Wednesday, June 12, 2013 by Cloudmark
Summer has come, and SMS spam is here to stay. Recent FTC allegations against gift card scammers and a change of seasons have led to major shifts in the estimated 480 million SMS spam sent monthly to U.S. residents. During the month, two of the top five reported types of SMS spam in the United States were forms of fraudulent scams. Most notably, the bulk of Win Free Stuff Scams have changed from gift card and iPhone 6 hooks to a more seasonal approach: cruises. Starting just prior to the U.S. tax season, SMS phishing attempts have continued a trend of steady increase to take the top spot in May.
Win Free Stuff Scams
As the swimsuits are coming out for summer, so are the vacation scams. Last month 72% of all Win Free Stuff Scams lured American recipients with the false promise of a free cruise. Mass texts are sent out declaring that “YOU!” have won a free cruise to an exotic Caribbean location. The only catch? First, they ask you to fill out a long set of forms or surveys to qualify. Often nestled in these forms are terms and conditions that make actually winning nearly impossible. Should you magically qualify, scammers will extract endless fees until the victim has paid more than face value for their prize. Nothing in life is free after all, not even free cruises.
Bank, Card, and Account Phishing
This past month Bank/Account Phishing was both the most prevalent category and arguably the most dangerous. Messages of this type are sent out masquerading as a bank claiming that the recipient’s account has been locked for fraudulent charges or suspicious behavior. This fear mongering compels the victim to use a provided phone number or link to resolve the issue. Unfortunately, criminals use this bit of social engineering to trick victims into divulging bank accounts, credit cards, debit cards, and other personal information for the sake of “unlocking” the account. With this information in hand, the perpetrators can now commit a myriad of crimes that can have very serious financial repercussions.
Spammers, regrettably, may have seen some traction with phishing attempts in recent months. Since the beginning of 2013, SMS phishing attempts have risen from 2% to 32% of monthly volumes. The following chart illustrates the monthly volumes of Bank/Account Phishing:
Adult Content Spam
Contributing approximately 24% of May’s volume, adult-themed spam came in at number two. These texts entice audiences to follow a supplied link promising adult content or suggestive dating language. Senders use obfuscated, shortened referral links to derive revenue from affiliate marketing campaigns. However, users often find that the promised content was egregiously misrepresented. This form of affiliate fraud has resulted in certain sites aggressively banning known spammers, but the problem is on going. The graph below shows that just last month adult-themed SMS spam spiked above 40% of daily volume on several occasions, reaching as high as 60%.
Junk Car Spam
“WE BUY JUNK CARS” and “COMPRO CARROS” spam continued to flood the phones of many Florida residents last month. Surpisingly, more than 9% of the entire countries reported spam came from this single state in May. This on-going SMS epidemic has plagued the sunshine state for more than a year and half. It’s pushed one Florida resident, Scott Owens, to file a federal class action lawsuit action against the suspected senders. In it, Owens is seeking a staggering one billion dollars in damages for unwilling recipients of the spam. As we’ve seen however, the spam continues to inundate Floridians unabated.
Trailing behind junk car spam, payday loans also made a small ripple in SMS spam during May. Payday Loan Spam is often made up of unsolicited texts from lead publishers for legitimate businesses over short term cash loans. Ping trees, a sort of sharing network for these leads, can pose as a security risk though. After responding, a user and their information can be passed off to other members in the ping tree. Sometimes you may get passed to a legitimate lender. Sometimes they’re out to steal your information. Worse yet, some entities have been caught demanding fees in advance for loans that may or may not be real.