Beware of SMS solicitations in e-mail!

Filed Under: SophosLabs, Spam

A massive spam campaign in Russian caught my attention today. It masqueraded as a newsletter from a major Russian mobile network MTS and advertised some too-good-to-be-true lottery program.

sms_fraud.jpg

To participate in the so-called "bonus" program you'd need to to sent an SMS message to a premium number. Every 3rd message gets 300 rubles (~$11) added to your account and you agree to pay 30 rubles (~$1) for it. So, you have a 1 in 3 chance to win 10 times more than you put in. That's the way to get rich despite the global financial crisis!

A search on that 7733 number reveals an SMS billing company http://smscoin.net/. A price list on their website reveals the real cost of your message: 258.3 rubles with almost 40% of it retained as a fee by SMSCoin:

smscoin.jpg

The company claims a strong anti-spam/anti-fraud policy. I have no reason to doubt their good intentions and hope they stay on top of the abuse and stop these fraudulent payments.

Having said that, I also suspect that something went wrong with this spam, since the code they ask you to text does not follow a required "prefix + identification" format. So, lets hope it's true and that there will be no victims this time.

While this campaign targets a Russian-speaking audience, I'd warn all of our readers around the world. The social engineering techniques and the "billing mechanisms" employed in this fraud are universal. Just like another scam example from 3 days ago:

From October 28, authentication is made all the boxes
at Gmail.com. To authorize the box you want to send sms
text
dam+km to the number 7733 for LPG
dam+km to number 4161 or 2322  for Russia
SMS messages free!
Boxes did not confirm the authorization automatically blocked for 3 days!

Sincerely, the administration Gmail.com

Needless to say that the spam was sent via a botnet to millions of people around the world.

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s