Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrades.
Please accept our apologies in advance for any inconvenience this might cause.

Christmas Would Not Text You That Early

Created: 13 Nov 2012 21:39:34 GMT • Updated: 23 Jan 2014 18:11:34 GMT • Translations available: 日本語
Candid Wueest's picture
+2 2 Votes
Login to vote

Even with mobile phones now being an essential part of our lives, I am still not used to receiving text message spam. Hence, I was kind of excited when I recently received one on my private number. The claim was that I had won something from Apple. The spam was sent from a number in Virginia, +1 540 514 [REMOVED], and it looks like the scam is currently run in a few different countries.
 

Figure 1. Swiss German version of scam text message
 

If you click on the link, which you obviously should not do, you will end up at a site that tells you that your gift is a brand new iPhone 5. All you have to do is enter the winning code that you received in the text message. The text is badly written with several spelling errors, just like in the old spam email days. After a user enters a code, he or she will be forwarded through an advertisement network to some other marketing site, generating some profit for the affiliate. Of course, there is no free gift for the user.

In the image folder of the Web server, we can see evidence suggesting there may be other scams, offering other prizes such as gift cards.
 

Figure 2. Belgian version of scam site
 

I do not know where the spammers obtained my phone number, but it is evident from the public server logs that there are a few hundred other people who have received the same message. The link itself contains your phone number; hence clicking on the link confirms your number and puts you at risk of receiving more spam in the future. In addition, your browser request—to some extent—will also send your mobile phone brand through the browser user agent. This data could then be used in the future for further attacks. Luckily, in this scam no drive-by-download attack is used. From the methods used it looks like it is the same group that was also behind some social networking scam messages earlier this year.

As always, do not respond to such spam messages.