Spam reporting pilot reveals truth about SMS spam

Europe has highest level of “adult” spam, but most spam is financial fraud

The GSMA has released a few details of a pilot spam reporting service that ran from March to December 2010. The pilot of the Spam Reporting Service gave users the ability to report unwanted messages using a shortcode. Information was then stored and held in a centralised database, so that operators could share information on security threats and methods to combat them.

Mobile Europe first reported on the launch of the service, which is operated by Cloudmark on behalf of the GSMA, in March 2010.

The pilot analysed SMS traffic and identified and aggregated reports of misuse submitted by consumers to participating networks via a short code. The GSMA said that analysis of the pilot data indicated that spam is found across all networks, and at levels higher than originally anticipated – although no absolute numbers were released. Financial fraud was the highest reported type of spam.

Attackers are using “sophisticated message modification techniques” and transmitting low volumes of messages from each sending number to avoid detection over a long period of time, the GSMA said. Their methods vary across different regions, making global collaboration even more critical to combating this issue. Further findings show that most spam originates on-network, followed by peer networks and then through internet services.

The GSMA has said that overall, across the USA, Asia and Europe, 70% of the reported spam was of a financial nature. Just under 10% of spam was adult in content. However in Europe, In Europe, approximately a quarter of reports related to fraudulent lottery, loan and insurance claim services and a fifth were adult in nature.

There were three main types of fraudulent financial spam: phishing attempts using a fraudulent url or “call centre” to attempt to harvest user details, social engineering scams such as loan or gambling scams, and premium rate fraud.

The idea of the reporting service is to provide consumers with an easy way to report spam, and operators with the best methods to identify and manage spam, as well as share information with each other.

Although initially the pilot was intended to run for three months, it in fact ran from March to December in conjunction with AT&T, Bell Mobility, KT, Korean Internet & Security Agency (KISA), SFR, Sprint, and Vodafone. Pilot users could report spam using the short code 7766 (SPAM), where local numbering plans allowed, or 33700.

Â