A new scam claims to sell access to a spying system that lets users monitor other people’s smartphones
Fake software is nothing new, as scammers try to trick users into buying fake antivirus and other security tools. Now Symantec researchers have uncovered a scam around a fake smartphone monitoring tool.
SMS Privato Spy is a product marketed as a tool that would allow users to view the smartphone’s screen live, activate the microphone and eavesdrop on the microphone, view call logs and monitor the physical location via GPS, Peter Coogan, a security expert at Symantec, wrote on the Security Response blog on 8 December.
SMS Privato Spy is advertised as a spyware that would allow customers to secretly monitor smartphones belonging to their spouses or co-workers. It was also announced on the text-sharing site Pastebin on 10 October.
“Ever get the feeling you’ve been cheated? Now you can find out the truth,” the site advertising the tool claimed.
The scammers have a slick website advertising the software and even a YouTube video of someone supposedly reviewing the tool. However the video is actually for a different piece of real software by a legitmate company, Elluma Discovery.
“Unfortunately more than a few scammers such as Privato have embedded the video on their advertising page to make it look like we are endorsing them,” Eric Robi a computer forensic specialist with Elluma Discovery told Symantec. “There is little we can do about this deceptive practice. We receive many angry callers and emails from people who have been scammed and they think we have sold them the software or endorsed a product. which of course we have not.”
However, there is no such product as SMS Privato Spy, Coogan said. The operation is just an elaborate scam to trick users out of between $50 (£30) to $125 for software that doesn’t exist.
“Scammers will go the extra length to convince potential victims that their product and website is legitimate. Always try to be vigilant when purchasing goods online,” Coogan wrote.
When people attempt to buy the package, of which there are four versions, they are given a “voucher pin code” from an online payment site called PaySafe, according to Coogan. When the voucher code is redeemed on the Privato Spy site to register and “pay” for the product, they receive a message saying the order is being processed and would be finalised within 24 hours.
A unique username and password would allegedly be sent to the customer which could then be used to login to the “Live Console” in order to begin monitoring anyone’s phone, according to the Pastebin announcement.
“No further contact is made with the victim,” Symantec’s Coogan wrote.
Scammers use the voucher pin code to purchase items on other sites in a form of money laundering, according to Symantec.
Researchers found one case where the scammers used the voucher code to purchase items an online game’s web shop which are then bought and resold on an online black market to convert virtual items to real money, Coogan said.
An investigator with California-based Nighthawk Investigations posted a comment on the MassPrivateI blog maintained by a Lynn, Massachussetts-based attorney.
The blog claims that the scam was “perpetrated by two young men in their early 20’s”. MassPrivateI was speculating on the legal ramifications of the software.