A new ploy that charges people via SMS for a free copy of Adobe Systems’ Flash Player is undergoing a test run on a Russian social network, said security vendor Bitdefender.
This scam came from undercover after one of Bitdefender’s customers found a suspicious link to a Flash Player update on Vkontakte, a social networking service for Russian speakers, said Bogdan Botezatu, senior e-threat researcher for Bitdefender.
If clicked, the link leads to the Flash Player application, but a drop-down menu then asks what country the user is in as well as for their mobile phone number and operator. Adobe does not ask for any of that information during a normal installation.
If the person is outside of Russia, the installer instructs the person to send a message to a short code in order to receive an “activation” code to use the program, Botezatu said. Users in the UK will get a charge of £1.50 for the SMS or around $3 in the U.S., he said.
Russian users do not get a charge, Botezatu said. The scammers have apparently signed up for SMS payment processing services for countries such as the UK. According to the drop-down menus, the scammers have arranged for SMS payments on networks including O2, Vodafone and Orange as well as AT&T in the U.S.
The scam isn’t widespread yet, which Botezatu said may mean the scammers are conducting a trial run to see how well it works before hitting other social networking sites such as Facebook.
Offering downloads of Adobe products is a ruse to manipulate users. Often, malware substitutes for a legitimate Adobe download, but this case appears to be just a search for money.