On the online scam side, it is “one of the hits of the summer”. Except that online pirates, to make new victims, have made something new out of the old. They reused the technique of the “parcel delivered” SMS scamwhich has existed for several years, by inviting future victims to click on a link to receive this non-existent package, but this time siphoning off the victims’ telephones.
“It’s a process that exploded during the second confinement, with the boom in deliveries and which comes back episodically during the sales period”, explains Jean-Jacques Latour, expertise manager at Cyber-Maliciousnessthe national victim assistance system.
These experts have seen this scam bounce back this summer. “We saw an increase in the phenomenon happen at the end of June, we said to ourselves that there was a problem because people have normally been aware for several years. Usually, we have less than ten requests for assistance on this subject per day. At the end of June, we had peaks with between twenty and thirty daily calls for help, ”says Jean-Jacques Latour.
It was only at the end of July, with the arrival of the telephone bills, that the extent of the number of victims of this SMS which could have been sent to millions of people in recent weeks, was revealed. Because this time, cybercriminals have upgraded their device. Rather than classic phishing, implying that you would have to pay to receive your package, the new scam consists of recovering all the data from the phone and using this same phone to spread the virus.
One version for Android, another for iOS
Cybersecurity engineer at Sekoia, Quentin Bourgue had himself received an SMS inviting to click on a link at the beginning of the summer… This is what prompted him to investigate it. “What happens is that we arrive on a site that has different behaviors depending on our situation: it’s an error page if we’re not in France, it installs discreetly malware (invisible and sneaky software) under the pretext of an update on Android. On iOS, it offers a fake identification form on Apple ID. »
In any case, this “scam” has the same objective: to steal passwords, banking information, contacts, installed applications and calls made… It is via Android that the scam is the most vicious since it aims to install, in two clicks and without seeing anything, a fake application, which takes over the codes of the Google Chrome browser and asks for authorizations. Via iOS, all the information stored on Apple ID is stolen. The goal for the pirates? Resell this information for gold.
Since early July and this alert from Sekoia, it is the fourth scam (out of fifty) that seeks the most assistance from Cybermalveillance. Over this same period, the article on this threat, which just updated, is the second most read website cybermalveillance.gouv. “Right now, 200 people come to read these precautions every day,” reveals Jean-Jacques Latour. Sekoia estimated that 70,000 French people had clicked on the link and/or downloaded the malware without their knowledge. “But every week, this number increases,” explains Quentin Bourgue.
A time bomb
Via Android, the infested phone is then used to send malicious messages. It is in turn used to send scamming text messages all over the world resulting in huge phone bills. It was then that the victims discovered that their phone was sending messages.
“This visible part of the scam appeals to consumers. We must consider that their phone and all their accounts are compromised. Changing the SIM card is useless, warns Jean Jacques Latour. Hacking into mailboxes, recovering identifiers, taking out consumer credit… People can have more trouble afterwards, overbilling is only the tip of the iceberg. The online hacker has stolen all your data, it’s a ticking time bomb”.
At Le Parisien, a telephone operator confirms having noted “in July a (small) increase in people outside the package”. “These are a few thousand customers who have gone out of the package without their knowledge and who have requested our customer service and have been reimbursed,” he specifies. A victim who received this SMS says: “I clicked on this link which led nowhere. But this same SMS is now sent every day by my mobile, all over the world and resulted in my overbilling. »
What to do if your phone is infested
It is possible to see if his Android smartphone is infested by the presence of a second Google Chrome application. “One of the two is the malware and it must be removed,” explains Quentin Bourgue.
The Cybermalveilence assistant device recalls his advice. “If you are offered, on Android, to update Chrome after clicking on this link or to provide your credentials for Apple, it is a scam. On iPhone, try to change your Apple IDs as soon as possible, before the hacker recovers them. Then go back to a specialist as soon as possible to reset the phone. It will then be necessary to restore only your data and not the applications. Not forgetting to change all the passwords that were used on the phone once you have reinstalled them all. Report these scams to 33700 by forwarding the scam SMS received”, concludes Jean-Jacques Latour.