I emailed the bank :
Enquiry: I am writing it regarding an SMS I received asking to SMS my Credit
Card to some number (8 digits, not 5 digits) for a lucky draw by XXX.
IF XXX did sent this SMS, I would like to reflect that you should already
have our Credit Card number. It should be in your database. This SMS is
totally unnecessary. IF this SMS is not from XXX, perhaps someone is trying
to get credits cards number by phishing.
(Again XXX is the bank, which I must say was one of the better ones around)
Anyway, they send me a reply saying they received the email and to wait. 2 days and this came back :
We refer to your email of 2 December 2005.
We thank you for your feedback with regards to the SMS that we have sent to
our cardholders. The SMS was to inform our cardholders of our current
promotion to enjoy 5X XXXI$ for shopping or dining. More details about this
promotion can be found at our website at .
Registration for this promotion can be done at the website or via SMS.
Please be assured that all our cardholders information is kept strictly
confidential by the Bank at all times.
Should you have any further enquiries, simply call us at
Anyway, I didn’t think they were answering my question… I feel I should stop since they probably either did not know what I was asking or did not have the answer. Anyway, this is what I send back :
Thanks for your respond. At least I know the SMS is indeed from XXX.
However I am just a bit concerned about why do you need our Credit Card
number? Doesn't XXX already have our Credit Card number?
Moreover, the number that was sending the SMS belongs to a company call
localguru.com, which I found out was registered by a person in Hong Kong and
their website is not even working. I am just a bit concerned that XXX is
engaging a firm like this to conduct the marketing.
This is just my feedback.
( Well, that was the end of story from the email, nothing came back and I wasn’t expecting much )
This was a wild gose chase. But the important lesson is that, you can never be too sure. Even big bank would trust and use service by foreign company which doesn’t even have a working website. I am just hoping this is not like another ProtonWeb case. I quite like this bank to be honest and that’s is why I go all out to cover them this time.
HOWEVER, this does not mean Phishing by SMS is impossible. It CAN be done. And the message can looks very real and even if it came from somewhere else not many people will doubt it. How many of you would check out a similar SMS like this one? I hope you raise your hand now.