Fake Software Claims to Allow Smartphone Snooping, Says Symantec
Fake software is nothing new, as scammers try to trick users into buying fake antivirus and other security tools. Now Symantec researchers have uncovered a scam around a fake smartphone monitoring tool.
SMS Privato Spy is marketed as a tool that allows users to view a smartphone's screen live, activate the microphone and eavesdrop on the microphone, view call logs, and monitor the physical location via GPS, Peter Coogan, a security expert at Symantec, wrote on the Security Response blog Dec. 8. SMS Privato Spy is advertised as spyware that allows customers to secretly monitor smartphones belonging to their spouses or co-workers. It was also announced on the text-sharing site Pastebin on Oct. 10.
"Ever get the feeling you've been cheated? Now you can find out the truth," the site advertising the tool claimed.
The scammers have a slick Website advertising the software and even a YouTube video of someone supposedly reviewing the tool. However, the video is actually for a different piece of real software by a legitimate company, Elluma Discovery.
"Unfortunately more than a few scammers such as Privato have embedded the video on their advertising page to make it look like we are endorsing them. There is little we can do about this deceptive practice. We receive many angry callers and emails from people who have been scammed, and they think we have sold them the software or endorsed a product, which of course we have not," Eric Robi, a computer forensic specialist with Elluma Discovery, told Symantec.
However, there is no such product called SMS Privato Spy, Coogan said. The operation is just an elaborate scam to trick users out of between $50 to $125 for software that doesn't exist.
"Scammers will go the extra length to convince potential victims that their product and website [are] legitimate. Always try to be vigilant when purchasing goods online," Coogan wrote.
When people attempt to buy the package, of which there are four versions, they are given a "voucher pin code" from an online payment site called PaySafe, according to Coogan. When the voucher code is redeemed on the Privato Spy site to register and "pay" for the product, they receive a message saying the order is being processed and will be finalized within 24 hours.
A unique username and password would allegedly be sent to the customer, which could then be used to log in to the "Live Console" to begin monitoring anyone's phone, according to the Pastebin announcement.
"No further contact is made with the victim," Symantec's Coogan wrote.
Scammers use the voucher pin code to purchase items on other sites in a form of money laundering, according to Symantec. Researchers found one case where the scammers used the voucher code to purchase items in online game's Web shop, which were then resold on an online black market to convert virtual items to real money, Coogan said.
An investigator with California-based Nighthawk Investigations posted a comment on the MassPrivateI blog maintained by a Lynn, Mass.-based attorney. The blog claims that the scam was "perpetrated by two young men in their early 20's." MassPrivateI is speculating on the legal ramifications of the software.