We advise our blog readers and T-Mobile subscribers to be wary of this latest SMiShing (or SMS phishing) attempt in the wild.

In case you have encountered the below URL online or on your mobile device via SMS, do note that the information you might be imparting to avail of the so-called discount is far more valuable than the $20 savings this campaign promises.

hxxp://t-mobile-promos[DOT]com

According to a WHOIS database, this domain is registered seven days ago and hosted at Orange Website, a European Web hosting provider.

Reddit user Menpachi has shared the photo below to give other Redditors (and us) a glimpse of what the scam, in SMS form, may look like:

Menpachis-phone-screenshot

Congratulations

Get a discount of 20$ on your next bill

Enter the link to claim your discount

www[DOT]t-mobile-promos[DOT]com

Paul Parker

Promotions manager

Once users click the link, a browser opens to the phishing site below:

t-mobile-smish-02click to enlarge

This page asks for the user’s T-Mobile number and password, credentials that are needed to access a My T-Mobile account.

Clicking the Login button once information is provided reloads a new page, asking for the last four digits of the user’s SSN and their PIN.

t-mobile-smish-03click to enlarge

Gathered information are saved in separate PHP pages within the domain.

Clicking the Complete button leads to the splash page below before finally redirecting users to the official T-Mobile website:

t-mobile-smish-04click to enlarge

Thank you trusting T-Mobile
your bonus is submitted

According to T-Mobile’s Privacy & Security Resource page:

t-mobile-smish-05

Like T-Mobile, most reputable companies will not send you e-mails or otherwise contact you requesting sensitive 
personal information. Be aware of the policies and practices of the other companies you deal with and always be
suspicious of unsolicited requests for such information. As phishing attempts will likely continue to evolve, it is important to always think twice before you provide any personal information in response to e-mails.

Subscribers should remember this particular section so it would be easier to determine the fake offers and/or sites from the real ones. In this case, t-mobile-promos[DOT]com is definitely a scam. It’s best to avoid visiting and sharing the URL with others.

T-Mobile encourages victims of SMiShing scams to report to the official page of the Federal Trade Commission (FTC) and visit their Identity Theft page to learn what steps to take in minimizing damages from such fraud campaigns.

Jovi Umawing