I just got my first seriously nasty SMS: text-message with embedded links. As we know, never EVER click on embedded links in an email. I knew that SMSs can carry these malicious links, but until one came sailing into my phone last week, I hadn't stared at one on my smartphone screen.
It's a standard spam-message, only the delivery-medium (and the heading on the criminal's text) have changed. Let's unpack this nasty piece of work.
"Congratulations! Your Mobile Number just won £850,000GBP,in this year Apple UK Promo."
Well of course it did. I regularly win six-figure sums from firms I've never contacted, don't we all? Scam? Obvious.
"Send Your Unique ID:XXXXX-XXXXXX;Name;Telephone and Address to Email:ScamCriminalDoNotSendAnything@applepromo.org.uk..."
Another spam-identifier: note this is not a valid domain name for Apple Computer. Google "Apple UK" and you get what you'd expect: http://www.apple.com/uk/
"...and call 0044-Scammer'sPhoneNumber to validate and claim your prize money. Barry Watson, Coordinator."
There's no need to Google "Barry Watson" because he doesn't exist.
This SMS is more dangerous than an equivalent e-mail scam, partly because they're less common. We've all received hundreds of scam-mails from fake lotteries, relatives of deposed presidents, or people who simply want to give us a few million euros.
But here the links are on a TOUCHSCREEN. What happens if you accidentally touch the link?
"They're generally just e-mail links," said Richard Stagg, managing director of Hong Kong-based Handshake Networking. "Don't SEND the e-mail, of course, but just because you touched the link and opened a blank e-mail, it's not catastrophic." Do be sure not to accidentally hit the "Send" button. Scammers like to know when an e-mail address is "live."
"A phone number [link] might be a bit worse...your phone could start dialing and then you'd have to hit the cancel button," said Stagg, "but these guys already have your phone number: they texted you on it." The Handshake managing director also mentioned the popular WhatsApp messaging service as an arena for dodgy SMSs.
If you get a scam SMS, delete it and don't touch the highlighted links on the screen. Sometimes you don't even have to open it...on the iPhone, the header alone reads "Congratulations! Your Mobile Number just won £850,000GBP,in this year App..." and the Edit button takes you right to the Delete red-minus buttons: your allies here in the fight against criminal messages. Laugh as you consign this crook's scam-attempt to the cybertrash.
Expect more such attempts. More details on this particular scam here:
Closer to home, the October 1 changes to Hong Kong's PDPO mean closer attention will be paid to personal data collected by Hong Kong firms, often in conjunction with loyalty programs. Retailers need to be careful about how they treat our personal details. We trust our brand-name retail-outlets to keep our data private when we fill out forms for loyalty programs and the like. And they have a stake in keeping it private: brand-equity can be damaged if a firm contravenes the PDPO by failing to protect our data.
More information about the Office of the Privacy Commissioner for Personal Data (PCPD) is available on their Web site.
As our phones increasingly become computer-platforms, they become increasingly vulnerable to attack. Stay informed and as ever, remember: if it seems too good to be true, it is.