Beware… Smartphone kidnappers

By John Bendel, editor-at-large

We’re talking about digital scammers, and something called ransomware in particular. You have probably heard of it.

According to Carbonite, a cloud backup company, some form of ransomware has been around since 1989 – predating the worldwide web, but not the internet. The FBI reported in April that ransomware attacks surged in 2015 and continued to rise into this year. High-profile attacks have hit organizations like Hollywood Presbyterian Hospital in Los Angeles, which recently paid $17,000 to regain access to its files. Low- or no-profile attacks on individuals like you and me often go unreported.

Drivers more vulnerable

As a driver, you may be more vulnerable to smartphone scammers than most. For one thing you may do a lot of business over your smartphone. You may use your phone as an ELD, as a navigation aid, and as an all-around business device. You may have multiple broker tracking apps, one or two of those Uber-for-trucking apps, or apps for specific brokers or fleets.

For another thing, you probably use your phone as a hand-held amusement park. You have social media apps, and you may download games to pass the time waiting to load.

That’s a lot of downloading and if you zip quickly through your email, opening attachments as you go, there are many opportunities for something bad to slip into your phone.

Ransomware is not like an old-time computer virus that trashed your hard drive and died like a bee without its stinger. Ransomware is a nasty, hard-to-kill varmint that aims to take your money. It sneaks into your smartphone riding on a download. That download could be anything – an app, a video or a document, for example. It could even come from a legitimate website that has been compromised by hackers.

The kidnapper in your smartphone

Ransomware is just what it sounds like. Once it gets into your phone,

it can quickly lock you out and hold your phone hostage. You have to pay to regain access.

Some scammers pretend they’re doing you a favor. In March, for example, tech media reported ransomware directed at iPhones and iPads. You suddenly see a screen that reads, “Warning iOS (the iPhone operating system) – crash report. Due to a third party application your phone iOS crashed.” Other attacks often begin with similar messages.

Your phone hasn’t crashed, of course. It has been locked down by the scammers pretending to be a free-floating service watching out for smartphones everywhere. A screen pops up advising you to contact their tech support. They may behave civilly and maintain the charade that they’re here to help. Miraculously, these techies can unlock your phone – after you pay for their “support.”

Sometimes ransomware is more brutal. Last year, CNET, an online tech news source, reported that one ransomware scammer downloaded child pornography to a smartphone, then threatened to report the phone’s owner to the authorities if a ransom wasn’t paid. Sometimes ransomware actually pretends to be the FBI or some other law enforcement agency that claims you have broken some law or another and they have locked you down – for your own good, of course.

Typically, ransomware targeting individuals will snag from $100 to $600 in ransom. It might direct you to load a prepaid debit card with the cash and provide them with the PIN. Then they drain the money from the card.

How did they get your address?

So how do they get your email address or phone number?

There are a number of ways, but the easiest for many scammers is to simply buy them.

In recent times, hackers have hit major corporations like Sony, Target, eBay, Home Depot, JP Morgan, J.C. Penney, 7-Eleven, and Hannaford to name just a few. They also hit smaller businesses in unreported attacks. These hackers aren’t looking for cash as much as credit card and Social Security numbers. They’re also happy to grab cellphone numbers and email addresses.

Hackers gather them by the thousands and put them up for sale on the deep web, a part of the web where users are difficult if not impossible to track. Retail scammers, who require less technical expertise, buy them to use with ransomware.

If you have done business with a hacked company, that may be how the scammers know you.

To pay or not to pay

What to do if your phone is held for ransom?

No one has a good answer for that. The FBI in its April advisory cautions against paying up. Paying a ransom doesn’t guarantee your phone will be unlocked, they explain. The scammers aren’t cultivating you as a customer; they’re ripping you off.

It’s pretty much a matter of deciding whether or not to pay. If you remain locked out, you may want do some research on the web. There are many kinds of ransomware and many ways to deal with them.

Best way to deal with ransomware is to avoid it. All the usual warnings apply: Only download from trusted sources, be very careful about the email attachments you open, and change your passwords regularly.

There’s more, of course. Just google “ransomware” and you’ll find lots of information, including more recent updates and tips. LL