Original URL: http://www.theregister.co.uk/2008/02/12/mobile_spam_deluge/

Mobile subscribers showered with spam

Nuisance messages speeds up customer churn

By John Leyden

Posted in Security, 12th February 2008 16:10 GMT

Mobile operators are being warned to brace themselves for a global upsurge in mobile messaging abuse.

The growth of mobile messaging, reductions in message delivery costs, inherent network vulnerabilities, and new mobile marketing initiatives are converging to create a perfect storm for abuse, according to mobile security firm Cloudmark. It reports mobile spam is becoming a growing problem.

China and Southeast Asia are at the leading edge of the problem, partly due to low costs in sending and receiving text messages. In China, the average subscriber receives between six and 10 mobile spam messages per day.

Meanwhile, in India some operators face spam levels of about 30 per cent, even after protocol-level filtering. Levels of spam in Japan are likely to increase as operators open their networks to email-to-SMS and MMS services, Cloudmark warns.

Attackers are applying techniques familiar to those at the receiving end of conventional email spam to the medium. For example, spammers are impersonating other mobile phone numbers and networks to send out spam using SMS spoofing techniques. Unregistered pre-paid SIM cards are also being used to distribute mobile junk messages.

Mobile spam started out as an unscrupulous medium for material ranging from mortgage offers to pornographic messages. It is increasingly being used to scam prospective marks into calling premium rate numbers, texting premium rate short codes, or entering personal information into a phishing site. The increased prevalence of money making rackets has resulted in growing complaints to operators from customers who had previously ignored mobile spam.

As well as copping an earful of abuse over the problem, operators are also being left out of pocket. SMS faking and spoofing attacks from off-network sources cost operators hundreds of thousands of dollars each month in inter-carrier roaming and connection charges, according to Cloudmark.

It reports that government regulators across Asia are stepping in to mandate that mobile operators exercise greater control over mobile spam by making sure customers' complaints are acted upon and to insist on registration of pre-paid mobile SIMs.

Once upon a time in America

Over in the US, email to mobile attacks are dominant. Text messaging via the internet provides a cost-effective platform for miscreants to reach mobile subscribers. While numerically insignificant targets in the past, emails associated with mobile numbers are now showing up on the radar of spammers and phishers.

One in four messages sent to mobile devices via email in North America are made up of spam, according to figures from Cloudmark's mobile operator clients in the region. Mobile spam can drive up resource utilisation and customer complaints. Adding insults to injury, victims of mobile spam in the US are often charged for receiving junk SMS messages, making them more likely to complain and ask for credits from their carrier.

To date, mobile spam attacks in the US have taken the form of unsolicited advertising. However it's probably only a matter of time before scammers get in on the act, as they've already done in Europe.

Safe European home

In Europe, mobile operators' "walled garden" strategies have limited the amount of third-party content from reaching mobile users. This, combined with the relatively high cost of sending SMS messages, has limited (but not eliminated) attacks.

Low-volume, high-value attacks involving phishing and premium rate phone numbers predominate in Europe. SMS flooding — denial of service (DDos) attacks in which large volumes of SMS spam are sent during short time intervals - are also a problem in the region.

Cloudmark reckons so-called vishing attacks that combine the use of VoIP networks with conventional email phishing scams will become a growing problem for mobile subscribers this year. It warns that mobile network abuse can tarnish an operators' brand and lead to increased support costs and customer churn as some customers react to being deluged by garbage by switching networks.

Worse still, mobile abuse may undermine operator attempts to introduce revenue-producing services.

"The growth in mobile messaging abuse is exposing operators to additional and unnecessary costs at a time when they are turning to messaging and mobile advertising to open up new revenue streams," said Jamie de Guerre, chief technology officer at Cloudmark.

"For mobile operators, the greatest risk is that subscribers' zero tolerance attitude towards intrusive mobile spam will prompt them to change providers or opt out of mobile advertising and marketing opportunities, leaving much needed new revenue streams fatally crippled from the outset."

Cloudmark, a provider in the emerging mobile security space, advises mobile operators to take be proactive in protecting their subscribers rather than taking a wait and see approach to possible security problems. ®