We have blogged before about mobile spam messages, and while email spam declined in the past year to around 66%, mobile spam—although not yet that prevalent—is now gaining ground.
Currently the “winning ticket” theme is making its rounds through central Europe. Eight friends of mine received it over the space of a few days and I am proud that none of them fell for it, even though some were sorely tempted. The message states that you have won two million pounds sterling with some numbers that you never selected, in a non-specified lottery that you have certainly never played. There are a lot of variations of this particular scam that we have observed over the years, with a range of different prizes including cars and holidays. Unfortunately, there is no money behind it—at least not for you—as of course if you never play the lottery, you will definitely never win it. It is just another advance fee scam, where the scammer will eventually try to trick the victim into paying some release fee or expenses in order to get the alleged prize.
The question that comes to mind is: how did the attackers get your phone number? There are various possibilities. From rogue mobile applications that steal your address book and upload it somewhere to entities that sell such information; or data leakage after data breaches at a service that you have subscribed to. In some cases, it even seems that the scammer is simply iterating through all possible numbers in a given mobile network and trying out these numbers. As most providers have a very good saturation of their number space, the chances of hitting a live number is actually quite high. Therefore receiving the message is not necessarily your fault, it could be that one of your friend’s mobile phones was infected and then uploaded your number, or it could be that the scammer just picked your number by pure luck.
Unfortunately, this “luck” still does not mean that you have won anything.
As always, do not respond to such spam messages and definitely don’t quit your day job for it.