The Norton security software team, part of the Symantec security powerhouse, recently observed that “You won” scams, popular among desktop malware, "are now making the jump to mobile Android devices".
We're told that "scams like these have just begun crossing over to Android, but are quite well known and have a long history.
"These typically range from fake coupons or rewards programmes. However the method is also often employed by scammers to ride the wave of current trends, such as cryptocurrency like ethereum and bitcoin – one of the hottest topics gaining rapid attention in Australia at the moment."
The post states: "'Congratulations, you won!' would normally be a welcome phrase to see when you go online, instantly making you think of an all-expenses-paid vacation someplace exotic, or perhaps a substantial amount to add a few more zeroes to your bank account. If only it weren't a favourite phrase among scammers too, you could actually already be on your way somewhere nice and sunny.
"We have recently seen such 'You won' scams increasingly being adopted by mobile threat actors on Android. We've been seeing queries from our end users and samples from our partners in the field growing significantly since the summer.
"While scams like these have just begun crossing over to Android, they are quite well known and have a long history."
The blog post not only discusses the specific malware involved, but also discusses "some of the forces that drive the success of this particular type of scam".
To avoid falling into the pitfalls of the “You won” scam, Norton encourages users to:
- Keep software up-to-date;
- Do not download apps from unfamiliar sites;
- Only install apps from trusted sources;
- Pay close attention to the permissions requested by apps;
- Make frequent back-ups of important data; and
- Install a suitable mobile security app to protect device and data.