Smartphone banking continues to grow amid security concerns
A new smartphone scam could give crooks access to your bank account. Police say thieves are sending text messages disguised as party invitations. Once you click on the link in the invite, a hacker can access your phone and sends out additional invites on your behalf; giving the hacker additional phones to electronically hijack. A fake security request is then sent to your phone, asking you to update your bank information. From there, the thief has all that's needed to access your bank account. Such access enables payments to be billed to telecommunication companies.
The scam is known as "smishing," which refers to financial fraud via text messages. The term is a combination of short message services (SMS) and "phishing," the term used to describe phone fraud.
These electronic invites are the latest way swindlers are gaining access to personal bank information through cell phones. As mobile invitations become more widespread as a means of inviting guests to important events such as children's first birthday parties, weddings and funerals, they are becoming a tool for scams. Victims of this kind of fraud are rapidly increasing. According to the National Police Agency, there were 20,000 cases of smishing from January 2012 to July 2013. Police estimate a total of 4.1 billion won were taken during that period.
More people bank on smartphones
More people are banking with smartphones. According to the Bank of Korea, the number of smartphone bankers grew by 11.5 percent in the second quarter to 31.31 million, from 28.07 million in the first quarter. An average of 2,032 transactions happen via smartphones everyday. Plus, the amount of money changing hands through online banking is also increasing, reaching a daily average of 1.35 trillion won.
While the conveniences of a smartphone are numerous, police say it's important to be aware of potential scams.
According to a recent report from security firm TrendMicro, the number of malicious and high-risk Android apps grew to 718,000 in the second quarter from 509,000 in the first. It's estimated that 350,000 of these potentially harmful apps were created in the last six months alone. Moreover, reports of smishing victims continue to file in.
How hackers get your information
Most smartphone users are unaware of potential scams and aren't sure how their financial information is accessed. According to an official at the Financial Security Agency who requested anonymity, there are three ways hackers can find your personal information: banking apps, smishing, and self-hacking methods like jailbreaking a phone.
Banking apps have security measures in place to block hacking attempts, so they have been safe so far.
The majority of scammers use the smishing method to hack into phones because it is easier. Payments made through smishing are not made by money in bank accounts as they are billed to telecommunication companies. Billing the cost of an item purchased online to one's telecommunication company is a widely used method. Payments are made as an addition to one's mobile phone bill. A loophole in this billing system is that a single text message or phone call to the telecommunication firms certifying the payment enables the it to take place. Hackers abuse this to make purchases through victims' telecommunication companies.
Other routes that could entail hacking are "rooting" and "jailbreaking." These terms refer to the user hacking his or her own smartphone to gain access as the top administrator. Rooting refers to the practice by those using Android phones because the account accessed by the administrator is called a root. Jailbreaking is the same practice conducted on iOS phones. Users attempt at this practice to gain authority to make use of various functions — such as changing icons or fonts or conducting updates of operating systems — that are inaccessible otherwise. However, rooting or jailbreaking can be risky because malicious codes can break in while the security system becomes loose.
"So far the damage seems to be centered on smishing victims, but there is always a possibility that new strains of malicious codes can be developed, so there is always some degree of risk for other mediums as well," the official said.
Cautionary measures for users
In light of the increasing number of smishing cases, the National Police Agency's Cyber Terror Response Center is offering several pieces of advice. First, do not click on links in text messages from unidentified sources. Even if the message is from a friend, recipients should call the person to verify the message. Smartphone users should also contact telecommunication companies and request that they block all kinds of payments or set a limit on the account. Another safeguard is to install vaccine programs for smartphones and update them periodically to prevent malicious codes from being installed.
In addition, smartphone users can add keywords like "gift voucher" and "free" to their spam filters to block potential scams. When downloading apps, order from official sites like the App Store, Tstore, Olle Market or Uplus App Market. Finally, smartphone users should never give out personal banking information when prompted to enhance security or update their phone. (The Korea Times, Sep. 8th, 2013)