New zero-click scam targets money theft

New technology always brings with it new threats, and as 2016 rolls on, the emergence of new zero-click scam targeting could be affecting the security of user identities.

Symantec observed a different kind of behaviour while systems were monitoring one-click scams, and it was a new type of attack whereby the visitor to the website did not actually need to click on anything suspicious in order to become a victim1. In recent times, the scam has required users to click between one and four times in order to confirm a paid subscription to an adult video service, but this particular scam has a much more direct targeting method.

Recognising the threat

Secure World notes that the scammers are targeting Japanese adult video websites2 and while most of the text is written in Japanese characters1 the translate functions of most internet browsers can provide easy access to Australians that are visiting.

According to profile.id, 18 per cent of the population of Australia spoke a language other than English in 20113 and numbers from the Joshua Project suggest there are approximately 33,000 Japanese-born people living in the country4. Japanese speaking people in Australia don't require the translating tools and so websites such as these infected ones pose a real and present threat.

People in Australia are at risk regardless of the language that the infected website is written in, and recognising what format these scams target is the key to avoiding identity theft.

Typically the websites will look as though they search and compile adult videos from various other pages, which is the hook for people to click and explore. From that point, once the user is on the page they are redirected to a subscription automatically1. In the past, it has taken a number of clicks to get to the same stage of the scam, but according to Symantec the threat has evolved and a visit to the site is enough.

The subscription will appear and tell the user that they have signed up, with a request for payment of up to US$2,0001. The page will provide a pop-up window that offers a 24-hour customer service phone number if there has been a mistake in subscribing, but users are encouraged not to call any number like this if they believe that they have been affected. Often the person on the other end of the line will attempt to convince the user to pay, or they can track the number and use it later for other fraudulent activity1.

Getting help

The ways that these scammers are fraudulently accessing a user's cash flow are complex and easy to mistake for legitimate transactions. Being vigilant is important, and refraining from emailing or phoning any provided contact details that pop up without your clicking gives a user the best chance of not having sensitive information stolen.

Once the information has been fraudulently obtained however, making sure that a user is protected from having private details distributed around the globe for other illegal purposes is necessary. Scammers will trade banking details and phone numbers, email addresses and even mobile application data5 that can drain user's bank accounts, accrue credit card transactions and target specific people with phishing emails.

Identity Watch provides a service that monitors sensitive details from a user and makes sure that you are alerted if your information is found where data is illegally traded around the world. Be it an email account password or your credit card number, the team can help advise on the next steps if you have been affected by the rise of zero-click scamming to help ensure a safe online existence.

1. Symantec. Accessed February 2016.

2. Secure World. Accessed February 2016.

3. profile.id. Accessed February 2016.

4. Joshua Project. Accessed February 2016.

5. CNBC. Accessed February 2016.