SMS Spam and Mobile Messaging Attacks Introduction ... - GSMA

More documents

Recommendations

Info

GSMA Spam Reporting Service SMS Spam and Mobile Messaging Attacks - Introduction, Trends and Examples January 2011 3 Types of mobile spam attacks and examples As discussed in the introduction attackers targeting the SMS channel have already gone way beyond simple unsolicited spam messages. The need to keep volumes low to avoid detection has given rise to a number of sophisticated attacks that yield a high permessage return. 3.1 Types of mobile messaging attacks The various types of mobile messaging attacks seen in networks today are: 1. SMS Spam – This is the most basic form of attack where unsolicited messages are sent to subscribers for mass advertising and Social Engineering Viral Hoaxes. In a recent attack in the US subscribers were encouraged to forward the message to all of their contacts in return for $30 off their next bill. 2. Premium rate fraud – Unsolicited messages that trick subscribers to call premium rate numbers or sign up for subscription services that are charged to the bill. Some UK and France examples – (1) You have been chosen at random at 9.56 AM and won the check n°409248 ! Call the 0899XXXXXX to know the exact amount and to cash! Thank you ! (cts 1.35€+0,34mn). (2) Hi, it’s me !I’m still waiting for your call. I hate when you don’t call back. Gimme a call at 0899XXXXXX. South African Spam Example that Originated from MTN Nigeria - “CONGRATULATIONS! YOUR CELL NO.HAS WON 500.000 POUNDS IN THE ONGOING SONY ERICSSON MOBILE PROMO.FOR CLAIM CALL +447045754969 & EMAIL: sonyericsson-inc@europe.com”. This message originates in MTN Nigeria from +23480300085500. The Australian courts recently convicted a fraudster who tricked subscribers into making AUS$4m worth of premium rate calls using a dating scam. Only 1.8m SMS messages were sent, giving a return of AUS$2.40 per message. 3. Phishing (including SMShing) – Unsolicited messages asking subscribers to call certain numbers to extract confidential information, which is then used for other purposes. For example: BANK OF THE CASCADES: urgent account notification, verify unusual activity, call 1800-####. When the subscriber called back, the automated system obtained personal information from caller. There were 10 unique attacks in 1 day with small volume per attack (5-15K messages) which escaped volume based controls and could only be detected by content based checking. The customer care costs for one North American operator were around $500K per month.
GSMA Spam Reporting Service SMS Spam and Mobile Messaging Attacks - Introduction, Trends and Examples January 2011 4. VASP Abuse – Unsolicited messages sent to subscribers from services providers for marketing purposes. In many countries this is regulated and prosecutions against attackers have begun to increase. 5. Mobile Malware including Bots spreading via messaging – Malware, short for malicious software, is software designed to infiltrate a mobile device without the owner’s informed consent. Typically this involves mobile messages sending links to and asking to download executables that are harmful and lead to application exploits. Three of the most common forms of malware include: - Virus: A malicious computer application that is able to reproduce itself. It can only infect a new host if it is distributed to the host through some means outside of the capability of the computer program. - Worm: Self-propagating malicious computer program. It uses some means to send copies of itself to other nodes on the network. A worm can spread and infect many hosts very quickly in a networked environment. - Trojan: A computer program that doesn’t replicate, but instead enables hackers un-authorized access into the infected host. Keystroke loggers are a severe form of a Trojan. Customers of Santander bank were recently targeted in an attack where PC botnets were used to harvest customers’ internet banking and mobile phone details which, in turn, were used to send a virus to their mobile phones. Once the phone was infected the attackers were able to authenticate internet payment instructions using the code sent to, and captured from, the mobile device, removing thousands of dollars from customer accounts. 6. Acceptable Use Policy Violations - Subscriber generated abuse in violation of acceptable use policy for type, content and volume. Subscriber groups could include users that are underage, part of a restricted corporate HR policy or data plan, or restricted due to time of day. E.g. Underage children accessing pornographic content, corporate users forwarding personal emails to colleagues wasting company time and money, or opening up pornographic content on their business accounts.
Page 1 and 2: SMS Spam and Mobile Messaging Attac
Page 3 and 4: GSMA Spam Reporting Service SMS Spa
Page 5: GSMA Spam Reporting Service SMS Spa
Page 9 and 10: GSMA Spam Reporting Service SMS Spa
Page 11: For further information please cont

SMS Spam and Mobile Messaging Attacks Introduction ... - GSMA

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?