Thanks to malware called FakeCall, cybercriminals can take control of their victims’ smartphones. FakeCall will then manage to redirect a seemingly secure call… to cybercriminals. Unsurprisingly, this scam is particularly used in banking transactions.
This scam starts in the traditional way: the victim is encouraged to download a file to their Android smartphone. In other words, it’s phishing. This file actually takes the form of malware known as FakeCall, and suffice to say that it is particularly formidable, as the media specializing in cybersecurity warns Dark Reading.
Once installed on the victim’s smartphone, this malware requests different authorizations: access to photos, access to contacts or even authorization to become… the default telephone interface. As you will have understood, this malware aims to take total control of your smartphone.
The heart of this scam therefore arrives now: given that the malware now has access to contacts and that its (fraudulent) interface is the default telephone application, the possibilities for deception are multiple.
The most common scam with FakeCall malware involves redirecting a call directly to cybercriminals. For example, a person calls their bank via the telephone number that we can find on the official website of the bank in question. At first glance, nothing indicates an attempted scam. However, thanks to FakeCall, cybercriminals can manage to intercept the call in progress and redirect it to them. The victim will therefore not notice anything.
But new technologies now allow the perpetrators of the FakeCall scam to go even further. Indeed, some of these cybercriminals do not hesitate to resort to vishing, in other words phishing as we know it, but through a voice, and not via SMS or emails.
A scammer will be able to modify his voice in order to pretend to be a bank advisor or to record fraudulent voice messages beforehand. He will then just have to encourage his victim to communicate various confidential information.
In order to avoid the FakeCall scam, several reflexes should be adopted. The first and undoubtedly the most important: never click on external links present, for example, in emails or SMS messages. If you download an app, always make sure to do so through the Google Play Store. Also check the positive or negative reviews, as well as the number of comments about an app (a small number of comments may indicate a fraudulent app). Also remember to delete unnecessary applications on your smartphone.
More generally, never communicate your personal information over the phone, even if the person on the other end of the line puts you under pressure. And if you have any doubts, go to your bank in person.
_
Follow Geeko on Facebook, Youtube and Instagram so you don’t miss any news, tests and good deals.
Receive our latest news directly on your WhatsApp by subscribing to our channel.
