Criminals are becoming more and more clever. Android users need to watch out for another SMS scam – this time, thieves are impersonating mCitizen by sending an SMS about the second dose of vaccination. You should delete such message as soon as possible.
“We are observing a new campaign targeting Android phone users, which aims to infect them with Alien malware,” warns CERT Polska on its Twitter profile.
The way these scams work is always similar – the user receives an attention-grabbing SMS and a link. Clicking on it usually takes the user to a fake website. Following the instructions of criminals will lead to dire consequences.
In this case the link leads to a page that looks like the Google Play store. Criminals created a special website that looks deceptively similar to a subpage that allows you to download the popular mObywatel application. However, it is a ruse. “Once installed, the malicious application gains the ability to steal login credentials, including those for banking services, social networking sites or cryptocurrency-related sites” – CERT Poland warns.
– Such actions are usually aimed at phishing. That’s why you shouldn’t click on links if you don’t know where they come from. It is also a good idea to take a look after launching an application to see what permissions it is requesting. If an application supporting financial management wants to access a photo library, it becomes very suspicious. Besides, you should periodically review and delete the unused ones. A good practice is to use antivirus software – advises Dariusz Woźniak from Marken, the distributor of Bitdefender solutions in Poland.
In recent weeks Poles have received, among other things, text messages with false information about winning the Vaccine Lottery and messages about missed voicemails. What can you do in such a situation, besides deleting the message?
Here’s expert advice:
– Carefully check the appearance and address of the page (at first glance, it may not differ from the official one, but it is enough to look closely to find, for example, a minor typo), where you enter login details, personal information or payment card.
– Don’t act under time pressure, watch out for emails, text messages, websites, apps and phone calls that urge you to act immediately.
– Beware of sensational messages, sites that require extra login, including those shared from friends’ social media accounts.
– Verify sources of information before acting on or replicating it.
– If you are not sure that a given piece of information is true – contact the alleged sender through another known channel and/or seek confirmation of the information in other sources.
– Report to the NASK CSIRT every suspicious website, as well as e-mails and SMS messages that may be phishing.