Hold onto your phone! Consumers nationwide are under fire from an aggressive text message spam campaign and your cell phone may be next. This latest attack tells victims that they’ve won a free $1000 Best Buy gift card on BestBuyWin.net or BestBuyWin.mobi in an effort to collect the victim’s personal information. It’s a fresh barrage of a scheme we’ve seen before on Scambook, but this time the numbers have shattered our records — and they’re still rising.
Based on data we’ve collected from our site, Scambook anticipates that over 100,000 mobile users will receive these texts by mid-November in an attack wave that corresponds to the peak holiday shopping season. Damages associated with SMS fees and unwanted subscription costs could exceed $40,000.
Unfortunately, there’s not much you can do to stop spammers from texting you, but you can prepare yourself in case you are targeted. Don’t blame Best Buy. Don’t respond to the text. And unless you want even more spam, junk mail and telemarketing calls, don’t complete any of the “special offers” on BestBuyWin.net.
BestBuyWin.net Smishing Explained
This mass text spam campaign is called “smishing,” from SMS and phishing. Like phishing, a smishing attack tries to get your private information through threats or coercion. The BestBuyWin.net smishing message erroneously informs users that they’ve won a free $1000 Best Buy gift card, despite the fact that users haven’t entered any contests. On Scambook, we’ve received hundreds of complaints just like this:
Actual Scambook User Complaint: “Received text message stating won 1,000.00 Best Buy gift card per entry last month. Did not enter anything. they gave me the code of 5555 like so many others. It came from ph# 909-973-7076.”
Actual Scambook User Complaint: “I rec’d a text message at 5:45am from 909-837-7761 informing me I had 24 hrs to enter winning code 5555 to claim $1000 at BestBuyWin.net. I was dubious since I have not made entry anytime to win.”
The senders may be different phone numbers, but virtually all complaint descriptions cite the BestBuyWin.net website. If you visit BestBuyWin.net, it’s easy to see why some users would believe the gift card contest is associated with the real Best Buy corporation. The website has appropriated Best Buy’s official logo and its iconic blue and yellow colors:
We reached out to Best Buy, who confirmed that the electronics retail giant isn’t involved with this smishing scheme. Here’s what a Best Buy press representative told us in an email:
“Some customers may have recently received a text message indicating that they won a $1,000 Best Buy gift card. It prompted customers to visit a third-party site set-up to look like our brands. This message did not originate from Best Buy or Geek Squad and was not a result of a breach of our customer information.
“We have taken a number of steps, including legal action, to address these types of scams. In these rare instances [when customers complain], we individually respond to customers and apologize for any frustration or inconvenience and work to resolve immediately.”
An Unprecedented Attack
Based on hundreds of Scambook complaint submissions and over 150,000 pageviews from January 2012 to the present, we’ve identified the BestBuyWin.net gift card text as one of the top trends in smishing.
Scambook Company Group Stats
BestBuyWin.Mobi / 459 Complaints / Total Reported Damages $2,354,858.69
BestBuyWin.com / 80 Complaints / Total Reported Damages $75,367.24
“BestBuyWin.net” ranked as our #1 search term for September 2012.
Our data shows that these text messages hit consumers in a wave that lasts approximately 3 months, separated by approximately 1 month of low or zero activity. Consumers are affected all across the country, regardless of gender, race, age, income bracket or brand loyalty to Best Buy. The volume of complaints and pageviews surrounding “BestBuyWin.net” rose exponentially between the first two waves.
Currently, we’re in the early stages of a Third Wave that began in late September. Scambook estimates that over 84,000 consumers have received text messages about BestBuyWin.net in this current wave so far, and the number of recipients will continue to climb. We anticipate that activity will continue to increase, with minor fluctuations, for the month of October, then reach peak activity in mid-November before gradually declining in December. We may see over 100,000 cell phone users affected by this smishing scheme before the current wave ends. Damages could exceed $40,000.
It’s no coincidence that this Third Wave corresponds to the holiday shopping season. We suspect that the perpetrators of this smishing scheme used the earlier, smaller waves to test their methodology and fine-tune it for the current attack. After all, consumers are extra hungry for deals and promotions this time of year. Who wouldn’t want a free $1000 Best Buy gift card to spend on Christmas presents?
But no matter how tempting, you shouldn’t fall for this free offer. Here’s why:
Protect Your Privacy
So what should you do, if you receive one of these text messages? Ignore it. Spammers execute these schemes at random and they don’t know that your phone number is active. When you reply, they know they’ve hit a live cell phone. You’ll receive even more spam. With text messages costing 20 cents on some wireless plans, those fees can quickly add up. Take a picture of the spam text, contact your service provider and dispute the charges. You can also ask about placing a block on the sender’s number.
Don’t “redeem your prize” on BestBuyWin.net. It’s tempting, but the “free” gift card offer is extremely misleading. First, people who receive this message didn’t enter any contest. Second, you don’t need the special 5555 code to enter the site, and the countdown timer is also meaningless. These are just gimmicks to lure you in. Third, and most importantly, it’s not a free offer if you have to purchase something to claim your reward.
I waited for the clock to run down on BestBuyWin.net. Nothing happened. Then, I clicked “continue” without entering any code. I got through anyway. Here’s what I saw:
Once again, it’s a close spoof of Best Buy’s brand style, but let’s review the Fine Print and translate some key points.
“The manufacturers and retailers of the gift items offered through our programs have not endorsed this promotion and are not affiliated with the promotion in anyway.”
Translation: This is not an official offer from Best Buy.
“Program Requirements … [You must complete] two reward offers from each of the Silver and Gold reward offer page options and nine reward offers from the Platinum reward offer page options and refer 3 friends to do the same.”
Translation: Even though you “won” the gift card prize, you won’t get it unless you sign up for 13 offers for paid subscriptions and other services. You also need to convince 3 friends to do the same thing.
“Your information will be shared with our marketing partners.”
Translation: Your email, phone number, mailing address and any other personal information that you share will be handed over to more advertising companies.
Translation: Seriously, prepare for a deluge of spam if you sign up with this program.
Sorry, You’re Not a Winner
The bottom line is that you didn’t win a free $1000 Best Buy gift card. BestBuyWin.net is operated by a third-party Rewards Program site that doesn’t have any affiliation with Best Buy. To redeem your “free prize,” you’d have to sign up for 13 separate special offers and recruit 3 friends to do the same, handing over a ton of personal information to marketers and spammers in the process. We advise consumers to ignore these text messages, contact your cell phone service provider and report the incident on Scambook using our Complaint Submission form.
The Scambook Blog will keep tracking this unprecedented smishing attack and update this story when we have more information.