Have you received an SMS message, seemingly from Apple, on your mobile phone telling you that you have won a prize in a contest?
SophosLabs researcher Onur Komili told Naked Security that he was browsing his Facebook newsfeed this weekend, when he saw a friend – let’s call him Freddie – post a screenshot of the text message.
Seven of Freddie’s friends in the Vancouver region also reported that they had received the exact same text message. A quick search on the net found a number of people had received the same spammed-out SMS message.
Things really piqued Onur’s interest, however, when he himself then received it on his iPhone!
Congratulations, Your entry into our contest last month made you a WINNER! Goto [LINK] to claim your prize! You have 24 hours to claim
Although the phone number it was apparently sent from was different from the one that his friend had received, Onur recognised the same dodgy link.
Because, of course, that’s not a link that is going to take you to Apple’s website at apple.com, but to a website called textwon.com instead.
Textwon’s WHOIS information reveals that it is a brand new domain, registered on May 4th 2012. The actual contact information for who registered the domain is hidden behind by a domain privacy service, but the A-Record IP address of the domain is linked with others that are known to have hosted malware, scams, adware and fake anti-virus in the past.
In short, this is clearly a link that should be avoided.
If you did make the mistake of clicking on the link, you can find yourself redirected to a number of different websites depending on where in the world you are based – including the perennial “Win a free iPad by filling in this survey” scams.
Frequently such scams will dupe you into believing you have won a prize, and ask you to enter your cellphone number. If you’re not careful and don’t read the small print, you will find that you have accidentally authorised a premium rate service to sign you up as a subscriber – adding dollars each week to your phone bill.
Always take care about clicking on links sent to you out of the blue, even if they arrive on your mobile phone.