A new message that came to our mobile phone this afternoon caught our attention. It was from an unknown user and he urged us to go to the website smsfoto.net to see a new photo. As you may have guessed, of course it's another phishing message.
The sms arrived from the sender INFOmessage and had as text the following: "You received - (1) - new photo: http://smsfoto.net/c/d?i=Fwi614DG3a". The lack of the name of the real sender as well as the text of the message which was not usual, made us suspicious and so we tried the link not from the mobile phone, but from a pc.
Opening our page, an advertisement of the Sklavenitis super market appeared, which stated in a bad translation that we can claim an award if we declare our age. Knowing now that this is one phishing page we began to wonder about her, looking for who might be hiding behind her.
The page after 4 seconds flew us to a second, http://apple2win.com/page?cam=10274&country=gr&pub=129&aff_id=1170&click_id=5Fw614DG3a, which now asked us to fill in our mobile phone offering us 500 euros in a gift certificate from Sklavenitis.
Of course we did not move forward. Both websites are hosted in the Netherlands, on the servers of Leaseweb, a well-known server rental company that has been active in the market for over 15 years. The two domains are from GoDaddy. The 1st domain, smsfoto.net without the rest of the original URL address, gave us a blank page, while the domain apple2win.com gave us that behind it is the company LS Solutions which in Greece is represented (??) by DIMOCO Greece INDIVIDUAL IKE with phone number 2111982818.
A simple Google search of this phone showed that the number belongs simultaneously to the companies Cellyobi of PINICO BV, Cytech Ltd, cooliyobi of Sur.ly, Slickly and several others. All of them manage the domains celllyobi.com, www.sur.ly, slick.ly, www.cooliyobi.com, www.apple2win.com, http://halocell.com (watch out for porn), and of course smsfoto.net
These people seem to have once sold sms over the internet, before moving on to more profitable pursuits. With the name INFOmessage in sms messages, we found some Greek company that does this work and in particular they sell sms packages messages which do not show the sender but only the name INFOmessage. Because we're not sure they're involved, we're not naming them.
Conclusion. Always be suspicious when you receive messages, sms, emails from people you either do not know or who do not show who they are. Be aware that if something sounds too improbable, then it is almost certain that it is not true.
Hi to all. Yesterday they came to me two and / or the same problem as in the article and yes they both had avast. Different models. No solution. For format restore complete.
When referred to as phising, sending such messages is not meant to be a virus that will be truncated through a format. Phishing means sending messages where you are asked to give your information and / or to be charged (giving your details).
So, someone with a headache used your mail or your mobile number (if it also came on a mobile phone) just to make fun of you, to take your data (and in this case) to make you… lighter in your pocket by charging you very expensively and useless SMS.
Not only is there suspicion and caution against such situations.
In this case the (non-existent)… state should have taken a position (at least) since the beginning of 2016 when the "issue" with these… companies had arisen.
More detailed I quote and it may be good to indulge the present MAY with your own article, to the competent Authorities.
22-5-2016: http://bankingnews.gr/index.php?id=252816
23-5-2016: http://www.tyropoulos.gr/%CF%8C%CF%81%CE%B3%CE%B9%CE%B1-%CE%B1%CF%80%CF%8C-%CE%B5%CF%84%CE%B1%CE%B9%CF%81%CE%AF%CE%B5%CF%82-%CF%80%CE%BF%CF%85-%CF%83%CF%84%CE%AD%CE%BB%CE%BD%CE%BF%CF%85%CE%BD-5%CF%88%CE%B7%CF%86%CE%B9%CE%B1-s/
21-7-2016: http://www.bankingnews.gr/%CE%B5%CF%80%CE%B9%CF%87%CE%B5%CE%B9%CF%81%CE%AE%CF%83%CE%B5%CE%B9%CF%82/item/262467-%CF%84%CE%B9-%CF%85%CF%80%CE%BF%CF%83%CF%84%CE%B7%CF%81%CE%AF%CE%B6%CE%B5%CE%B9-%CE%B7-dimoco-%CE%B3%CE%B9%CE%B1-%CF%80%CF%81%CF%8C%CF%83%CF%86%CE%B1%CF%84%CE%BF-%CE%B4%CE%B7%CE%BC%CE%BF%CF%83%CE%AF%CE%B5%CF%85%CE%BC%CE%B1-%CF%84%CE%BF%CF%85-bankingnews.html
And the above happened under: http://www.geminet.gr/_intradownload/60a6237a-6943-489c-9703-2d48311afee0.pdf
Good continuity and success for those involved. I'm bored :) (let me have other primary ones).