14 DAY TRIAL // Japanese users are targeted by a new type of online fraud that requires no user interaction and is an evolution of the older two-click and one-click techniques.
Click hijacking is a well-known method used in many instances online. One of those instances may occur when you click, for example, on a video play button, but instead of the video, you find yourself automatically subscribed to some sort of newsletter or, even worse, with ransomware on phone or computer.
While two-click and one-click scams have been well documented in the past, Symantec security researchers have discovered that some scammers nowadays won't even wait for the user to click on their fake content anymore.
Somewhere in Japan, an adult site operator decided that waiting one second after the user lands on a page is more than enough to trigger the action they want from the user.
Zero-click fraud used in Japan against visitors of an adult site
In this particular case, users were trying to view a pornographic video, but instead, they were falsely led to believe that, by accessing the page, they were subscribed to a premium service, for which they had to pay a fee of $2,000 / €1,800.
This is an obvious fraud, and non-technical users might just fall for it and send money to the scammer. Most of the time, scammers do target these types of users, especially the elderly.
To improve their chances and make the scam more realistic, an email and phone number are also displayed, and the victim is advised to call to unsubscribe from the service.
Symantec warns users against calling or emailing the attacker since the scammer may trick the user into paying other unnecessary fees.
Additionally, Symantec also warns that a user's email and phone number may also be logged and used for other types of illegal activities.
