Scammers exploit mobile ads for easy profit

Pop-up ads targeting mobile device users are, arguably, one of the most annoying things in existence. But did you know that they could also make you inadvertently spend small amounts of money for effectively accessing a website you never wanted to visit in the first place?

Malwarebytes’ Chris Boyd has recently detailed a type of scam that has been around for years and years, is difficult to spot, and very difficult to prove that it happened and get your money back.

“Picture this. You’re using your phone and browsing a popular forum or website. You open a thread and one of the adverts on the page immediately redirects you, opening a new browser tab. You may be presented with a set of questions on a hard to close popup advert, or what appears to be a video, or even what appears to be a blank page. You close what appears to be an otherwise harmless tab and go about your business. In some cases, you may be convinced you’ve not even interacted with the page in terms of clicking on buttons, filling in forms or signing up to something,” Boyd describes a typical scenario.

But a few minutes later you get an SMS telling you that you have paid a small amount of money (e.g. £5.00) to enter the site in question, and you’re shocked. What happened, you ask yourself?

Some fraudsters misuse the “direct to bill” payment option available for mobile users, which adds the amount in question directly to the list of charges you get monthly from your mobile network.

The payment is usually effected by clicking on a button on a website, but in these cases, it’s difficult to tell whether the click actually happened or if the victim has been tricked into clicking a hidden payment button.

The scammers lead the victims to the websites in question by placing online ads which, when clicked by the user, effect a series of redirects that ends on the site.

“That final destination might take the form of a hard to close ‘quiz’ popup, or a supposed video, or a blank page which was closed before any content could load in. The site would also take note of whether you were visiting the page using a mobile device to browse, as opposed just turning up on your Windows 8 PC,” Boyd explained.

The thing that prevents security researchers from discovering exactly how the scammers make the victims agree to the payment is the fact that this pages disappear after they have been visited once.

But, luckily, there are things users can do to protect themselves agains this type of scam: use an ad blocker app, and make their mobile operator block premium services.