CHICAGO -- Light Reading's Big Telecom Event 2014 -- Mobile users love to text, but you know who else loves it? Spammers, scammers, and malicious phishers.
Mobile phishing -- attempts to acquire personal info, including financial data -- has been a growing problem ever since unlimited SMS buckets became the norm, according to Neil Cook, CTO of messaging security vendor Cloudmark Inc. In honor of BTE in Chicago, the company spliced its data for us to show how phishing affected consumers here in particular. (See SMS Is Far From Dead and Stemming the Tide of SMS Spam.)
In April, 39% of Chicago-bound phishing messages were around banking schemes. Cloudmark found that these scams grew from 0% of phishing messages on April 9 to 85% on April 10, continuing to grow until peaking at 92% on April 15, before dropping off completely. You guessed it, it was phishing to celebrate tax day. The scams were primarily aimed at those Chicagoans who opted to put their refunds on an Achieve prepaid debit card.
Cook said this type of event-based spam is common, and is especially concerning because the phishing scams can look legit, come from trusted sources, and are timed in such a way that you believe they're valid. What's more, even if your bank is using a trusted broker, that broker could be using a less than stand-up company or employee somewhere along the chain. As such, it could look like it's coming from a legitimate short code when it's really scam. (See Orange France Hacked.)
"Safeguarding personal information is key to surviving in a cyber-security world," Cook said. "The more info they know about you, the more they'll spam you." And the more personalized and socially engineered it will be, he added, meaning it gets harder to discern the good from the bad. That's especially scary when health or financial information is involved. (See LTE Brings More Malware.)
Cloudmark launched a Spam Reporting Service (SRS) two years ago with the support of the GSM Association (GSMA) that most major operators are now using. When their customers get a spam message, they forward it to 7726. The operators can use this aggregated data to block or filter out phishing scams and better understand where they come from. Cook said millions of messages have been forwarded since the program started. (See Cloudmark, Tekelec Tackle Text Spam and Cloudmark Improves SMS Security.)
He is working to get the operators to be more open about how they are protecting their networks and their customers from malicious attacks on the network too. That's been a battle as most are unwilling to talk. "People with access to personal info like Facebook and Google at least talk about their policies," Cook said.
Cloudmark also provides spam filtering software to operators to proactively cut down on phishing attempts, since Cook says protection has to stem from the network. As far as consumers are concerned, the best thing they can do is not touch a spam message they receive outside of forwarding it to 7726. Don't respond and certainly don't click on it, or you better prepare to go phishing.
— Sarah Reedy, Senior Editor, Light Reading