Just a few days ago, I wrote about the mobile spam threat and the real threat of mobile spam being criminals who are using spam to get into mobile phones (predominantly smartphones) given the wealth of information being stored on those phones, the lack of security software on mobile phones and the lack of mobile security awareness among users.
So, I read with interest a post a few days later on Naked Security (a Sophos blog) which described a real example of a text message containing a link to a scam being sent to mobile phones. It is not clear whether the link would just lead you to a scam, or whether clicking on the link would expose the user's mobile phone to malware. If you look at the screenshot on the blog, the spam was simple at one level but clever at the social engineering level as the text in the message contained a link which looked like it came from Apple (the scam relies on users not reading the whole URL carefully).
It would be interesting to know whether this scam could be even more devious with WAP push which allows you to mask the URL. So, could you mask http://www.scamsite.com/ with the text http://www.apple.com/ (instead of http://www.apple.com.text.won.com/ in the Sophos example which will be a dead giveaway to a careful reader that it is a scam) in a WAP push? Will dig around and update if I find anything.
If anything, it just goes to show that you should be wary of clicking or responding to anything which you don't recognise.