| | | Effective PR

Why rob a phone? It's where the money is.

Nigel Morris-Co...

Is this how malware gets onto your mobile?

One of our rarely used e-mail addresses has been miraculously spam-free. Literally, no spam at all. Until about two weeks ago. Then something weird started to happen. And there's a pattern. Given the recent attacks on mobiles via WhatsApp, one has to ask: is this recent format spam directed at mobile users? Nigel Morris-Cotterill adopts a risk-averse approach while encouraging risk awareness.

These days, when I say that I don't use e-mail on my phone, the usual response is incredulity. But a series of spams that have hit the sandbox for a previously not-spammed e-mail address raises a suspicion that spammers and scammers may now be targeting those who use - and open links in - emails on their phones.

Why should this be? The first reason is that it's difficult to read on a phone. The second is that even those users who block HTML mail on their desktop don't do so on their mobiles.

Malware on mobiles is the holy grail for criminals. The reason is simple - the quotation often (but probably not correctly) attributed to Mack the Knife (Why rob banks? It's where the money is") is completely applicable to phones. As the world falls in love with fintech, many platforms are mobile first, even mobile only. Even desktop access to some bank's online services requires the installation of an App to use some aspects of it - and here I'm not talking about two-factor authentication by SMS.

Two factor authentication by SMS for transactions originated on a phone are a stupid idea (if a criminal has the phone he gets the SMS) but I approve of it for transactions made on a desktop and card transactions performed via kiosk.

The use of apps puts all kinds of security information onto the phone. Malware can be used to access such information and send it, without the user's knowledge, to the criminals. Encryption can be broken. Cloned apps and their data can be put onto another device.

Getting the malware onto a phone by background download from a link in an e-mail is child's play. But then it gets even more interesting. People distribute what they get on their phones. They call it "sharing" but that's a misnomer because if one shares something, say a sandwich, one has less of it left. This is replication and distribution. The cuddly term "sharing" actively diminishes the user's understanding of what they are doing - and the implications of it.

So, if the content is interesting, the links can spread by what has become second nature to many mobile users. It's not even necessary for criminals to adopt the old e-mail trick of copying information from an address book and sending messages to those in the address book.

And all of this is before we consider the risk of content, including images and documents, being transmitted from your phone to the criminals in the background leading to the very real risk of extortion, including sextortion and commercial harm as a result of the release of commercially sensitive information.

Below are samples of the messages that have arrived here. Readers should be extra cautious of e-mails from people they don't know. They may even want to adopt a white-list. Of course, that hasn't happened with desktop mail so there is little reason to expect that mobile users will do so. Yet the scepticism that at least some desktop users have developed seems to be largely absent when messages arrive on a "personal device."

That has to change.

---------- Messages --------------

Note: some of the e-mails are obviously fraudulent - they are "sent" from the same address as the target.

*Message from (265) 337-1071 on Thu, 14 Nov 2019 07:23:06 GMT*

Time: Thu, 14 Nov 2019 07:23:06 GMT
Click attachment [it's not an attachment - it's a link in the body of the mail]
to listen to Voice Message.


Several messages are said to arrive from Shortel but the sent address is a fake

*New message received"

Date: November 12th, 2019

Time: 01:40:11 p.m.


Hello, this is Andrew calling from Pitchbook..."

Listen to message

[in this case the URL in the link is at amazonaws.com, a service widely used by fraudsters]


In another type of scam, a "Delivery Status Notification (Failure)" says that a message to the same address as the mail was sent to, arrives saying that the sender's IP address ( is banned because it is listed on an anti-spam list. That is not one of our IP addresses. The returned mail contains an attachment which (I haven't opened it ) will contain whatever mail the criminals were trying to send using our previously untainted e-mail address as the sender.

---------------- Advertising ----------------

| |