Rise in iMessage spam related to Luxury Goods

Mon, Dec 02, 2013 by Mark Stemm

Over the weekend I received my first iMessage spam. Here’s a screenshot of the spam message:

imessage_spam_exampleiMessage spam advertising Louis Vuitton, Hermes, Gucci, Prada & YSL handbags

After asking around at Cloudmark, lots of other people also received a similar spam message, so we decided to look in Cloudmark’s Spam Reporting Service (SRS) to see if we could quantify the scope of the attack.

The Spam Reporting Service provides a clearinghouse of reported spam messages for participating mobile operators. In North America, this includes AT&T, Bell Mobility, Sprint, T-Mobile and Verizon Wireless, and other carriers. Outside the US, it includes Telecom Personal, several major carriers in the UK, and other carriers around the world.

While most of the reports we receive today in SRS are for SMS spam messages, it happens to also receive iMessage spam messages, even though iMessage is really an example of over-the-top (OTT) messaging. This mixup isn’t surprising–the two types of messages both appear in the iOS app, and it’s possible to forward an iMessage spam to the 7726 (S-P-A-M) shortcode.

There isn’t any way to specifically categorize reported messages as iMessage vs SMS-delivered, but by analyzing the content and sender of this message along with recent SRS reports, we can come up with an estimate. The following graph counts SRS reports related to this particular spam attack (selling luxury goods) since the beginning of November.

imessage_spam-2

You can see that the attack started around the beginning of November and really took off the weekend of Nov 22-24.

Others have pointed out that iMessage can be easily scripted to send messages to any phone number. Here are some references:

https://discussions.apple.com/message/19663325#19663325
http://mgalligan.com/post/25857584100/imessage-and-spam-a-recipe-for-disaster
http://thenextweb.com/apple/2013/03/29/imessage-denial-of-service-prank-spams-users-rapidly-with-messages-crashes-ios-messages-app/

Given the relative ease of sending messages to potentially millions of recipients, Apple will need to take aggressive measures to prevent iMessage spam volumes from increasing further.

Tags: , , , , , ,

5 Responses to “Rise in iMessage spam related to Luxury Goods”

  1. iMessage overrun by scammers, but Apple do nothing | ITProPortalITProPortal.com Says:

    […] last year cybersecurity firm Cloudmark reported receiving its first piece of spam in the iMessage service. Since then the amount of spam has […]

  2. Apple on message, spammers on iMessage? | Mac Virus Says:

    […] spam on the rise, but little evidence appears in support, citing Cloudmark’s previous admission that its tracking database may not distinguish well between iMessage spam and SMS spam, and low […]

  3. Report claims iMessage spam on the rise, but little evidence appears in support | Personal Site Says:

    […] spam from iMessage users, even on Apple’s own user forums. Cloudmark itself has previously admitted that iMessage spam may be difficult to discern from SMS spam in their tracking database, which […]

  4. Report claims iMessage spam on the rise, but little evidence appears in support | AskmeBoy Says:

    […] of spam from iMessage users, even on Apple’s own user forums.Cloudmark itself has previously admitted that iMessage spam may be difficult to discern from SMS spam in their tracking database, which […]

  5. Report claims iMessage spam on the rise, but little evidence appears in support | AskmeBoy Says:

    […] of spam from iMessage users, even on Apple’s own user forums.Cloudmark itself has previously admitted that iMessage spam may be difficult to discern from SMS spam in their tracking database, which […]

Leave a Reply
(will not be published)
Submit Your Comments

* Indicates a required field

Learn More About Cloudmark
Our Products
News and Events
Site Map  •  Privacy Policy  •  ©2002–2014 Cloudmark, Inc.