Spam and malicious text messages pose a far bigger threat to consumers and businesses than email spam, researchers said.
That is because there are six million spam texts sent everyday in the UK, according to security firm Cloudmark, which runs the global spam reporting service on behalf of the GSMA, an association of mobile operators and related companies. On top of that, the problem is getting worse due to a number of converging factors driving attackers to mobile spam.
The firm’s chief technology officer, Neil Cooks said the idea people are far more likely to open text messages than emails poses a major problem.
“The open rate for an SMS is 80-90 percent within a minute, whereas email you may not look at all day,” he said. “As a result it is far easier to get someone to open a message telling them to ring a number or visit a website than on email.”
He also said people are still not as wary about messages they receive on phones as they are via email.
“The phone is a more trusted medium, which is why we see more fraud as opposed to bulk spam selling, because fraud is much more easily monetized by getting people to ring a premium number from the text, or visit a malicious website,” he said.
“There’s not so much screen real estate so it’s harder to tell what is a phishing message or something genuine.”
Cook also said the high-end capabilities of smartphones and new, IP-based 4G networks, are ideal for criminals to compromise, something that is posing fresh concerns for operators.
“As more people move from fixed to mobile broadband and smartphones then problems from botnets and viruses are moving from PCs to smartphones so there is the potential for real issues here,” he said.
Cook also said the bring your own device (BYOD) trend as a major risk to enterprises that fraudulent texts pose, saying it only takes one handset to be infected to put an entire organization at risk.
“BYOD is a big issue. One of the new areas we’re getting into is helping protect phones from going to malicious websites or calling malicious phone numbers, which is an increasing concern as that’s a route to infect your phone or steal company secrets,” he said. “You only have to have one person infected with a phone running an application key logger or sending company data.”