Pagoda Blog


Scam Of The Week: Mobile Ransomware

May 13, 2014

Here is a heads-up for your users that use mobile devices (and who doesn't). There are two mobile scams sticking up their ugly heads. First is using messages from "trusted" mobile apps to install malware on PCs. Second is the first mobile ransomware for Android. Send this (feel free to edit as much as you like) to your users and give them another heads-up. 

"The bad guys use what we call "social engineering" to make people click on links, and their scams often rely on exploiting trust. If they can make you believe a message is from a trusted source, chances are you will click. This trick has been used with email, instant messaging, social networks, and they are even spoofing SMS text messages. But the new frontier is mobile! 

"This is a heads-up that email messages from mobile apps like for instance WhatsApp or some other mobile app that you use are not automatically legit. The same rules apply as with normal email, check for Red Flags. If you click on an email message from a mobile app without checking for anything suspicious, you might download malware and infect your PC, so... Think Before You Click! 

"Next, there is malware that encrypts all your files and asks for a ransom to release the files. You get an email with an attachment and if you open the attachment, all your files are locked until you pay $500. It's called "ransomware". It's been around for PCs for a while and it's now out there in the wild for Android phones as well. 

"The mobile version is not as malicious as the PC version...yet. But it does throw up a nag screen claiming to be from a government site and states you have been looking at illegal content. The way your phone gets this type of infection is manually downloading software that claims to be a video player from another website than Google Play App Store. So the lesson here is only download from Google Play and even then you need to be careful!" 

PS, you may not be aware that we have a 15-minute add-on training module called Mobile Device Security that works great as reinforcement of your general security awareness message. More here:
http://info.knowbe4.com/mobile-security-module-14-05-13




Return to Pagoda Blog Main Page