Andy Wise: don't fall for the 'Selfie Scam'

CORDOVA, TN (WMC) - The official-looking warning appeared out of nowhere. It has taken over Mimi Gemme's Android phone.

"It looks so official," she said. "If you start looking at something else, it comes right back on."

It is a 'FBI alert' that has page-jacked her phone's screen. It claims the feds caught Gemme surfing "...forbidden pornographic sites."

"Absolutely not! I wouldn't even know how to!" exclaimed the 89-year-old.

We know, Ms. Gemme.

The FBI would never contact someone this way. The threat is riddled with misspellings. It even misspelled 'Washington D.C.'

The FBI wouldn't demand $500 to "avoid prosecution," either -- another element of the 'alert.' That's another dead giveaway that it's a scam designed to extort money or personal information.

But what shocked us -- and Gemme -- is whoever hacked her phone with the phony alert included a 'selfie' of her -- in her bed -- to convince her she was 'caught' in the act of her non-existent porn binge. The hacker had taken over her phone's camera.

"It was such a surprise to see my picture on there," she said.

"This seemed to be programmed at some point to take her picture on her own device, and it's fixed on there," said Gemme's nephew Don Fortner. "Every time we boot up that phone, it's there."

A. Todd McCall, special agent in charge of the FBI's Memphis division, said Gemme most likely clicked on an app, an e-mail or a Facebook link that launched malicious code. The code enabled someone to take over her phone's camera.

"The owner of that device is most likely responsible," McCall said. "She clicked on a link on Facebook. It can be embedded in a photograph, which is why people should not automatically open attachments when they receive a message."

When we asked Gemme if she had clicked on a Facebook ad or an unsolicited message, she answered, "No, no, no. I've been very careful with it."

Data security experts have told us we're not being careful enough with apps, including Facebook. Jeff Horton, data security expert and owner of One Point Solutions Group of Germantown, Tennessee, said pay close attention to the permissions an app requests after it has been downloaded and activated.

"Every app must ask the user for access to things like the camera, contacts, GPS, etc. when installed," Horton said. "In my experience, apps ask for permission to use all kinds of resources that they really don't need access to."

McCall said among the worst apps for requesting unnecessary access to your personal stuff are flashlight apps. "It turns out the people who wrote some of those added some code to it so that they could have access to your information on your phone," he said.

Those apps aren't even necessary. Most smart phones, including iPhones and Androids, have built-in flashlight features. Downloading a flashlight app on those is simply redundant.

Both Gemme and Fortner insisted she did not download a flashlight app. But they understand it is possible she may have done something to let that selfie-scammer access her phone, which had to be wiped clean. She had to purchase another phone.

"It is not a good thing to happen to you," she said.

Copyright 2015 WMC Action News 5. All rights reserved.