Fake contests that purport to be sponsored by a reputable company are not new, but now, cybercriminals that launch such campaigns have turned their attention to mobile phone owners. In one instance, to ensure the success of the operation, they use the name and reputation of Apple.
“Congratulations, Your entry into our contest last month made you a WINNER! Goto www.apple.com.textwon.com to claim your prize! You have 24 hours to claim,” reads the message found by Sophos researchers.
While at first glance it may seem that the link points to the genuine Apple site, if we take a closer look we see that “apple.com” is actually a subdomain of the “textwon.com” website.
After investigating the domain, experts determined that it was registered on May 4, 2012.
“The actual contact information for who registered the domain is hidden behind by a domain privacy service, but the A-Record IP address of the domain is linked with others that are known to have hosted malware, scams, adware and fake anti-virus in the past,” Graham Cluley of Sophos reports.
Users who fall for the scam and click on the link are redirected to one of the many shady websites, depending on their location. However, in most cases, the victim is taken to a site which promises a free iPad, or other fancy gadget, in return for the completion of a classic survey.
As always, no one ever wins anything, except for the fraudsters, who earn a certain amount of money each time someone falls for the trap.
In some scenarios, after completing the survey, the users are requested to provide a mobile phone number which is used by the cybercrooks to sign them up for unsolicited premium rate services.
These types of schemes are not uncommon on social media websites and many have learned to avoid them, but now, we recommend that you also take a closer look at shady-looking offers received via SMS.