Recently I received this SMS on my mobile phone. Basically, it tells me I have to call back 018377xxxx to collect a parcel. As this phone number is not premium and I was indeed waiting for a parcel, I nearly fell in for the trick.
Figure 1. SMS scam received on the phone. It says: “E-Relay Hello, your parcel Ref: M794610 is waiting for you since July 8th, 2013. More details at 018377xxxx”
I guess that AV analysts get suspicious about everything, and I checked it on a search engine. I quickly found out that plenty of other victims were complaining about this.
This is how it works:
A crook buys several pre-paid cards and sends the SMS messages to the mobile phone numbers he has collected (he/she probably has a way to automate the sending). In my particular case, the SMS came from +3377035xxxx which corresponds to a pre-paid card bought from Virgin Mobile.
Then, when you call the phone number indicated in the SMS, you get to an answering machine with what I guess is the recorded voice of the crook, acting like a tired employee of the French postal service. He’s good at acting by the way, because it really sounds legitimate 😉 The recorded message says (in French), “Due to a technical issue, the customer service is currently unavailable. Please proceed to our web server, or if you are waiting for a particular parcel, please contact 08 99 86 xx xx”. Bingo! There we go with a premium phone number! All of it sounds so real that there is a good chance several victims will have fallen in for the trick and paid 1.35 euros per call and then 0.34 euros per minute. Usage of premium phone numbers is juicy for crooks.
Case in point: Android Fakemart
This is not a malware, but it is an SMS scam. Whenever you are in doubt when receiving an SMS which looks real, I’d suggest you do a basic search on Internet with the corresponding phone numbers and the body of the SMS message . It’s quite likely you’ll find out it is just another scam. In France, you can report SMS scams to 33700, an initiative supported by French operators.
How do they get my mobile phone number?
It’s quite easy.
- From lists of phone numbers exchanged or sold by advertisement companies
- From a search on Internet
- From other mobile malware which collect contact’s phone numbers (e.g Android/FakeInst.GA!tr or Android/Chuli.A!tr.spy). You need not be infected, but if your friends are, your phone number might leak.
- From compromised web databases where you entered your phone number.
– the Crypto Girl
Leave a reply