Bitcoin SMS scams on the rise
Beyond having their personal data stolen, victims may also have their phones hijacked to mine cryptocurrencies
In January this year, a text message from an unidentified sender informed Mr James Quak, 41, that he had one bitcoin waiting to be redeemed in his account.
All he had to do was click on the link forwarded and he would instantly be $18,000 "richer", based on the market value of the cryptocurrency that day.
Instead of succumbing to greed, Mr Quak, who is self-employed, ignored the message. He said: "There is no such thing as a free lunch. No one will give you free money. The minute I saw the message, I knew it was a scam and ignored it ."
In doing so, Mr Quak not only avoided being phished for personal information and passwords, but he also prevented his phone from being hijacked to mine for cryptocurrency.
Cyber security firm Palo Alto Networks released data last week that shows globally, cyber criminals have turned sharply from disseminating ransomware to spreading cryptocurrency-mining malware.
In January this year, 65,512 samples of this particular form of malware was discovered, an increase from the 2,368 samples found in January last year.
This is in "response to the surging value of cryptocurrencies", noted the report.
Prices of bitcoin rose to an all-time high of $26,125.71 last December before dipping. It currently hovers around $14,000.
Bitcoin-related SMS scams have also popped up globally, with the Australian media reporting that many Australians have been receiving messages instructing them to click on links to confirm their accounts and claim bitcoins.
A report in local media cited a handful of people here who have received similar texts.
The Cyber Security Agency of Singapore (CSA) has yet to receive reports of such scams here, but Mr Douglas Mun, deputy director of CSA's National Cyber Incident Response Centre, said the website link in the SMS received by Mr Quak redirects to a phishing website.
When users click on the link, it redirects them to a website called The Bitcoin Code, which asks for personal information, including full name, e-mail address and phone number.
According to Mr Mun, this modus operandi is similar to other phishing scams.
Beyond phishing, there may be something more insidious at play here.
A spokesman for cyber security firm Check Point Software Technologies said: "By just inputting your e-mail address on the website, users potentially expose themselves to a drive-by download."
Drive-by downloads happen without a person's knowledge, and the spokesman said they could potentially contain cryptocurrency-mining capabilities.
These tap into mobile phones' computational power for cryptocurrency-mining purposes.
Cryptocurrencies such as bitcoin have to be mined virtually, as they do not have a physical representation.
This is done by using a computer's processing power to solve complex mathematical algorithms. The more algorithms solved, the more cryptocurrency is earned.
Mr Matthias Yeo, chief technology officer of Symantec Asia Pacific, noted that there has been an upward trend in cases of malware mining.
He added: "The widespread popularity of mobile phones has given unsavoury characters a larger pool of computational power to tap on.
"What is more, mobile phones are highly advanced nowadays, with them being more akin to mini computers. As such, they are more than capable of mining cryptocurrencies."
While cyber security experts said security apps from reputable security vendors can identify and remove such malware, the best course of action would be to ignore unfamiliar links.
According to the CSA, users who have provided their personal information should monitor their phones and e-mail accounts for unusual activities.
They can also go to www.csa.gov.sg/gosafeonline to learn about how to defend themselves against phishing scams.
How to tell if your phone has been hacked for cryptocurrency mining
How do you know if your mobile phone has been hacked for cryptocurrency mining? Here are some signs you should look out for, according to Mr Matthias Yeo, chief technology officer of Symantec Asia Pacific.
- Your mobile phone battery overheats and drains quickly despite no detectable processes running in the background.
- Your mobile phone starts to slow down dramatically, due to high central processing unit usage.
- There is an increase in outbound connections. This is reflected by an unexplainable and sudden increase in your monthly data usage.
- Your contacts start to receive similar spam messages. The malware can collect information from your phone's database and propagate from there.