The unique reach and ubiquity of Mobile Messaging, particularly SMS, has turned it into an integral part of everyday life for millions of people around the world. It has also become a valuable marketing and communications tool for organisations from hairdressers to multinational conglomerates and even schools and colleges. However, these same benefits have proved attractive for the mobile industry’s dark side. In recent years many of us have received messaging spam from mis-sold PPI to unsolicited text from unknown sources; the problem seems to increasing. In fact, with a recent report from the University of Minnesota and AT&T Labs revealing that more than two-thirds of mobile phone users received SMS spam last year, there is no denying that these kinds of attacks are creating a headache for mobile phone users and operators alike.
Perhaps more worrying is that mobile malware, designed to make its creator a profit, is also on the increase. According to security firm F-Secure’s 2013 Threat Report, of all Android malware seen in the first half of 2013, 77% was profit motivated. The report highlighted the rise to prominence of the Stels malware, which works to steal mobile Transaction Authentication Numbers (mTANs) for banking logins via SMS.
Cyber security professionals have claimed that hackers and fraudsters are finding it increasingly easy to access a mobile user’s chat logs and phone data, including location, contacts, mail and much more. This was echoed in a recent article from the Next Web, reporting that messages sent over popular Asian Messaging App, Line, are vulnerable to third party interception. Sounding this warning, at a recent Hackers conference in India, a team of young hackers demonstrated how easy it is to decrypt text messages sent through a Chinese messaging app1.
With an open rate of 95%, compared with email’s 20%, it is no surprise that we have seen an explosion in mobile marketing from both a consumer and enterprise application perspective. Legitimate businesses are bursting onto the mobile marketing scene attempting to carve out a unique position, niche or vertical, but unfortunately spammers, scammers and fraudsters are doing the same, giving rise to a constant flood of unsolicited traffic. To put this further into perspective, Acision’s findings show that, on average, 5% of all messages are spam or fraud related, while the GSMA reports that this number may be as high as 20%. Illegitimate messaging traffic can originate from a range of sources, including peer-to-peer traffic, application traffic and traffic from black market SIM boxes (or SIM farms) and other (foreign) networks. Some traffic or message content also contravenes operator agreements or violates content provider regulations and local laws.
As mobile users continue to rely on mobile messaging and chat applications, the threat of mobile fraudsters, spammers and scammers is likely to remain, as they seek new avenues to target users. Therefore, finding a solution that ensures leaks from unsolicited services are plugged as effectively as possible is more important than ever. Such an approach not only guarantees correct charging for services but also prevents the abuse of inter-operator agreements.
With greater emphasis on the operator to protect their customers and ensure revenues stay high and churn levels low, mobile operators must now have a holistic solution that detects and prevents all fraud and spamming techniques. They must put in place solutions that not only help protect their subscribers, but also protects their network in order prevent revenue loss and comply with industry regulations. It should also be a multi-layered solution that can be delivered at a network level, effectively filtering a range of potential threats, from fraud to phishing attacks and everything else in between. It should also operate across the dizzying array of technology, core networks, messaging platforms, operating systems and handset variations.
With these solutions being in place, there is greater opportunity for operators to fight back against this illegitimate traffic and gain real control for the sake of their subscribers and networks.