Phantom Hand Scam uses your cell phone without you noticing

Phantom Hand Scam uses your cell phone without you noticing

In the ghost hand scam, criminals control the user’s cell phone remotely, after inducing him to download applications that are, in fact, remote access tools. From there, they look for passwords and other data that give access to the victim’s account and allow them to carry out banking transactions.

“To achieve this, the device is infected with a special banking trojan, which allows the criminal to have remote access to the cell phone and complete control over it”, explains Fabio Assolini, director of Kaspersky’s Global Research and Analysis Team for Latin America. .

Trojan is a type of virus, also called Trojan horse. According to Assolini, it is usually present on sites with a large audience, where attackers manage to discover some vulnerability. When accessed, the site shows a notification that says the device is infected and offers to perform a clean.

“Of course, by accepting this, the victim allows the installation of the remote access tool. Once installed, the app is hidden and it is not possible to manually uninstall it.”

There are also cases where criminals pose as employees of financial institutions and call the victim, informing them that there is a problem with the account. “And it says it will send a link for the installation of an application that will solve the problem”, informs Febraban (Brazilian Federation of Banks) in a note.

Once installed, the application allows criminals to search for passwords to access the bank recorded in notepads, emails and WhatsApp messages.

Turning off the device or keeping it disconnected would prevent scammers from continuing to look for passwords or carry out new transactions, but according to Assolini, it is very difficult for the victim to realize that the scam is happening in time to stop it.

The transaction can happen in the background, that is, when the bank application is open in one of the mobile tabs, but does not appear on the screen. It can also happen that the scammer reduces the screen brightness, so that it moves without the user realizing it and, when the owner of the cell phone uses biometric authentication (face or digital, for example) to unlock the device, it ends up allowing a fraudulent transaction.

“The person doesn’t realize that the cell phone is only with low brightness, because of the darkened screen, and thinks it’s locked. with low brightness.”

How to protect yourself against ghost hand blow?

Assolini says that the best protection is to beware of fake messages and notifications that ask for the installation of some program on the cell phone, in addition to having a security solution on the device that blocks the improper installation of programs.

“Never install unknown applications or received by instant messages, SMS, WhatsApp or emails.”

Deputy Carlos Afonso Gonçalves da Silva warns of the need to be suspicious of contacts from financial institutions who ask for the installation of a program or the bank’s password.

“People need to be very careful with their bank passwords and not give them to anyone, not even the financial institution itself”, he says. It is also important to have different passwords for each platform and not save them in notepad, email or WhatsApp messages.

Adriano Volpini, director of Febraban’s Fraud Prevention Committee, says that the bank never calls the customer asking for the installation of applications, the card number or transfers to supposedly settle account problems.

“If you receive this type of contact, be suspicious immediately. Hang up and contact the institution through official channels and another phone to find out if something really happened to your account”, says Volpini.

I fell in the blow of the phantom hand. What to do?

Assolini says that it is only possible to eliminate the scammers’ remote access tool using a mobile security solution, such as antivirus and protection against malicious programs.

He also recommends filing a police report, which can be done online, without having to go to a police station in person. Citizens can also look for a police station specializing in digital crimes.

You May Also Like

Recommended for you

Immediate Peak