, and to make sure the marketplace you’re downloading from is trusted.

The bulk of those affected by these types of attacks are not in the United States. Eastern Europe and Russia are the countries being hit the hardest right now. This may be due to lax regulations on confirmation text messages or a variety of unsafe application marketplaces.

That’s only dealing with hackers interesting in making money off of you, however. What about the threats that users face when it comes to those that break into devices for moral or political reasons. Hacker collectives such as Anonymous often take down websites and steal information to make a point more than to profit.

“The trends we’ve seen over the past year do point to people who are trying to make a buck. That’s far and away the biggest trend we’ve seen. When you look at things like hacktivism and the risk … I think it all comes back to what the average user’s exposure to those types of risk is.”

Halliday says people should employ “a healthy degree of skepticism” in all their activities online, but for now toll fraud just might be a bigger threat.

Images via Lookout Mobile