Don’t fall for ‘spoofing’
A local resident recently spoke with his dental office on his smartphone. After disconnecting, his smart phone began to ring again. The caller identified herself as being from his dental office and demanded a credit card payment. Something wasn’t right, as he had JUST spoken with them. He quickly double-checked the Caller ID (spoofed Caller ID) to verify it listed his dental office as the caller.
Caller ID spoofing is the practice of causing the telephone network to indicate to the receiver of a call that the originator of the call is a station other than the true originating station. For example, a Caller ID display might display a phone number different from that of the telephone from which the call was placed. The term ‘spoofing’ is commonly used to describe situations in which the motivation is considered malicious by the speaker or writer.
Here is how this Spyware works:
The Malware/Spyware is installed on the smart phone by masquerading as “Android security”. The spyware payload can be delivered to the smart phone device through many methods but is primarily dropped onto the device disguised as a security update. There are warning signs such as the application requesting elevated permissions which appears as a prompt for the user to accept. DO NOT ACCEPT unless you have verified the legitimacy of the update with your cellular provider.
Once the Spyware is attached to the smart phone, it monitors the incoming and outgoing phone calls and text messages. This malware captures caller ID information and called numbers. The collected information is then sent to a ‘command and control (CnC) server’ where the hackers harvest the data and implement some kind of Social Engineering Scheme such as the above described event where the Hacker pretended to be the dental office demanding payment.
- Never give out any information over the phone from an incoming call. Always initiate the call back to the calling party using their published number.
- Protect your mobile devices (Android AND iPhone) using mobile security software such as Lookout mobile. We do, and there is a no-cost version.
- If you are conducting business on your smart phone, you should have a professional managing the updates and security just like you do for your business office computers. Smart phones ARE computers, and are more vulnerable because they are mobile and typically not as well protected.
Contact Action DataTel at 541.494.2099 for more information about mobile device management (MDM) to protect your smartphones and tablets.
We like helping people stay secure!