Most consumers have got wise to email spam. The savvier consumer knows not to open spam mail, and immediately hits delete. However, spammers have become more creative in their spam attack methods.
Global smartphone adoption rapidly increased in 2012, with smartphone users passing the 1 billion mark and this has consequentially resulted in a hike in mobile messaging spam. As opposed to email, we often automatically trust that our SMS must come from someone we know or have done business with and attackers are well aware of this wide acceptance, using it to their advantage.
In my view, consumers need to be made much more aware of the threats their mobile phones are exposed to, and how to protect against them. However, it's also important to note that spammers use a range of different attack methods, which are designed to deceive and confuse consumers. For example, spammers are likely to frequently change individual messages in order to try and evade detection, resulting in a large number of variants.
I was involved in developing our recent 2012 Annual Threat Report, which investigates the various methods spammers have used in the past year to attack unassuming mobile users. Our report reveals that there were more than 350,000 unique unsolicited mobile spam variants in 2012, with a peak in December of 53,000 unique variants alone.
According to our report, the most common unsolicited spam claiming to be gift card offerings (44%), free iPhone and iPad giveaways (11%) and, in the UK in particular, Payment Protection Insurance (PPI) compensation (3%), which appeared after legislators determined that refunds were due to loan recipients who had been mis-sold insurance.
From our research, the main spam tactic that consumers need to be most aware of is combined messaging threats. These attacks use a combination of email, SMS messaging, instant messaging conversations and mining of social network relationships to send spam.
To dupe consumers into subscribing to premium adult webcam services, spammers start by sending out a sequence of SMS messages that appear to be one half of an interactive conversation. Scammers then coax the mobile user into 'conversing' by sending predetermined questions or answers to the mobile user. Via SMS, scammers then entice users to converse on other platforms such as instant messenger to ultimately lead them to a webcam site, which offers an affiliate program that pays £30 per sign up.
Our research highlights the growth of sophisticated mobile threats as new mobile technologies develop and 2013 will see a rise in this sophistication. To avoid mobile users becoming victims of unsolicited SMS spam, I have five tips for consumers:
• Mobile users are strongly encouraged to forward spam texts to their carrier via "7726" spelling out "SPAM" on the keypad
• Do not text "STOP." This response only works with text alerts that the recipient has legitimately signed up to, and has the reverse effect for spam texts - merely confirming that the number is live and encouraging the spammer to continue to target that phone
• Only download mobile applications from reputable app stores and read the terms of service closely
• Never respond to an SMS requesting login details or other personal details - particularly if it claims to be a bank or financial institution
• Speak to your mobile operator to see if you can set up content filters on your mobile account so that premium rate texts cannot be charged and adult content displayed.