How to Squash the Android/TimpDoor SMiShing Scam

Tips & Advice

As technology becomes more advanced, so do cybercriminals’ strategies for gaining access to our personal information. And while phishing scams have been around for over two decades, attackers have adapted their methods to “bait” victims through a variety of platforms. In fact, we’re seeing a rise in the popularity of phishing via SMS messages, or SMiShing. Just recently, the McAfee Mobile Research team discovered active SMiShing campaigns that are tricking users into downloading fake voice-messaging apps, called Android/TimpDoor.

So how does Android/TimpDoor infect a user’s device? When a victim receives the malicious text, the content will include a link. If they click on it, they’ll be directed to a fake web page. The website will then prompt the victim to download the app in order to listen to phony voice messages. Once the app has been downloaded, the malware collects the device information including device ID, brand, model, OS version, mobile carrier, connection type, and public/local IP address. TimpDoor allows cybercriminals to use the infected device as a digital intermediary without the user’s knowledge. Essentially, it creates a backdoor for hackers to access users’ home networks.

According to our team’s research, these fake apps have infected at least 5,000 devices in the U.S. since the end of March. So, the next question is what can users do to defend themselves from these attacks? Check out the following tips to stay alert and protect yourself from SMS phishing:

  • Do not install apps from unknown sources. If you receive a text asking you to download something onto your phone from a given link, make sure to do your homework. Research the app developer name, product title, download statistics, and app reviews. Be on the lookout for typos and grammatical errors in the description. This is usually a sign that the app is fake.
  • Be careful what you click on. Be sure to only click on links in text messages that are from a trusted source. If you don’t recognize the sender, or the SMS content doesn’t seem familiar, stay cautious and avoid interacting with the message.
  • Enable the feature on your mobile device that blocks texts from the Internet. Many spammers send texts from an Internet service in an attempt to hide their identities. Combat this by using this feature to block texts sent from the Internet.
  • Use a mobile security software. Make sure your mobile devices are prepared for TimpDoor or any other threat coming their way. To do just that, cover these devices with a mobile security solution, such as McAfee Mobile Security.

And, as always, to stay up-to-date on the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

Products You May Like

Articles You May Like

Sent a photo to the wrong person? Facebook Messenger to let you unsend it
Utah man pleads guilty to causing 2013 gaming service outages
New Chrome version aims to remove all ads from abusive sites
Calling all hackers! Join us for TechCrunch China’s Shenzhen Hackathon on Nov 17
Hacker Who DDoSed Sony, EA and Steam Gaming Servers Pleads Guilty

Leave a Reply

Your email address will not be published. Required fields are marked *