Congratulations! You have won a $1000 BestBuy Gift Card
Yesterday, I received a text message on my phone, indicating that I had won a $1000 BestBuy Gift Card. Yeah, right.
- The URL provided was one from tinyurl.com, a URL shortener.
- I went on over to the Preview Feature (cool!) to ensure that it was enabled. One would use this when you “Don’t want to be instantly redirected to a TinyURL and instead want to see where it’s going before going to the site[.]” (requires cookies to be enabled).
- The URL given is to cardwinnersnow.net. Please don’t go there.
- I head on over Network Solutions “WHOIS Search for Domain Registration Information.”
- The domain is registered in the Ukraine.
- I know internet worms come from places like that.
- My phone is a dumb phone, and my computer is a Mac, so I’m relatively safe, but I don’t want those facts to lull me into a sense of complacency.
- I figure you like your security, privacy, and computer performance as much as I do, and so tell you this little tale.
- Moral: netizens beware!
This isn’t supposed to happen in the App Store ecosystem.
Early Thursday morning, Kaspersky posted a blog entry that details a new malicious app that has made it’s way to both the Apple App Store and Google Play Store. The app’s name is Find and Call, and it’s the first time we’ve ever seen a malicious app make it into Apple’s App Store.
Once installed, the app asks you to register your phone number and email address. Find and Call will also ask if you want to “find friends in a phone book” before discretely uploading your entire contact list to a remote server. The app will continue to upload your contacts, and will SMS messages to those people that contain a link to download the app themselves. These SMS messages show up as if they were sent from your number, so the recipients are much more likely to click on the link. (via Report: Trojan Horse found in the iOS App Store | Macworld)
I got a group invitation for something similar to this. I wouldn’t join, as it’s likely to be a hoax.