File Image
File Image

Airtime disappearing? It might be clickjacking

By Brian Joss Time of article published Feb 21, 2020

Share this article:

If the airtime on your mobile device is disappearing into thin air, you may be a victim of clickjacking. Although it is not a new phenomenon, few users seem to be aware of it.

Cape Town freelance writer Ginny Swart loaded airtime for Ann Slate, 83, of Tokai.

“I bought R60 MTN airtime, and, as we entered the number, it said she had a daily charge for ‘gaming’ and took off R3. We opted out, as she has never signed up for any gaming. Slate owns an old Nokia, and she had never heard of gaming. She uses her phone only for people who call her,” Swart said.

When Slate later noticed her balance was only R9, yet she had not made a single call, Swart complained to MTN.

A call-centre agent told Swart that Slate had subscribed to a “content subscription”, which takes R3.03 daily from the airtime available. “(This) is generated by companies with the intention of selling you a product or service on the internet. Once you register and you click or reply, you are charged for the information you get.

“We do not have agreements with these companies. However, they charge us for the content you purchase and we pass the charges on to you,” the call-centre agent said.

Jacqui O’Sullivan, executive for corporate affairs at MTN, said the number was fraudulently subscribed by “clickjacking” to a company called Gamer+.

“This type of fraud is prevalent on smartphones, where a user may mistakenly click on a banner that is linked to a bot, which mimics the behaviour of the customer and approves the opt-in and double opt-in requests without the customer knowing. The system picked up the opt-in and double opt-in event as if the customer had consented to it. We will refund Slate,” O’Sullivan said.

“Clickjacking fraud is a global issue. We have introduced ways to monitor and put an end to these unscrupulous fraudulent subscriptions. As a result, we have seen a reduction in Waspa (the Wireless Application Service Providers’ Association) subscription fraud on our network.

“As subscription services evolve, the challenges they bring are complex and new, which is why we have implemented fraud detection software and systems to protect customers. We have seen minor breaches which MTN has dealt with immediately on a case-by-case basis,” O’Sullivan said.

MTN has implemented a customer-focused Treating Customers Fairly policy that requires all MTN digital services providers, including Waspas, to comply with stringent business rules on all services offered to customers. One of the reasons for implementing the policy was to circumvent incidents such as this, MTN said.

Waspa’s general manager, Ilonka Badenhorst, told Personal Finance the organisation had instituted major steps in fighting fraudulent activity affecting the mobile industry. Joint efforts by stakeholders had resulted in a reduction of cybertheft. Measures taken included anti-fraud solutions on all members’ systems and continuous monitoring by Waspa of its member services, she said.

Brian Pinnock, cybersecurity expert at Mimecast, said clickjacking was first described in 2008.

“It tricks a user into clicking on an invisible element in a web page, thinking they are clicking on something else. This can cause users to inadvertently visit malicious web pages, download malware, fill in credentials on other sites, give up sensitive information, and even go so far as to unwittingly transfer money or think they are purchasing products online,” he said.

It works by superimposing an invisible web page (or part of a web page), sometimes known as a wrapper site, on top of the web page you see. You believe you are clicking on the visible page, but you are clicking on the invisible page on top. The invisible page could be legitimate or malicious. The fact is the user did not intend to visit that site and thinks they are on another site altogether.

“Clickjacking prevention relies largely on website owners putting defence techniques in place. The problem is that many websites require the features that clickjacking exploits to offer a business service, so these features cannot easily be turned off.

“Consumers have relatively few technology-based defences to protect themselves if the website owners haven’t put defensive techniques in place. So it’s important for them to be cyber aware as well and know how to avoid falling victim to such attacks,” Pinnock said.

Clickjacking can occur on PCs, tablets and phones that can render a clickjack wrapper site. It could include smart-TVs, while unprotected Android mobile devices are particularly vulnerable to clickjacking malware known as banking trojans. But all devices have some degree of vulnerability to clickjacking.

Cell C says variations are “likejacking” - in which the Facebook “Like” button is manipulated, causing users to “like” a page they did not intend to like, and “cursorjacking” - a technique that changes the cursor position as perceived by the user to another position.

Vodacom said clickjacking is used by cybercriminals to create the impression that the website is legitimate and belongs to the organisation it claims to represent. It will adopt the same design and look of the legitimate website. The counterfeit site is virtually identical to the real site, but there may be spelling or grammatical errors, and it is often used to distribute malware.


* Think before clicking on links, opening attachments or installing software from unknown sources.

* Protect your home network, connected devices and smartphones by using two-factor authentication for email accounts and social media accounts.


Share this article: