Translation of message above:
You have been charged PHP 300 in your bill for calling a landline number using your postpaid plan. If you want to waive this charge, just text 300 CANCEL and send to 293644993836 and reply YES to the next message that you will receive to cancel the charge.
With Globe Telecomm Philippines, you can share phone load to other Globe numbers by sending an amount to the number 2 + (desired recipient's phone number). However, scammers have started targetting this for collecting money from unsuspecting victims by sending the message above.
To explain the "YES" part, initially Globe will automatically send the amount you entered to the phone number. To protect consumers, Globe has decided to put a two-step verification for sharing phone load and will require you to reply YES to the next message and the scam message above was updated to get you past the two-step verification and unwillingly share your monies to that number.
If I were the head of this scamming syndicate...
I would organize a malware team that automates the following steps:
- Send a phishing link as text messages to targeted victims to make them download and install malware with promise of freebies.
- User will not check permissions and just install it. Usual.
- The malware will hijack the SMS features and send a load share request
- Malware deletes SMS request from history
- When phone receives new SMS, malware doesn't show new message notification to user.
- Malware automatically replies YES to the confirmation message
- Malware delete traces of the transaction.
And voila, users wouldn't even know what's happening while underneath, a malware has already been siphoning phone load out of their mobile accounts to throwaway numbers.
Is this possible?
So how do you as a regular non-techy Android phone user help prevent this?
Here are a couple of tips:
- Never install anything from outside the Google Play Store. Even if it promises free movies, girls, a cracked game with unlimited coins, or porn.
- Block any installation from outside the Play Store by NEVER enabling Unknown sources option in the system settings. If you enable this, you will be prone to installing malware from outside Google Play Store. If you keep this disabled, apps that were downloaded but not from Google Play Store can't be installed even if it has been saved to your phone.
- Don't click on links from messages unless you were expecting them.
- When installing an app from the Google Play Store, check the permissions and see if it applies to the functionality of the app. If it's a wallpaper app, it shouldn't be reading your SMS or contacts, etc.
- And other Android safety tips.
Stay safe on the web! And teach your kids about online safety by letting them visit the iZ Hero website, an interactive privacy tutorial game!