The circulation of a fraudulent SMS notifying users of the subscription to a gaming service for an amount of €50 per week has been detected by the OSI internet security office.
The message includes a link to cancel the supposed subscription, which, in case of accessing and following the process, will be when the fraud actually materialises, and the money is charged to the user’s account.
The user receives a fraudulent SMS on behalf of Yorgames, a gaming platform, indicating that you have subscribed to its services for €50 per week. A link to unsubscribe is provided in the message. Important, it is not ruled out that SMS with similar characteristics can be received with different names, types of services and subscription amounts, therefore, we must be vigilant in this regard if we receive messages with the same characteristics.
The name of the victim is indicated in the SMS, thus giving the fraud greater credibility. This data could have been extracted from a leak from different online services.
In the case of accessing the link, the user will be redirected to a fraudulent website where their name, telephone number and the amount of the subscription will be indicated, as well as the option to cancel their subscription through a button included in the lower part.
In case of trying to cancel the subscription, the user will be redirected to the application payment system configured on their device (Google Pay or Apple Pay) and if they continue, they will not be cancelling the subscription, but actually making the payment.
If you receive an SMS indicating that you are subscribed to a service that you are not aware of and they provide you with a link to cancel it, do not access it, it is a fraud. If in doubt, you can check which services you are subscribed to as follows:
On Android devices, access the Google Play application. Then, at the top right, select your profile icon > Payments & subscriptions > Subscriptions. Finally, select the subscription you want to cancel. More information about this process on the Google help page: Manage Google Play subscriptions.
On iOS devices, through Settings > Apple ID > Subscriptions, where you can check the list of active subscriptions and expiration date as well as inactive ones. Learn more about subscriptions on Apple’s support page: Cancel a subscription.
If, on the contrary, you have accessed the link and followed the instructions until making the payment, proceed as follows:
Contact your application payment platform (Google Pay, Apple Pay) as soon as possible to inform them of what happened and try to cancel the transaction.
And if you have also provided your personal data, stay tuned and periodically check what information is published about you ( egosurfing ) on the Internet to check that it is not being misused.
Block the phone that sent you the SMS to prevent it from contacting you again.
Finally, you can always report this situation to the State Security Forces and Corps.
Avoid being a victim of smishing fraud by following our recommendations:
Do not enter or share your phone number on online sites that are not safe or reliable, especially in contests, sweepstakes or promotions that are promoted by unknown companies.
Do not access URLs that appear in messages from unknown users or that you have not requested, delete them directly. Do not reply to these SMS under any circumstances.
Be careful when following links, even from known contacts. Check the URL of the web page. If there is no certificate, or if it does not correspond to the site we are accessing, do not provide any type of personal information: username, password, bank details, etc.
In case of doubt, consult directly with the entity involved through its official channels.