When you’re watching for digital scams, the last place you’d expect them is in your physical mail. However, some crafty scammers have found a way to trick people into installing malicious apps that steal their bank details, and it all begins with a hand-delivered letter. But how are they doing it, and how can you stay safe?
Scammers Are Impersonating Official Bodies to Spread Bank-Stealing Malware
As reported by The Register, Switzerland is under attack by malware that “spreads” through physical mail. The attack starts with a fake letter claiming to be from the Federal Office of Meteorology and Climatology, which asks the recipient to download an app. The app is a malicious clone of Alertswiss, a legitimate app that warns people of extreme weather patterns.
The letter provides the victim with a QR code, through which they can download the fake app. Once the code is scanned, it won’t open Google Play to download the app; instead, it will take the user to a third-party website. If the target proceeds to download the app, it will begin intercepting two-factor authentication codes and attempt to break into the victim’s bank account via their banking app. From here, the scammer can then move money into their account.
Fortunately, it’s very easy to keep yourself safe from this scam. First of all, remember that there are plenty of security risks when scanning a QR code. Only scan one if you’re certain it’s from an official, trusted source.
Also, the best way to stay safe when downloading Android apps is to use the Google Play Store. Trusted companies will often publish their apps through official channels, so if one asks you to download it via a third-party website, treat it with caution. And if you do download and install the malicious app, factory reset your Android phone.
