Smsfoto.net: Phishing sms messages on the supermarket Sklavenitis

A new that came to our cell phone this afternoon, caught our attention. It was from an unknown user and it prompted us to go to the smsfoto.net website to see a new photo. As you guessed, it is of course another phishing email.

The sms arrived from the sender INFOmessage and had as text the following: "You received - (1) - new photo: http://smsfoto.net/c/d?i=Fwi614DG3a". The lack of the name of the real sender as well as the text of the message which was not usual, made us suspicious and so we tried the link not from the mobile phone, but from a pc.

Opening our page, an advertisement of the Sklavenitis super market appeared, which stated in a bad translation that we can claim an award if we declare our age. Knowing now that this is one phishing page we began to wonder about her, looking for who might be hiding behind her.

The page after 4 seconds flew us to a second, http://apple2win.com/page?cam=10274&country=gr&pub=129&aff_id=1170&click_id=5Fw614DG3a, which now asked us to fill in our mobile phone offering us 500 euros in a gift certificate from Sklavenitis.

Of course we did not move forward. Both websites are hosted in the Netherlands, on the servers of Leaseweb, a well-known server rental company that has been active in the market for over 15 years. The two domains are from . The 1st domain, smsfoto.net without the rest of the original URL address, gave us a blank page, while the domain apple2win.com gave us that behind it is the company LS Solutions which in Greece is represented (??) by DIMOCO Greece INDIVIDUAL IKE with phone number 2111982818.

A simple Google search of this phone showed that the number belongs simultaneously to the companies Cellyobi of PINICO BV, Cytech Ltd, cooliyobi of Sur.ly, Slickly and several others. All of them manage the domains celllyobi.com, www.sur.ly, slick.ly, www.cooliyobi.com, www.apple2win.com, http://halocell.com (watch out for porn), and of course smsfoto.net

These people seem to have once sold sms over the internet, before moving on to more profitable pursuits. With the name INFOmessage in sms messages, we found some Greek company that does this work and specifically they sell sms packages which do not show the sender but only the name INFOmessage. Because we're not sure they're involved, we're not naming them.

Conclusion. Always be suspicious when you receive messages, sms, emails from either you don't know, or you can't see who they are. Be aware that if something sounds too improbable, then it almost certainly isn't real.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.080 registrants.

Written by Dimitris

Dimitris hates on Mondays .....

3 Comments

Leave a Reply
  1. Hi to all. Yesterday they came to me two and / or the same problem as in the article and yes they both had avast. Different models. No solution. For format restore complete.

    • When referred to as phising, sending such messages is not meant to be a virus that will be truncated through a format. Phishing means sending messages where you are asked to give your information and / or to be charged (giving your details).
      So, someone with a headache used your mail or your mobile number (if it also came on a mobile phone) just to make fun of you, to take your data (and in this case) to make you… lighter in your pocket by charging you very expensively and useless SMS.

  2. Not only is there suspicion and caution against such situations.
    In this case the (non-existent)… state should have taken a position (at least) since the beginning of 2016 when the "issue" with these… companies had arisen.
    More detailed I quote and it may be good to indulge the present MAY with your own article, to the competent Authorities.
    22-5-2016: http://bankingnews.gr/index.php?id=252816

    23-5-2016: http://www.tyropoulos.gr/%CF%8C%CF%81%CE%B3%CE%B9%CE%B1-%CE%B1%CF%80%CF%8C-%CE%B5%CF%84%CE%B1%CE%B9%CF%81%CE%AF%CE%B5%CF%82-%CF%80%CE%BF%CF%85-%CF%83%CF%84%CE%AD%CE%BB%CE%BD%CE%BF%CF%85%CE%BD-5%CF%88%CE%B7%CF%86%CE%B9%CE%B1-s/

    21-7-2016: http://www.bankingnews.gr/%CE%B5%CF%80%CE%B9%CF%87%CE%B5%CE%B9%CF%81%CE%AE%CF%83%CE%B5%CE%B9%CF%82/item/262467-%CF%84%CE%B9-%CF%85%CF%80%CE%BF%CF%83%CF%84%CE%B7%CF%81%CE%AF%CE%B6%CE%B5%CE%B9-%CE%B7-dimoco-%CE%B3%CE%B9%CE%B1-%CF%80%CF%81%CF%8C%CF%83%CF%86%CE%B1%CF%84%CE%BF-%CE%B4%CE%B7%CE%BC%CE%BF%CF%83%CE%AF%CE%B5%CF%85%CE%BC%CE%B1-%CF%84%CE%BF%CF%85-bankingnews.html
    And the above happened under: http://www.geminet.gr/_intradownload/60a6237a-6943-489c-9703-2d48311afee0.pdf

    Good continuity and success for those involved. I'm bored :) (let me have other primary ones).

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).