According to Cloudmark’s 2012 Messaging Threat Report, there were more than 350,000 unique unsolicited mobile spam variants. The churn rate peaked in December with more than 53,000 unique variants alone. Spammers have favorite attack categories and frequently change individual messages to evade detection, producing the large number of variants.

Gift card offerings represented the most common unsolicited mobile spam, Cloudmark says, with 44% of the total. Then, iPhone and iPad giveaways followed with 11%. Payment protection insurance (PPI) compensation offers followed at 3%, particularly in the United Kingdom, appearing after legislators determined that refunds were due to loan recipients who had been mis-sold the insurance.

Cloudmark gathered the results through its GSMA Spam Reporting Service. Mobile users can report their unsolicited spam by forwarding it to 7726, spelling out “SPAM” with their keypad. Cloudmark then shares these reports with participating carriers along with detailed information on content and senders, enabling them to block numbers and reduce further spam.

“As opposed to e-mail, we often automatically trust that our SMS must come from someone we know or have done business with and attackers are well aware of this wide acceptance, using it to their advantage,” says Cloudmark CTO Neil Cook. “Our research is highlighting the growth of sophisticated mobile threats as new mobile technologies develop, and 2013 will see a rise in this sophistication.”

For example, the SpamSoldier Android Botnet purported to offer free versions of popular mobile games as it initially was seeded via SMS messages. Unknown to users, the downloaded game files included an initial loader program and a pirated copy of the game. When mobile users ran the game, the loaded program sent SMS spam, deleted itself, and installed the pirated game.

Additionally, SpamSoldier’s loader simultaneously added a filter to block incoming SMS messages, preventing users from being notified that they were spamming their contacts. During the period when the spam was first detected in November to when it was taken down in December, the spammer sent between 5 million and 10 million SMS messages, infecting several thousand mobile devices with the malware.

Affiliate Webcam Spam operates as spammers send out a sequence of SMS messages that appear to be one half of an interactive conversation. Spammers then coax mobile users into “conversing” by sending predetermined questions or answers to mobile users. From SMS, the spammers then entice users to converse on instant messaging and other platforms to ultimately lead them to a webcam site offering an affiliate program that pays $40 per sign-up.

Spam that promises free gift cards or trial devices like iPads require mobile users to provide privacy-compromising information via a survey and multiple click-throughs to various sites to qualify for the gift. Spammers then can extract the personal information to continue their spam campaign. Mobile users can qualify to receive the gift, but the associated costs often surpass the gift’s value.

Cloudmark offers five tips for avoiding unsolicited SMS spam:

  • Forward any spam texts to their carrier via 7726, spelling out SPAM on the keypad.
  • Do not text “STOP,” which only works with text alerts that users have legitimately signed up for. It has the reverse effect for spam texts, confirming that the number is live and encouraging spammers to continue targeting that phone.
  • Only download mobile applications from reputable app stores and read the terms of service closely.
  • Never respond to an SMS requesting login or other personal details, especially if it appears to be from a bank or other financial institution.
  • Speak to your mobile operator to see if you can set up content filters on your mobile account so premium rate texts can’t be charged and adult content can’t be displayed.

Cloudmark