Cloudmark’s 2013 Annual Global Messaging Threat Report
Thu, Jan 30, 2014 by Tom Landesman
As the Chinese New Year rings in the year of the Horse, we’re also excited to announce the release of our 2013 Annual Global Messaging Threat Report. Looking back at the year, we discuss the evolving realm of highly targeted, regional SMS spam campaigns, spammers’ preference for financial themes, Apple iMessage abuse, dramatic increases in the use of hacked domains, and various actions governments have taken to stem the tide of spam.
All spam is, at its core, motivated by profit. Spammers and scammers generate the campaigns that we see in order to earn money. It’s no surprise than that they attempt to motivate others with the lure of financial gain. In the United States, recipients saw 67 percent of SMS spam come in various forms of financial incentives or deceptions during 2013. Free gift cards, payday loans, and alarming yet fake bank alerts topped the list of categories using money as a motivator. However, the UK saw even more. In 2013, UK spammers sent 85 percent of their messages with a financial tone. The graph below illustrates the break down of various financially themed categories in both countries in comparison to non-financial spam.
Argentinian SMS spam had a different theme though. Over the course of 2013, offers for cheap automobiles were the dominant form of reported SMS spam in Argentina. Also, adult oriented content made second place in the United States, accounting for 16% of reports.
On the email side, analysis of 2013 indicated that the U.S. is the by far largest producer of email spam generating about a third of the world’s email spam. Despite directing nearly three quarters of email spam within its own border, the U.S. made considerable contributions to the spam problems seen in Brazil, Australia, Japan, Great Britain, Italy, and Switzerland.
Often the call-to-action URLs included in many spam messages both in the U.S. and around the globe rely heavily on the use of compromised Web servers and domains. The link typically is not pointed at the advertised destination but instead a compromised website that redirects the browser one or more times to the actual site the spammer wants you to see. In 2013, Cloudmark saw a large increase in the amount of spam messages directing users to these compromised sites. The following graph shows the relative volume of compromised domains over the course of 2012 and 2013 for comparison.
Some good news did come about from 2013. The Federal Trade Commission (FTC), a U.S. regulatory agency, took action against what was the most prolific form of SMS spam at the time – “free” gift card scams. Accounting for 44% of all reported U.S. SMS spam in 2012, this category was by far the single largest form of SMS spam. However, we saw the demise of this behemoth category happen nearly over night due most likely to the FTC’s filings against 29 defendants for their involvement in sending the scam texts. On March 7th, the agency announced its actions coinciding with the disappearance of nearly all reports of this type of spam. Details on the historical volumes of this spam type are highlighted in the following graphic.
For a more in-depth discussion of these topics, mobile malware, regional campaigns, and iMessaging attacks, see our complete 2013 Annual Report.