I recently found out (somewhat belatedly, I know) that the SMS.ac service (for which many of you will have already received “invitations”, and a few of you may have already signed up for) is a scam. I advise those who have already signed up to keep a close watch on their mobile phone bill and their email account (especially if it is a Hotmail email account). I will explain how the scam works below:
During sign up, the user is presented a notice that mentions that they should “Use your Hotmail email for best results!”. If the user enters a Hotmail address at this stage, later they will be explicitly asked for their Hotmail login information. If provided, using this login information, by default, the SMS.ac site will log into your Hotmail account, download your entire addressbook, and begin spamming each of the people listed in your addressbook multiple times, asking them to sign up for this “service”.
A potentially worse effect is that if you provide them with your mobile phone number, they may begin to send you SMS messages which you, as the recipient, will be charged for. This may happen even though you have not provided them credit card information, because during the sign up process you will have (likely unwittingly) agreed to have these messages sent to you and be charged for them by your mobile phone provider.
If you have already signed up for SMS.ac and have provided them with your email password, your first step should be to immediately change that compromised password so that SMS.ac will not continue to have access to your email account.
Second, if you have signed up for their SMS “services”, I recommend that you cancel your account with SMS.ac immediately and scrutinise your mobile phone bill at the end of the month for any unexpected charges.
If you have not yet signed up for SMS.ac, then you can prevent being affected by deleting all emails from SMS.ac without clicking on any links offered in their emails. If your email provider offers a ‘Mark as Junk/Spam’ option, you may wish to use that instead of doing a regular delete.
There is a wealth of information about SMS.ac online (most of which is rather negative), which you will be able to find using most search engines.
As a general reminder, divulging passwords to any third party website is never a good idea. It is good practice to have unique passwords for services for which security is essential, such as online banking and email. Good passwords are never less than 8 characters long, and there are tools online that will help you to create strong passwords.
UPDATE: SMS.ac is not just reading addressbooks from Hotmail accounts, but also from Gmail and Yahoo! accounts as well! Please don’t encourage this kind of repugnant behaviour by signing up for their “service”.