An analysis of SMS traffic conducted from March through December 2010 reveals that according to the reports of misuse submitted by AT&T, Bell Mobility, KT, Korean Internet & Security Agency, SFR, Sprint, and Vodafone consumers, spam is found across all networks, and at levels higher than originally anticipated.
The reports were collected by the pilot of the GSMA Spam Reporting Service (SRS), which identified and aggregated reports submitted by users via a short code. It also showed that addressing this would help improve the security and stability of networks and help lessen unwanted traffic on networks which currently clogs and wastes valuable bandwidth.
Attackers are using sophisticated message modification techniques and transmitting low volumes of messages from each sending number to avoid detection over a long period of time. Their methods vary across different regions, making global collaboration even more critical to combating this issue.
Further findings show that most spam originates on-network, followed by peer networks and then through internet services, but each mobile network operator in the pilot was able to identify the source of the spam and take immediate action.
Although nearly one-tenth of spam attacks identified were adult in content, the majority of attacks were for financial gain, with 70% of reports of spam being for fraudulent financial services rather than the traditional advertising scenarios found in email spam.
Further, attacks can be split into three categories:
- Phishing attempts – where the attacker is attempting to collect financial information from the subscriber. This was often done using a URL in the message with a deceptive website or a call to action was to call a fraudulent call centre which attempted to harvest bank details or identity information. A typical message would be that the recipient had won a lottery or gift card and had to call to make their claim;
- Social engineering scams – such as loan or gambling scams where the call to action was often to simply reply to the sender in order to then con the subscriber into transferring cash; or
- Premium rate fraud – here a phone number was embedded in the SMS message and if the subscriber calls or texts the number premium rate charges are unwittingly paid to the attacker. A typical message would be a notification that the subscriber had received a dating or adult services message.
Some regional differences in the type and content of messages were also observed. In Asia, the majority of attacks were driving click fraud relating to gambling sites, followed by fraudulent loan services. In Europe, approximately a quarter of reports related to fraudulent lottery, loan and insurance claim services and a fifth were adult in nature. In North America, there was a large proportion of reports relating to loans and pay day advances.