Today a smishing1 scam was attempted against my iPhone.
It all starts with a SMS text message which directs you to a web site that is intending to trick you into thinking is somehow related to Apple2.
The phone number can be checked out of curiosity but be aware that it is very simple to insert a fake originating number so the phone number doesn’t really reveal anything other than a preferred diversion location for the perpetrator.
The whole idea is to get you to go to their fake “won gift” web site to trick you into entering personal information.
Looking at the URL the scammer has a domain name of wongift.cc. The .cc Top Level Domain (TLD) was originally assigned as the country code assigned to the Cocos Islands but registrars allow it to be purchased by anyone.
The directory has been named apple.ca to suggest an affiliation with Apple Canada but this is meaningless because directories on a top level domain server can be called anything without any registration. If you enter the 0000 requested they capture your personal information. This Smishing (SMS phishing) scam is based on luring you with Apple products but a similar scam with bogus Best Buy or Walmart gift cards has been documented by the Better Business Bureau.
Scammers Using Wal-Mart and Best Buy Names to Lure Consumers Into Gift Card Scam
CHICAGO, IL – March 22, 2012 – The Better Business Bureau serving Chicago and northern Illinois (BBB) received a report about a smishing attempt via text message being sent to users claiming customers won a $1,000 Best Buy or Wal-Mart gift card. The message continues to tell the user to visit a website to claim the amount.
“This is not a legitimate offer and is not promoted nor sent by Best Buy or Wal-Mart,” said Steve J. Bernas, president & CEO of the Better Business Bureau of Chicago and Northern Illinois. “We strongly advise consumers to not complete the form or enter any personal information into the website provided.”
Smishing is the practice of sending a phishing message to steal credit card or identity information via cell phone text messaging.
Bernas explained text messages are not typically blocked and only contain text, making it easier for scammers to make smishing messages appear legitimate.
“As consumers utilize their cell phones more and more to access the Internet, they need to guard against scams as they would on their home or office computers,” he added.
Smishing messages may also direct recipients to call a phony toll-free number in order to complete or cancel some financial transaction where a fake operator will take down your financial information over the phone.
The BBB offers the following tips if you receive a questionable or unsolicited text message:
Check out the URL or phone number of a company before you disclose any personal or financial information for FREE at www.bbb.org
Most financial institutions, utility, or other business will not communicate with you via text message. If you do not recognize the website or phone number being sent to you, don’t visit or call it;
Avoid e-mailing and texting personal and financial information. If you have determined the website to be legitimate and do decide to submit financial information, look for the “lock” icon on the browser’s status bar. It signals that your information is secure during transmission;
Review your credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
For more information on smishing and other scams targeting consumers, visit the BBB online at www.bbb.org
As a private, non-profit organization, the purpose of the Better Business Bureau is to promote an ethical marketplace. BBBs help resolve buyer/seller complaints by means of conciliation, mediation and arbitration. BBBs also review advertising claims, online business practices and charitable organizations. BBBs develop and issue reports on businesses and nonprofit organizations and encourage people to check out a company or charity before making a purchase or donation.
1. [SMS text sending you to a fake web site]↩
2. [a web site pretending to be another web site is called phishing]↩