Hacked puppy ads – the latest trick of the scammers

Puppy scammers using compromised accounts to  place fake ads
Puppy scammers using compromised accounts to place fake ads

– This is an important security alert for anyone currently advertising puppies for sale, or who intend to do so in future. Puppy scammers are targeting mobile devices with malware in order to obtain the login details of sites you may be a member of and have logged into using your mobile.

If you think it can’t happen to you, then please read the account we present today of an unsuspecting Australian puppy breeder who has just experienced this very thing. Having done so you’ll understand how easy it is for the bad guys to take control of your mobile device – and equally how easy it is to stop this from happening to you.

For those unfamiliar with the term, “malware” is short for “malicious software” and refers to any type of software created to do harm to its victims. In this case a type of malware known as a “keystroke logger” is being loaded into the mobile devices of unsuspecting people by the scammers – and you may be surprised at how commonly it occurs. As the name suggests, this software records every keystroke you make on your keyboard and every push of the touch screen you may make. It then sends this information back to the scammer, who can monitor in real-time the sites you visit and the username and password you use to login to each site.

Once the scammer has your details, they then log in to a site you are a member of (such as a puppy classified site), pretending to be you. They then change any ads you may have placed, or even place a fake ad using a stolen credit card, all the time hiding behind your identity in order to scam unsuspecting puppy buyers.

Today on the Daily Dog we highlight the case of an advertiser who found ads she had placed for her litter of Staffordshire Bull Terrier puppies on a number of sites had been taken over by scammers, with the details changed to a (fake) French Bulldog ad, and the contact details changed to an email address the scammers controlled – with a screenshot of the ad on puppyclassifieds . net.au featured in the image shown with this Post. .

Fortunately for this advertiser, she was aware of the reputation pups4sale has in assisting people who suspect they may be the victim of a scam, Having received no response or assistance from the above site in question (no surprise there), she rang us at pups4sale and our security team walked her through what to do next and how to ensure the problem never occurs again.

What we found:

. The scammers had control of the advertiser’s iPhone for up to a week prior to the advertiser knowing about it. They monitored the puppy classified sites she visited, then logged into each one in turn using her account details, changing her ad on each as noted above.

. The advertiser was compromised by one of two simple omissions that many others have also made:

1: She uses her home internet  connection to surf the internet with her iPhone, using her phone’s Wi-fi setting to communicate with her Wireless ADSL modem – as many of us do. However she was unaware that her mobile device was just as vulnerable to being hacked as any laptop or desktop computer and did not realise that to prevent this from happening there are many quality antivirus/firewall programs available specifically for mobile devices. So, with an unsecured iPhone, she has gone out of the home, with the mobile phone’s Wi-fi connection turned on and set by default to look for an open network signal to connect to. So what does that phone do as soon as it is out of range of the home modem? It goes looking for another network to login in to. And what network did it find? One controlled by the bad guys.

Think this is rare? Then think again. There has been many cases here and overseas of bad guys setting up a free Wi-fi connection in a shopping centre, giving it a legitimate sounding name such as “XYZ Shopping Centre Free Wi-fi”, sitting back with a cappucino in the food court, just waiting for unsuspecting victims to logon to this network. If you have a Wi-fi enabled device like the lady in question, it may alert you as soon as a wireless network connection comes in range, or it may just connect to that network, with many phones set by default to connect to the nearest available Wi-fi network. The phone then logs on to the unsecured network, and software on the criminal’s laptop goes to work, harvesting all the data from the phone in question – unbeknownst to the victim of course. That same software lists the websites the victim has been visiting and usernames and password that have been entered in by the victim on sites requiring logins. The scammer can then choose which sites to login to and what criminal enterprise to engage in at his leisure – all the time hiding behind the identity of his victim.

Or

2: The scammers are surfing puppy classified sites on the internet, looking for mobile phone numbers or Twitter handles of advertisers. The scammers then send an innocuous looking text or tweet, with keystroke-logging malware attached to it or with a link to a site that when visited will attempt to download malware on to the device in question. The advertiser clicks on the attachment or link, the software downloads to the device, and once again the scammer has complete access to all the data on the phone and may even completely and remotely control what the phone does and the sites it visits – all without the victim’s knowledge.

The advice we gave, which applies equally to both possibilities above:

– install quality, paid anitvirus/firewall software specifically tailored for mobile devices – such as offered by Zoner, Norton, McAfee and other reputable vendors. Set your device to automatically install updates for your chosen security software, as soon as they become available.

– disable any settings on your device that instructs it to logon to any available wireless network. Such settings should be changed so the device asks you before connecting to any network. Needless to say, you should know the identity of the network you are logging in to, and shun free unsecured networks, as they are often pirate’s lairs – as we have shown above.

Even if you innocently click on a link or attachment that is set to download malware to your device, quality antivirus software will alert you and stop the download in its tracks.

If, like the advertiser in question, you are concerned your mobile device and/or puppy classified my have been compromised by malware, feel free to contact us for further assistance. Apart from that, please ensure you have quality antivirus/firewall software installed on all your internet connected devices – and please take heed from the lesson learnt by this advertiser – who now has her iPhone fully secured by the way! 😉

Leave a Reply

You must be logged in to post a comment.