Fake antivirus at premium rates, messages promising prizes

Published: 13 October 2017

As more and more subscribers are affected and threatened by fake antivirus advertising on the Mobile Web, the National Media and Infocommunications Authority (NMHH) has put out a press release to draw users’ attention to the need for caution and it is working with the service providers in order to take action to protect users.

It is a growing problem that fraudsters wanting to make money quickly and easily advertise with online pop-up windows displayed on mobile phone screens; in this, they capitalize on the human desire to win by offering the illusion of profit or they take advantage of fear by instilling a sense of immediate threat. If unwary smartphone users (often children or unsuspecting elderly persons) see such a pop-up window in their browser, they may sign up for unwanted services they had never meant to spend money on. These are based on the ability of smartphones to enable web-to-text message transfer and connection, which is very difficult for the average user to understand and control. Premium-rate fraud essentially means imposing costs on unwary subscribers without their intention.

In response to the spread in ‘antivirus advertising’ fraud, the NMHH has already taken temporary measures on three occasions to suspend certain premium-rate phone numbers used for committing fraud (these three telephone numbers provided access to eleven content providers and at least that many different services). Nevertheless, there may be renewed attempts at fraud from other premium-rate numbers, and since it takes time to investigate these, it is important that users are aware of the phenomenon and how to protect themselves against it. There are as many fraud methods as there are fraudsters, although one thing they do share is their use of a threat or the promise of a win to obtain money from the subscriber.

Fake antivirus at premium rates, pop-up windows, unknown e-mails

Phone subscribers are less accustomed to seeing on their mobiles the types of fraud that are a familiar sight for the users of the desktop computer, which looks back on a longer history. Advertising may be sufficiently attractive or frightening to trigger, with just one click or a press of a button, a process culminating in the unsuspecting telephone user becoming a subscriber to a premium-rate service they registered for inadvertently, without paying attention. These texts claim that the mobile phone is infected with a virus (even if it is not) and immediately offer an ‘antivirus solution’, recommending and proposing to launch it right away. What they withhold or hide within the message so that it is barely noticeable is that the offer in fact requires sending a text message to a premium-rate number with a 06-90 or 06-91 prefix. By clicking and sending the text message, the subscriber not only authorizes this ‘virus removal’ of dubious value (and perhaps achieve the opposite result and infect their phone with a virus) but also orders a useless text message service, for which they may pay thousands of forints per each of the messages arriving with a daily or weekly frequency.

It is impossible or very difficult to cancel these services, which are sent from Hungarian premium-rate numbers but are generally domiciled abroad, and the fees are identified often only after the fact, in the phone bill; to make matters worse, the customer service contact information stated in the small print is often inactive.

Action by the Authority

The NMHH employs the legal instruments at its disposal to fight fraud and is currently running proceedings looking into fraud cases. It is likely, however, that fraud is much more prevalent than what is reported to the Authority. Legal action also demands time, and the Authority therefore wishes to inform the public and encourage prudence and awareness in the use of telecommunications devices.

In order to conduct a comprehensive review of the legality of the use of numbers, the Authority has requested information from all the phone service providers in Hungary (6 providers: Telekom, Telenor, UPC, Invitech, Calgo, 4Voice) as well as a content provider called DIMOCO, which is currently domiciled in Austria and has become a focus for its attention. As the responses are arriving over a protracted period and are often incomplete, the detailed assessment of the situation remains to be completed. The 11 content providers already identified as potentially involved are domiciled in various locations from Hungary through Italy to Singapore; they are the actual producers, or at least the commissioning clients, of the content. A key requirement stipulated by the regulations is that these businesses and their services should be included in lists published by the telecommunications service providers, and that they should be contactable at the customer service points specified there. As these are not genuine, the Authority is holding to account the telephone service providers for these activities, which are relevant in terms of telecommunications supervision and appear most likely to be commercial fraud.

How to avoid these scams?

The devices and channels serving all our convenience also offer fraudsters an opportunity to scam anyone but a little attention is all we need to expose them.

  1. It is important for users to be careful and read all browser pop-up messages, links and text messages attentively. They should be especially wary of the ones offering easy solutions, quick ways to get money or savings, or offer valuable prizes or ways to avoid misfortune, accidents or damage and invite them to act without delay. Users should click on these only if they have understood the content of the message precisely. Often, users understand only at the end of the information section (or sometimes only retrospectively) that by clicking or returning a ‘yes’ they have ordered text messages for which they must pay a premium-rate fee each time. These pages are formatted to make sure that the essential sections are in small print and accessible only by turning or scrolling down the page, and are also difficult to read. The NMHH requests the public not to forward such messages, links, images or videos nor to share them on social media.
  2. Users should be especially suspicious if they then receive an sms message requesting them to return a code or a word (e.g. ‘Ok’, ‘Yes’). You should never answer such a message.
  3. If, while browsing, users come across an unexpected message about virus infection, they should disregard the message and avoid clicking the links in it, unless the warning is from their own, known antivirus software. If you have previously downloaded official antivirus software on your phone, you should use that for checking the device. If you do not have such software, make sure you download one from a reliable source only (Play Store, Apple Store) and check your phone with it.
  4. The NMHH also recommends that users should deactivate the premium-rate service option in their subscriptions. Nowadays this is quickly done on mobile service providers’ online platforms and at their call centers. Make sure you disable both incoming and outgoing premium-rate services. The Authority also recommends not to participate in games and votes where you are required to call or send text messages to premium-rate numbers and not to use services in which you need to send a text message to pay for chatting with other users, downloading ringtones, screen wallpapers, games, music or video or obtaining the extra items needed for use in different computer and mobile phone games. The use of premium-rate numbers for payment is an obsolete and unreliable method.

What can a user do once the problem has already happened?

The most important advice is that it is recommended to contact your content and/or mobile service provider as soon as possible.

  1. Complain to the fraudster company to reduce your loss. If you know the contact information (phone number, e-mail, etc.) of the content provider (i.e. the sender of the fake antivirus software), you can address your complaint to that company and ask it to cancel your subscription. The contact information of content providers may be available online, from the messages sent to you or the premium-rate services information section of your mobile service provider.
  2. Report to the police if you believe you have been misled and become a victim of fraud. To do this, try to note down or take photos of all data, websites and messages you have been given or you have seen.
  3. Contact your service provider to ask for information and about your rights, and to make a complaint. If you cannot contact your content provider, we recommend you get in touch with your mobile provider’s customer services. You can access the following types of help:
    • Acting on its record-keeping and disclosure obligation, your mobile services provider can tell you which provider the particular premium-rate number belongs to. The service provider must maintain records of, and publish on its website, all the services available at premium rates, specifying the details of the content provider, the name and description of the service, the way the service is used and the fees that are charged, as well as the procedure for cancelling the service. Service providers must also demand that content providers comply with the phone number usage agreement between service provider and content provider; if the latter fails to do so, the service provider must suspend the agreement and even cancel it if the rules are breached repeatedly.
    • If you complain to your mobile service provider and contest your bill, the provider must investigate the matter within 30 days.
    • Providers are not allowed to limit or suspend the electronic communications services (phone calls, text messages etc.) on the grounds of failure to pay a disputed premium-rate debt, and it must not terminate the subscriber agreement by extraordinary cancellation on these grounds.
    • In order avoid future inconvenience and even higher bills, we recommend you ask your service provider to disable for free the premium-rate services option.
  4. Contact the NMHH and request an investigation. If your mobile service provider does not investigate your complaint or fails to comply with some other obligation required by the law, you can also contact the National Media and Infocommunications Authority for help.