How do I recognise mobile spam and abuse?
Wednesday, June 24, 2009 by ncookFollowing on from our press release on the new MobileAuthority solution for mobile networks, we thought we’d give a quick roundup of some of the more common mobile spam and abuse attacks, and how to recognise them. One common theme in mobile abuse is that much of it is fraudulent, i.e. they are trying to scam you to get money, so it’s really important to be aware of the tricks they use.
Premium-Rate Number Scams
This is one of the most common type of spam, and it can be quite pernicious. The idea is to send you a message that tricks you into calling back or replying via SMS. The number you call or send a message to is actually registered as “Premium-Rate” number, and you get charged much higher fees for that call/message on your bill. Even worse are the unscrupulous folks who sign you up for ongoing subscription services that charge you each time they send you messages. Most countries have a code of practice regulating these services, and most providers of these services are legitimate, however you do have watch out for messages (always unsolicited) like the following:
Hi, it’s me! Call me back on this number
Sorry I missed your call, can you get back to me on this number?
You’ve won a cash prize! Reply to 27361 to claim your winnings!
The most important thing, as with all spam, is to look out for (and be suspicious of ) messages from unknown numbers, and also be aware of the premium rate number prefixes in your country. Here are a few examples:
France – 0899
UK – 09
USA – 900
For a fairly comprehensive list of premium rate numbers, there is an article on Wikipedia.
Some of these will be trying to get you to reply to a premium-rate shortcode; the lesson here is that practically all shortcodes that are not provided by your operator will cost you money to send to them. So be very careful when replying to SMS messages, especially those that come from shortcodes (these are typically 4-6 digit phone numbers, but unfortunately they don’t normally conform to a standard prefix, unlike premium-rate phone numbers).
Phishing
Phishing is a term that is used to describe malicious senders impersonating a company or institution (usually ones you might have a financial or billing relationship with) in the hope of getting you to give them information which might help them defraud you of money. This usually takes the form of them luring you to a website which looks just like your bank for example, and then stealing your authentication (login) information. It can also lead to identity theft, or using your details to add premium services to your bill, etc. Even worse are the phishers who setup automated voice response systems that sound just like your bank – many people just don’t expect to be scammed in this manner.
Phishing can be quite hard to detect on a mobile, because many of us don’t question the trustworthyness of the SMS messages we receive on our mobile phone that claim to be from our bank, mobile phone operator, credit card company etc. We would encourage everyone to be suspicious of these types of messages, particularly if you aren’t expecting them. Some example SMS phishing messages we’ve seen in the past:
BANK OF THE XXXXXXXX urgent account notification, verify unusual activity, call 1800-###
Dear Customer we are sorry to inform you that we had to lock your XXXXXX Credit Union access. To reactivate it call ###-###-####.
Viral Hoaxes
Viral hoax messages are often sent around – these can be very annoying, but are not typically considered harmful. They attempt to get you to forward a message to all your friends, in return for some reward for yourself (financial or even as tenuous as “good luck”). Here’s an example:
Text Message Holiday Special: Forward to 10 friends for $25 credit!
The message normally comes from your friends, and so appears trustworthy, and this alone is often enough to encourage people to follow the instructions in the message. As usual, our advice is – distrust any message that seems too good to be true, as it almost certainly is!
Mobile Viruses
Viruses do exist in the mobile world, and although it’s true that today they are not as prevalent as they are on PCs, they are growing in sophistication and penetration, particularly with the rise of smartphones. Transmitting a virus in an SMS message is actually pretty difficult, but we’ve recently seen the first example of a virus that uses SMS messages to propagate itself (the SexyView worm).
Without going into the specifics of SexyView, which are covered extensively elsewhere, it’s worth being aware that an unsolicited SMS message containing a web URL that looks really enticing (e.g. “Britney’s bare-faced cheek!“, “Ronaldo and Paris – the video“, “Video of WWII bomber found on moon!“), may actually take you to a website that downloads a virus to your mobile phone. In the case of this particular worm, the message appears to come from your friends, so you do have to be particularly vigilant. This kind of threat is only going to grow in the future, and could even be used to turn your mobile phone into a spam-sending bot, of the type commonly found on PCs, which would have serious implications for your next phone bill.
We’ll almost certainly revisit this topic in future blogs, as sadly mobile abuse is only going to increase in the future – all too obvious when you think that mobile is by far the world’s largest addressable communication medium, and thus the most attractive target for the bad guys out there.
Neil