Fraudsters spam out scams via SMS text messages

Have you received an SMS message, seemingly from Apple, on your mobile phone telling you that you have won a prize in a contest?

SophosLabs researcher Onur Komili told Naked Security that he was browsing his Facebook newsfeed this weekend, when he saw a friend – let’s call him Freddie – post a screenshot of the text message.

Seven of Freddie’s friends in the Vancouver region also reported that they had received the exact same text message. A quick search on the net found a number of people had received the same spammed-out SMS message.

Things really piqued Onur’s interest, however, when he himself then received it on his iPhone!

Sign up to our free newsletter.
Security news, advice, and tips.

SMS scam message

Congratulations, Your entry into our contest last month made you a WINNER! Goto [LINK] to claim your prize! You have 24 hours to claim

Although the phone number it was apparently sent from was different from the one that his friend had received, Onur recognised the same dodgy link.

Because, of course, that’s not a link that is going to take you to Apple’s website at apple.com, but to a website called textwon.com instead.

Textwon’s WHOIS information reveals that it is a brand new domain, registered on May 4th 2012. The actual contact information for who registered the domain is hidden behind by a domain privacy service, but the A-Record IP address of the domain is linked with others that are known to have hosted malware, scams, adware and fake anti-virus in the past.

In short, this is clearly a link that should be avoided.

If you did make the mistake of clicking on the link, you can find yourself redirected to a number of different websites depending on where in the world you are based – including the perennial “Win a free iPad by filling in this survey” scams.

Frequently such scams will dupe you into believing you have won a prize, and ask you to enter your cellphone number. If you’re not careful and don’t read the small print, you will find that you have accidentally authorised a premium rate service to sign you up as a subscriber – adding dollars each week to your phone bill.

Always take care about clicking on links sent to you out of the blue, even if they arrive on your mobile phone.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.