How stalkerware is used by scammers : Internet Scambusters #1,100
Stalkerware isn't just spyware. That's because a "bad actor" can legally buy it and then use it to cause mayhem.
In this week's issue, we'll explain what stalkerware is, how to spot and remove it, and how to protect yourself in the future.
We also have an important alert about counterfeit versions of the weight loss drug Ozempic that are starting to appear in the US.
Let's get started…
Stalkerware Scams Threaten Your Safety and Privacy
Its posh name is "digital intrusion," but online security experts call it "stalkerware," apps that watch and track you for all sorts of reasons, including scams. It's a more evil sibling of spyware, which we covered in issue #1034: How To Identify, Remove, and Protect Against Mobile Spyware.
Often, the apps themselves are perfectly legal, but their use may not be. There's been so much of it that an organization was set up in 2019, a peak year for the crime, to battle against it - the Coalition Against Stalkerware (CAS).
But there are several things you can do yourself, both to identify whether you're being stalked and to put a stop to it.
What is Stalkerware?
CAS defines it thus: "Stalkerware refers to tools - software programs, apps, and devices - that enable someone to secretly spy on another person's private life via their mobile device. The abuser can remotely monitor the whole device including web searches, geolocation, text messages, photos, voice calls, and much more. Such programs are easy to buy and install."
These days, as CAS suggests, it's mostly found on mobile devices but it's also sometimes on computers. It usually gets there either when the perp or hacker secretly installs it or through malware in downloaded apps and on compromised websites.
How is Stalkerware Used in Scams?
Often, as you might expect, stalkerware is used by one partner or the other in unstable domestic and intimate relationships. In a recent blog, security firm Malwarebytes said 62% of people it polled admitted monitoring their partners' online activities "from looking through a spouse's or significant other's text messages, to tracking their location, to rifling through their search history, to even installing monitoring software onto their devices."
But it's also widespread in other areas, including scams. For example:
- Romance scams. Stolen information is used to gain trust and manipulate emotions before a sting.
- Keylogging. Usually installed via malware, this records every keystroke and sends the details back to scammers. The data may then be used for…
- Identity theft. The more a scammer knows about you, the easier and more successful it is for them to impersonate you.
- Corporate spying. Usually deployed by hackers or disaffected employees, the activities of an organization can be closely monitored before pulling off a scam.
- Blackmail and extortion. Gathering information about your personal activities enables crooks to demand payment against the threat of making it public.
- Cryptocurrency theft. Wallets and account information accessed through stalkerware on a victim's device make it easy to steal your digital assets, which usually can't be traced.
- Reputation sabotage and cyberbullying. Following your activities, both online and offline, can enable "bad actors" (as they're often called) to ruin your reputation or scare you.
There's also a risk of being stalked directly online, for instance, when you get social media friend requests from someone you don't know or repeated malicious comments on your posts.
Do I Have Stalkerware on my Devices?
Gut instinct might suggest that a stalker app is operating on one or more of your devices. A telltale sign might be when someone appears to know a lot more about you and your activities than they should.
Faster-than-usual battery draining or significantly slower running are also signs that all may not be well.
But the most effective way of spotting and removing it is via security apps. Most anti-virus products can detect it, but you can also install specific anti-stalking scanning software.
Remember though that stalking isn't confined to your phone or computer. Physical tracking devices might also be used. Consumer Reports has a useful guide, which also covers other aspects of the issue: Stop Stalkerware.
How to Protect Yourself from Stalkerware
Security software is the number one way of preventing stalkerware getting onto your devices in the first place. Also:
- Protect your phone with a strong password that you never share with your partner, friends, or colleagues.
- Check data usage in your device settings. Is it significantly higher than it used to be?
- Look for unfamiliar apps on your device that you didn't install. If you don't recognize or use them, search online for their name. If it's stalkerware, try to uninstall it.
- Never install apps and software programs from unknown or untrusted sites. Use your anti-virus to scan all downloads.
- Only download apps from official sources, such as Google Play or the Apple App Store.
- Protect your phone. Don't lend it to others unless you 100% trust them.
- Be vigilant for tracking devices that may have been placed in your vehicle, your clothing, or cases and bags.
If you believe you're being stalked, in any form, always contact local law enforcement.
The Future of Stalkerware
The recent development of anti-stalkerware apps hasn't stalled this crime. And crooks are themselves finding new ways of avoiding detection.
In some cases, the perpetrator may even be notified if their victim performs a device scan or removes a stalkerware app.
Furthermore, wearable devices like smartwatches and internet-of-things (IoT) gadgets in homes and cars could become new targets. Even game consoles could be at risk.
The biggest problem for the future is that, unlike spyware, stalkerware is easily and legally available. Several governments have already enacted new laws to clamp down on it.
In the US, the Federal Trade Commission has repeatedly taken action against alleged stalkerware producers when the law provides enough room to maneuver. But the greatest safeguard for consumers today is to take action to protect yourself.
This Week's Alerts
Wall St. Lure: Scammers are targeting job seekers by offering employment with big name financial organizations on Wall Street. Posing as recruiters, they use social media to contact college students claiming they've been recommended by their faculty dean, whom they name, for high-flying jobs. It's a prelude to identity theft and, in some cases, an advance payment scam in which the student gets a dud check and is then asked to forward part of the money to pay for a company phone.
Fake Ozempic: New year, new you. Is that your plan? And maybe you're drawn to the remarkable and well-publicized weight loss drug Ozempic. But don't let your enthusiasm cloud your judgment. The US Food and Drug Administration is warning of fake and potentially dangerous versions of the drug now being offered online. Look out for a more detailed investigation of this scam in an upcoming issue of Scambusters. Meanwhile, check the FDA's alert: FDA Warns Consumers Not to Use Counterfeit Ozempic (Semaglutide) Found in U.S. Drug Supply Chain.
That's it for today -- we hope you enjoy your week!