This article describes one of the recent frauds used by cybercriminals to steal funds from people’s credit cards. Unfortunately, it is a simple one to pull off, so peruse the details below and make sure you don’t get on the hook.
The malicious logic in a nutshell
The malefactors use a legit remote access tool for mobile devices called AirDroid. They try to dupe as many people as possible into installing the app and authenticating with credentials provided by the attackers. The main target audience is 25 year-olds and up. The idea is to transfer money from a card by sending a specific text message to a short number on behalf of the victim. While this service number varies for different banks, regular Google search helps find it in the blink of an eye.
Dissecting the hoax
The hackers download the above-mentioned AirDroid app and install it on their PC. Before that, they create a Gmail account firstname.lastname@example.org and set a password test123.
Then they announce a recruitment for the position of an application tester. It doesn’t take any particular skills to qualify for the “job” – those hired will only need to install the app and test how it works. The payment is 40-60 USD, depending on how long the testing will last. 50% of the amount is paid in advance. The criminals’ objective is to recruit as many people as possible by posting ads on various boards and social networks. There tend to be a lot of people who get interested in this pseudo job because the offer appears to be a lure.
In response to the applicants’ messages, the rogues will provide the following information:
Hello and thank you for contacting us! The app is called AirDroid, it’s officially approved by Google Play and has been (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/featured/crooks-drain-your-credit-card-account/