One-Click Billing Fraud: What You Need to Know

If there's any good news to be had about one-click billing fraud, it's that you actually have to click more than once to become a victim—which makes it marginally more difficult to fall prey to this kind of scheme. The bad news is that, if you do fall for one-click billing fraud, it could cost you a lot of money. And the fact that this threat appears to be specific to Japan is either bad or good, depending on where you live.

Here's how it works.

1. Click. The user is led to a video site by email, a tweet, a blog comment, or search results.

2. Play. The user explores the site, which appears to offer sought-after content such as game demos or (more commonly) pornography. But there's a catch: in order to watch a video, you have to download or execute a file first. Once the download is complete, the misery begins.

3. Pay. Instead of the video, users are presented with persistent, irritating, seemingly unstoppable messages telling them that they have to pay a large sum of money in order to make the annoyance go away. We're talking well north of $1,000.

One-click billing fraud began by attacking desktop computers, but this year mobile phones and devices are also being targeted. While monitoring sites related to one-click billing fraud, Trend Micro uncovered one web site with a quick response (QR) code and text saying, "Please kindly visit this site by mobile phone." Users who visit the site and scan the QR code with their mobile device receive a notification that data from their mobile device is being transferred to the site. A similar attack uses an Android application that is triggered by browsing specific game-playing blogs, which regularly change their names.

The lesson here is simple: Always proceed with caution when you visit unfamiliar web sites, blogs and social media pages-and keep your computer's security software updated.

If you use Trend Micro products, the Trend Micro™ Smart Protection Network™ will protect you from this sort of attack. Web Reputation Technology blocks access to malicious URLs, Email Reputation Technology prevents malicious spam from reaching users' inboxes, and File Reputation Technology detects and deletes malicious files from users' systems. That said, there's no substitute for common sense—and it's always a good idea to be very, very suspicious of sites that suggest that the thing you want is "only a click away."

Infographic: Three Steps to One-Click Billing Fraud
Trend Micro's FAQ on One-Click Billing Fraud

< Back to main page


Password Management and Login Convenience with Trend Micro™ DirectPass

Trend Micro™ DirectPass manages website passwords and login IDs in one secure location, requiring you to remember just one password. Play now >

© 2012 by Trend Micro Incorporated. All rights reserved.