Japanese users hit with a new form of one-click fraud

Jan 15, 2015 16:17 GMT  ·  By

What would normally be a regular one-click fraud attempt that can be easily avoided by closing its tab, has turned into a more complex scheme that makes the web browser unusable and forces the user to call a number provided by the cybercriminals.

One-click frauds are specific to mobile devices and are generally designed to trick users into subscribing to adult websites. Nothing is forced on the user as a simple screen pops up asking for registration to a particular service.

One click leads to flurry of pop-up messages

However, security researchers have discovered that Japanese mobile users are targeted by a new, more aggressive variation of this trick, which basically provokes the victim into calling a specific number; the individual at the other end then tries to persuade them to purchase a one-year subscription to service, for 99,800 yen, which is the equivalent of about $853 / €730.

Many would have some arguments against this being a feasible marketing tactic, since talking to an angry or annoyed customer could never possibly lead to a successful sale.

The tactic chosen by the crooks is to redirect the potential victim to an online location by making them click on a video acting as a lure for the one-click fraud.

At the new location several pop-up messages are run in a loop, blocking access to any options of the mobile web browser.

The messages either provide details about how to register to the adult service or prompt the user to make a call to a specific number associated with the customer center of the operation.

Annoyed users are forced to make the call

“These two windows keep reappearing in a loop and in essence the browser is taken hostage by the website. The smartphone itself and the rest of the apps installed can be used, but the browser is useless at this point,” said in a blog post Joji Hamada from Symantec.

As such, the only option considered by the users is to actually make the phone call. Although Symantec did not confirm, there is the possibility that the call itself to be to a premium-rate number.

As a solution, Hamada suggests clearing the browser cache or data associated with it. This can be done from the app settings on Android or straight from Safari on iOS devices.

Security researchers at Symantec say that at the moment this type of tactic is not widely spread but it could gain popularity among websites flinging adult content.

Evolved one-click fraud (3 Images)

After clicking on the lure, users are asked to register
Window with registration details is displayed in the pop-up loopCalling seems like the only way to stop the pop-up loop
Open gallery