Criminals are warning people to download an app that allows them to see everything you do on the phone, and possibly control it, if you let it, Telenor warns.
Did you get a call from an unknown Norwegian mobile number – someone claiming to be “Amazon”?
So you are not alone.
– Since the summer, Telenor has received a number of inquiries from people who have been subjected to this type of scam attempt. There has been a particular increase in recent weeks, says Thorbjørn Busch, the company’s senior security advisor.
If you pick up the phone, you will usually hear a pre-recorded message which is a problem. It could be, for example, that someone “accidentally bought an iPhone” on your Amazon account, Busch says.
In the message, you are asked to press “1” to communicate with the service employee.
In effect, you are redirected to an experienced scammer, Busch explains.
It’s the dangerous next step:
They ask you to download the AnyDesk app to your mobile phone.
If you give criminals access to this, they can see everything you see on the phone – and possibly control it remotely.
It works the same way it does when you give the Help Desk access to your computer at work, Busch explains.
By seeing everything you do on the phone screen, they can access your account information, card numbers, passwords, and one-time codes.
This is information that they can use to defraud them for money.
— but they can also access your camera roll and other private information, Buch says.
If you turn on your camera, they can see what you’re filming and hear what you’re saying, he explains.
iPhone vs. Android
On the iPhone, criminals can “only” see everything you do when you yourself are active on the screen.
– While you’re on the phone with you, they can, for example, ask you to go to the bank online, or have you enter banking details — that way he intercepts the information, says Bush.
– They can also request longer access, eg 24 hours. Then, they’ll still have access every time you unlock your phone, for several hours after the call ends, he explains.
It’s terrifying for those with Android phones:
Here they can access control everything — even when you’re not using the mobile yourself, Busch warns.
Then they can sign in to all the apps and access all the accounts you’re already signed in to.
Buch says that only imagination sets the limits of what they can do.
Do not allow others to access
Apps like AnyDesk and TeamViewer are basically completely legitimate, and can be downloaded via both the AppStore and Play Store.
The problem only arises when you give criminals access to them, says Bush.
When you open such an application, you are given a code – which is practically the key to your mobile phone.
Busch gives quite clear advice:
– Never download anything based on a caller’s request. Do not enter a code from your mobile phone.
Banks also receive inquiries about this type of fraud.
We are being contacted by bank customers about an attempted Amazon scam and asked to download the AnyDesk app, confirms Markus Klebe Gjenstad, senior subject matter specialist in SR-Bank’s security division.
He says there has been a steady stream of inquiries about this type of fraud attempt since the summer.
Giving someone access to software like AnyDesk is like lending the key to your home, says Gjennestad.
What should one do if they are defrauded on Amazon?
– If you are lucky enough to be scammed, it is of utmost importance that you contact your bank. We can help you block BankID, cards, and accounts, says Gjennestad.
– He says that the chance of stopping the transaction is much better if you call the bank after a few minutes instead of 15.
Gannestad says that you should also delete AnyDesk ASAP. You are more likely to get help from someone if you are not technically inclined.
Stop, think, think
Gannestad says that over the past two years, SR-Bank has nearly tripled the number of fraud attempts among its customers overall.
We also see that the number of fraud attempts tends to “peak” on public holidays, he says.
He shares an important rule to remember before any scam attempt:
– Stop, think, think.
Amazon scammers call from a foreign number, but they hide it behind a spoofed Norwegian mobile number.
— This increases the chance of the recipient responding, Busch says.
It is common for criminals to use several different types of digital tools in concert to increase credibility.
In the case of plagiarism, there are two victims: the person being called and the other whose mobile phone number has been misused, Busch explains.
Telenor has activated a separate spoofing filter for its network, so that attempts to misuse the company’s subscriber count are “knocked out”.
“Web specialist. Lifelong zombie maven. Coffee ninja. Hipster-friendly analyst.”