Closeup portrait worried skeptical surprised man reading bad news sms on smart mobile phone drinking holding cup coffee isolated grey wall background. Human face expression emotion  reaction

SMS group spam promises free gifts in return for bill payment

We’re seeing lots of examples of peculiar SMS messages sent to random groups of people. Most of these messages promise free gifts and/or offers after having paid bills. Nobody has asked for these texts, and they’re not being sent by providers of any services. What’s going on?

The set up

Most of the messages we’ve seen, and indeed received ourselves, are identical to the below example:

Free Msg: your bill is paid for March. Thanks, here’s a little gift for you [URL removed]

Where do the links go?

A very good question. Clicking any of the links while on desktop typically results in a site failing to load error. Most likely, they’re checking the user agent of your browser to ensure you’re on mobile when hitting the link.

On mobile, you’re bounced through a secondary URL before landing on a 404 error on Facebook or Twitter. Despite a piece of this website daisy-chain being lost to the void, the texts are still coming and it’s probably child’s play to correct the broken landing pages to something functional. As a result, we can’t say for sure what the final destination is. 

A friend of mine mentioned they ended up on some sort of airpod/free mobile accessories offer site from a similar group message not so long ago, so that’s one possibility. What we can say is that you should definitely avoid clicking these links should you receive one. We simply don’t know where you’ll end up, and you can very easily end up out of pocketwith one mis-click.

Tips to avoid this SMS group spam

  • A lot of people are sending “STOP” messages in response to these messages. Unfortunately this won’t work, and you’re not going to opt-out of anything in this scenario.
  • Blocking the sender number helps, but they’re coming from several numbers one after the other. If you’ve received one, sadly you should probably expect more. Remember to report every single one which comes your way.
  • It can be tricky generally to block messages when dropped into a random group. Depending on phone/app, you should be able to tap three dots (or similar) and report the spamming number from there. This may also result in blocking all numbers in the group by default, which means you won’t receive dozens of unsubscribe style messages all day long from 19 other people.

Remember: If in doubt, visit your provider’s website and see first-hand if they’re offering up freebies for payment. The likelihood is they’re not, but it’s still better than clicking any of the above to find out.

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.