This is the fifth in a series of posts about Cyber Defense that happened to real people in real life, costing very real money.
Kamil left a business meeting and immediately took out his phone to call a client. During the conversation the device buzzed with an incoming text message. After Kamil unlocked the screen, a text popped up:
“Thank you for activating the WEATHER TODAY service. You will be receiving a text message with the forecast three times a day. The daily cost of the service is one Euro. If you want to cancel your subscription, please text us ‘STOP.A133’ at 92590.”
Nothing of this made any sense to Kamil. He had never activated any service on that phone. It was a company phone, he used only to contact clients. In any case, he didn’t need any weather forecasts. In order to save his company money, he quickly followed instructions from the text and cancelled the service.
“Done!”, he thought and went back to his car to return to the head office of his firm, a consulting company.
But this was only the beginning of his troubles…
“Came to my office immediately”, read the email Kamil got from his boss Jacek two weeks later. “This must be about the contract with the bank that I finally closed,” thought Kamil and rushed upstairs to see his supervisor.
“Are you out of your mind?! There an extra 500 Euro on top of your phone subscription fees because you’ve activated some extra services! You have everything you need to work, unlimited calls, online access. But I will not burn the firm’s money for some stupid extras!”, Jacek fumed.
“Boss, I got a strange text about some weather forecast service, but I immediately blocked the subscription, I didn’t know there was any problem”, explained Kamil, surprised. He agreed to pay the fees out of his own pocket and immediately explain the whole situation. Jacek seemed to cool down a little, but promised that he would place a note on Kamil’s file if the issue wasn’t solved by the end of the month. “This time, I’m gonna keep it off-record, but I’m watching you”, the manager warned Kamil.
Startled and confused, Kamil decided to do some online research about WEATHER TODAY. As he saw the first browser hits, he already knew he found what he was looking for. An article on a professional computer security portal reported that the activation message was a ruse used to wrangle money out of unaware recipients of the text message. It was precisely the STOP.A133 message that cost Kamil 500 Euro.
He followed the article author’s advice and decided to install mobile security software that protects against spam. Having compared available options, he chose the best app from a reputable developer and never risked his job over an SMS message again.
Is there anything you can do to protect yourself besides installing mobile security and not responding to unsolicited texts from unknown senders?
“Some mobile operators will let you opt out of or disable billing through SMS messages,” F-Secure Security Sean Sullivan explained. “It is very surprising to me that many businesses don’t demand bulk disabling by default for their employer provided plans.”
To get an inside look at business security, be sure to follow our Business Insider blog.
This is a guest post from an F-Secure fellow. Hi, my name is Matti Aksela…
May 22, 2017
Last week’s WannaCry outbreak caused havoc in many parts of the world before subsiding thanks…
May 18, 2017