It was my first night in Beijing for a long-overdue vacation. I purchased a SIM card from the airport and sent SMS greetings to friends and family and other families in town. SMS is hugely popular and a main communication channel in China. Guess what? The first SMS I received was from a strange number:
Image 1 - SMS spam with hyperlink
The message was a “congratulations” from a very popular Chinese television show on CCTV, named “Special 6+1” that my cell number was selected and that I had won a laptop and 60 thousand Yuan (about $9,000 U.S.). The message provided a URL and verification code to receive the prize.
I’ve seen the show “Special 6+1” on Dish Network in the U.S. before; however, the message did not resemble anything from the show. Given that I just acquired the SIM card from the airport, my first thought was that this was a phishing attack, without a doubt. But professional curiosity didn’t stop here. I decided to drill down the reference link from the message, which led me to a very legitimate-looking website.
I was immediately prompted with an alert dialog box that assured visitors that this is an official entrance to the website of the show “Special 6+1”. It’s not, as you’ll see. The (translated) alert appeared as the following:
“You are entering the official site of 'Special 6+1'. All prize claim process is closely monitored and must be strictly followed. You can have peace in mind while browsing this web site…”
Image 2 - fake CCTV promotion
After clicking OK, the site opens another page and provides a list of steps and procedures for payment - ah, now the money trap comes in.
Before getting your prize, you are asked to call a customer service hotline first, and route money for processing and insurance fees to a list of accounts provided on the site:
Image 3 - Prize claim phone numbers listed
For an average fan who has been sending SMS to participate in the votes and opinion polls on the show, he/she could easily be tricked by this setup. The graphics and text are fairly persuasive, and the URL contains the keyword “CCTV” to add another layer of deception.
How can an average visitor tell if a site is fake? Here are some basic hints one can look for:
- Use a web search engine such as Bing to search for the hotline number: phishing sites often show up in search results with variations of the URL containing the same deceptive content. An official website normally is not hosted on many different URLs.
- Once you are at the site in question, it may have broken links all over the place.
- The listed hotline number on the web site is different from the number that sends you the SMS in the first place.
It was a somewhat interesting surprise on my first night in Beijing. Phishing is everywhere no matter where you are.
While you enjoy the holidays with your families and friends, and send and receive greetings via SMS, Facebook, email, phone … be aware and be cautious. Around this time of year, the bad guys get busy with the holidays too.
-Lena Lin, MMPC