In the first quarter of 2018 alone, Americans on Android mobile phones accessed 23 suspected malicious URLs per minute. From fake virus alerts to phoney dating sites, new Android scams have targeted a huge number of victims so far this year.
A massive report just out from PSafe's dfndr lab has analyzed 200 million digital files from more than 21 million active users of their security app.
So, what type of scams gained the most clicks from those 21 million smartphone owners? Here's the rundown on the top three scams that worked the most often in the first few months of this year, as well as a few other fascinating insights the PSafe team gleaned from their app data.
After some extra online security and privacy? Read our PureVPN review to learn why we think it's the best VPN for 2018
#3: Fake Giveaways
One popular method scammers have been using to phish for personal data on Android mobile phones? Fake promotional stunts and sweepstakes.
The scam — which has been detected by dfndr lab 108,106 times — works by dangling an impressive cash prize in front of the phone users. It urges potential victims to take an action in order to qualify for a shot at winning. Users might be asked to download an app, click through a malicious link, or subscribe to an SMS service with hidden costs.
While this form of phishing attack is still prevalent, the instances of fake giveaways has gone down since the previous quarter.
“Although these attacks were down significantly from 537K in the previous quarter to 215K, these scams still accounted for 7.2 percent of cyber attacks in Q1 2018,” PSafe reports. “The 59.0 percent reduction in these bogus contests might be explained by the huge jump in fraudulent advertisement detections.”
#2: Adult Dating Sites
We all know that sex sells, but it turns out it scams, as well. The second most successful category of scams on PSafe's list us “spoofed dating sites featuring pornographic material.” This category boasts 175,423 detections from dfndr lab.
Users might be scammed in one of two different ways by these shady dating sites. One possibility is that they'll redirect users to advertisement pages that earn a clickthrough-based commission. This also scams those trying to advertise through them, as well as mobile users who inadvertently click on the ads. The other option is the sites ask for the ability to send notifications, and then abuse that ability by asking users for the chance to install malware.
The good news? Instances of this scam is down since last quarter.
“Although the first three months of 2017 saw a 13.0% reduction of this type of attack compared to the previous quarter, generic phishing still accounted for 566K detections and represented 18.9% of total malware detections between January and March of 2018,” PSafe explains.
#1: Fake Virus Alerts
The biggest type of scam on Android phones in the first few months of 2018? False virus warnings.
In this scam, a banner ads pops up on a phone claiming to be a system alert from the phone itself. It states that the phone is infected and urges the user to immediately download an antivirus app. Of course, the software isn't an antivirus at all, but the malware that the user was trying to avoid in the first place.
Perhaps the recent security scandals at Facebook have made Android mobile users fearful enough for such scams to work. Fake virus alerts have been detected a whopping 558,221 by dfndr lab. Fraudulent advertisements alone tally up 50.1 percent of total detections from the PSafe security app. That's an increase of 54 percent — up to 1.5 M, from 970K — over the previous quarter.
Why are fraudulent ads so huge right now? I asked PSafe CEO Marco DeMello.
“All scams we see are motivated by profit,” DeMello said, “Whether it is a hacker stealing personal data or an affiliate advertising network using deceptive ads to get their clients high conversion rates, the bad actor is looking to make money. In the case of fraudulent ads, we find the actual advertiser is often unaware that the partners they've hired to help them with growth marketing are leveraging these scammy techniques to boost numbers.”
Men Click Scams Twice as Often as Women
Another interesting tidbit from the recent report: In Q1 2018, men clicked through malicious links twice as often as women did. According to the data, women were more likely to go for fake giveaways, while men fell for messenger schemes.
Fraudulent advertisements, however, proved fairly gender neutral: 51.3 percent of men fell for them, while 48.1 percent of women did the same.
How to Avoid Being Scammed
Of course, the most useful thing to know is how to avoid falling for a phone scam in the first place, whether it's on an Android mobile or not.
Here's an infographic that PSafe offers that covers six giveaways that you might be reading a fake news ad:
New Android Threats in 2018
PSafe's report detailed a few predictions for the rest of 2018, Android mobile phones aside. Spoilers – it's all set to get worse.
First, “large-scale data leaks and hacks of large institutions” will rise by 50 percent over 2017. Next, we'll likely see AI-related security threats, including attacks designed to target voice assistant AIs such as Amazon Alexa or Google Home.
Finally, keep an eye out for privacy concerns from your cellphone carrier, which can now legally sell your personal information to third-party buyers.
As we continue marching into a shaky future packed with security scares, take care not to add to that 23-malware-clicks-per-minute statistic.
More on this – the Top Online Scams to Watch Out for in June