If you have a smart phone with a QR reader, then you can scan the QR code below and it will prepare a text message with the text “HELP” to send to the short code 7726 (S-P-A-M).

If your mobile operator supports reporting text spam to 7726, then you should get back a text that confirms that 7726 is for spam reporting.

If you don’t have a smart phone, or a QR reader, you can still test it out.  Just type the word HELP as text message and send it to 7726.

If you don’t get a message back, it may be that your mobile provider uses a different short code or they may not have implemented spam reporting yet.  In which case, you should refer to their website to find out the recommended way to report spam.

Always remember that spam is unsolicited, unwanted messages from someone you don’t know.  If you signed up for the text messages, then you should be able to unsubscribe by replying “STOP” to any message they send you.

Cloudmark’s drive to equip users with the power to report messages they didn’t sign up for (using the 7726 (S-P-A-M) GSMA service) and protect mobile users from spammy text messages,  means that we spend a lot of time thinking about the negative content that gets sent by spammers.

So it’s nice to be reminded that text messages have a lot of power to be used for good.

I love this story from tatango’s SMS marketing blog.  The Boy Scout National Jamboree allowed parents and scouts to sign up for text message updates.  They then used text messaging to keep in touch and send updates.  They sent the scouts messages like: “As u head back, stay with the group or at least a buddy. Remember to go left at the asphalt road and head back.”

They were also able to let parents know that a tornado that touched down in DC, hadn’t impacted the Jamboree and that everyone was ok, minutes after the tornado passed through.

It’s a really nice example of the positive power of  text messaging.  You can check out the full story here: http://www.tatango.com/blog/tatango-customer-spotlight-boy-scout-troop-831/

Cloudmark provides spam and abuse filtering for email, text messaging and social networking traffic.  So in addition to encouraging email senders to follow good email sending guidelines, we also want text message senders to follow good text message sending guidelines.

Over on tatango, which is an SMS Marketing Blog, they have a good write up today on making sure that your text messaging marketing is compliant with the Mobile Marketing Association’s (MMA) Consumer Best Practices. (See: Lessons Learned From Trump Mobile Alerts)

Just like in email, senders need to tell people up front and make it very clear, what they’re going to be sending people and how often they’re going to be sending it.   And senders need to check that the phone number a person signed up with is actually their phone number and not someone else’s phone number.  Just like senders should confirm that the email the person signed up with is their email address and not someone else’s.

Unlike email, some people get charged per message for each text message they receive.  Plus their phone is going to beep or buzz when the message arrives.  So senders better make sure the person wants that SMS.

Spam buttons have been available in email clients for a long time and when people get annoyed by email messages they don’t want, they often mark the email as spam.  Although many people aren’t aware of it, some mobile providers also have a system for reporting unwanted SMS text messages.  The process differs by operators but can be as easy as people forwarding unwanted SMS text messages to “7726” (S-P-A-M).

Of course, if a person legitimately signed up for an SMS message, and they trust the sender, they should be able to unsubscribe by replying STOP to the sender.  If the sender is playing by the rules, no further SMS messages should come from that sender.

Cloudmark is involved in an initiative with the GSMA to collaborate with operators globally on the war against SMS spam. See: http://www.gsmworld.com/our-work/mobile_lifestyle/spam/spam_reporting.htm for more details.

In summary, text messages senders should check to make sure they’re following all the rules and only sending to people who know what they’ve signed up for.  Because 7726 and similar services, are going to let the Mobile providers see which senders are not playing by the rules.

Following on from our press release on the new MobileAuthority solution for mobile networks, we thought we’d give a quick roundup of some of the more common mobile spam and abuse attacks, and how to recognise them. One common theme in mobile abuse is that much of it is fraudulent, i.e. they are trying to scam you to get money, so it’s really important to be aware of the tricks they use.

Premium-Rate Number Scams

This is one of the most common type of spam, and it can be quite pernicious. The idea is to send you a message that tricks you into calling back or replying via SMS. The number you call or send a message to is actually registered as “Premium-Rate” number, and you get charged much higher fees for that call/message on your bill. Even worse are the unscrupulous folks who sign you up for ongoing subscription services that charge you each time they send you messages. Most countries have a code of practice regulating these services, and most providers of these services are legitimate, however you do have watch out for messages (always unsolicited) like the following:

Hi, it’s me! Call me back on this number

Sorry I missed your call, can you get back to me on this number?

You’ve won a cash prize! Reply to 27361 to claim your winnings!

The most important thing, as with all spam, is to look out for (and be suspicious of )  messages from unknown numbers, and also be aware of the premium rate number prefixes in your country. Here are a few examples:

France – 0899

UK – 09

USA – 900

For a fairly comprehensive list of premium rate numbers, there is an article on Wikipedia.

Some of these will be trying to get you to reply to a premium-rate shortcode; the lesson here is that practically all shortcodes that are not provided by your operator will cost you money to send to them. So be very careful when replying to SMS messages, especially those that come from shortcodes (these are typically 4-6 digit phone numbers, but unfortunately they don’t normally conform to a standard prefix, unlike premium-rate phone numbers).

Phishing

Phishing is a term that is used to describe malicious senders impersonating a company or institution (usually ones you might have a financial or billing relationship with) in the hope of getting you to give them information which might help them defraud you of money. This usually takes the form of them luring you to a website which looks just like your bank for example, and then stealing your authentication (login) information. It can also lead to identity theft, or using your details to add premium services to your bill, etc. Even worse are the phishers who setup automated voice response systems that sound just like your bank – many people just don’t expect to be scammed in this manner.

Phishing can be quite hard to detect on a mobile, because many of us don’t question the trustworthyness of the SMS messages we receive on our mobile phone that claim to be from our bank, mobile phone operator, credit card company etc. We would encourage everyone to be suspicious of these types of messages, particularly if you aren’t expecting them. Some example SMS phishing messages we’ve seen in the past:

BANK OF THE XXXXXXXX urgent account notification, verify unusual activity, call 1800-###

Dear Customer we are sorry to inform you that we had to lock your XXXXXX Credit Union access. To reactivate it call ###-###-####.

Viral Hoaxes

Viral hoax messages are often sent around – these can be very annoying, but are not typically considered harmful. They attempt to get you to forward a message to all your friends, in return for some reward for yourself (financial or even as tenuous as “good luck”). Here’s an example:

Text Message Holiday Special: Forward to 10 friends for $25 credit!

The message normally comes from your friends, and so appears trustworthy, and this alone is often enough to encourage people to follow the instructions in the message. As usual, our advice is – distrust any message that seems too good to be true, as it almost certainly is!

Mobile Viruses

Viruses do exist in the mobile world, and although it’s true that today they are not as prevalent as they are on PCs, they are growing in sophistication and penetration, particularly with the rise of smartphones. Transmitting a virus in an SMS message is actually pretty difficult, but we’ve recently seen the first example of a virus that uses SMS messages to propagate itself (the SexyView worm).

Without going into the specifics of SexyView, which are covered extensively elsewhere, it’s worth being aware that an unsolicited SMS message containing a web URL that looks really enticing (e.g. “Britney’s bare-faced cheek!“, “Ronaldo and Paris – the video“, “Video of WWII bomber found on moon!“), may actually take you to a website that downloads a virus to your mobile phone. In the case of this particular worm, the message appears to come from your friends, so you do have to be particularly vigilant. This kind of threat is only going to grow in the future, and could even be used to turn your mobile phone into a spam-sending bot, of the type commonly found on PCs, which would have serious implications for your next phone bill.

We’ll almost certainly revisit this topic in future blogs, as sadly mobile abuse is only going to increase in the future – all too obvious when you think that mobile is by far the world’s largest addressable communication medium, and thus the most attractive target for the bad guys out there.

Neil