We advise our blog readers and T-Mobile subscribers to be wary of this latest SMiShing (or SMS phishing) attempt in the wild.
In case you have encountered the below URL online or on your mobile device via SMS, do note that the information you might be imparting to avail of the so-called discount is far more valuable than the $20 savings this campaign promises.
hxxp://t-mobile-promos[DOT]com
According to a WHOIS database, this domain is registered seven days ago and hosted at Orange Website, a European Web hosting provider.
Reddit user Menpachi has shared the photo below to give other Redditors (and us) a glimpse of what the scam, in SMS form, may look like:
CongratulationsGet a discount of 20$ on your next bill
Enter the link to claim your discount
www[DOT]t-mobile-promos[DOT]com
Paul Parker
Promotions manager
Once users click the link, a browser opens to the phishing site below:
click to enlarge
This page asks for the user’s T-Mobile number and password, credentials that are needed to access a My T-Mobile account.
Clicking the Login button once information is provided reloads a new page, asking for the last four digits of the user’s SSN and their PIN.
click to enlarge
Gathered information are saved in separate PHP pages within the domain.
Clicking the Complete button leads to the splash page below before finally redirecting users to the official T-Mobile website:
click to enlarge
Thank you trusting T-Mobile your bonus is submitted
According to T-Mobile’s Privacy & Security Resource page:
Like T-Mobile, most reputable companies will not send you e-mails or otherwise contact you requesting sensitive personal information. Be aware of the policies and practices of the other companies you deal with and always be suspicious of unsolicited requests for such information. As phishing attempts will likely continue to evolve, it is important to always think twice before you provide any personal information in response to e-mails.
Subscribers should remember this particular section so it would be easier to determine the fake offers and/or sites from the real ones. In this case, t-mobile-promos[DOT]com is definitely a scam. It’s best to avoid visiting and sharing the URL with others.
T-Mobile encourages victims of SMiShing scams to report to the official page of the Federal Trade Commission (FTC) and visit their Identity Theft page to learn what steps to take in minimizing damages from such fraud campaigns.