Crackdown on SMS spammers could boost use of SIM mules

A continued crackdown on SMS spammers could induce them to use "mules" to do their dirty work, according to a security expert.

That's because as enforcement agencies like the Federal Trade Commission (FTC) put the heat on domestic SMS spammers, they'll be forced offshore to ply their pernicious trade, explained Andrew Conway, a threat researcher with messaging abuse solutions provider Cloudmark in San Francisco, which fights SMS spam through its security products.

ftc logo

"We may end up seeing mules—dupes recruited in the U.S. to run the operation—while the brains stay offshore," he said in an interview. "That may happen if we continue to see legal action."

Such legal action occurred last week when the FTC filed eight complaints in court cases around the country against 29 defendants accused of sending more than 180 million junk text messages to consumers, many of whom had to pay for the messages.

The unsolicited squibs promised consumers gift cards or prizes, including gift cards worth as much as $1000 from major retailers such as Best Buy, Walmart, and Target.

To obtain the gifts, consumers were instructed to click a link in the spam message they received. The link would take the target to a website where sensitive personal information was wheedled from them, and they never received the gift cards.

"Today's announcement says ‘game over’ to the major league scam artists behind millions of spam texts," Acting Director of the FTC’s Bureau of Consumer Protection Charles A. Harwood said in a statement. "The FTC is committed to rooting out this deception and stopping it," he added.

Crackdown will shift turf

While lauding the FTC's action, Cloudmark's Conway noted it may just force the scam artists to manage their stateside operations remotely.

"We're pleased to see the FTC action," he said. "The gift card scam was one of the largest forms of SMS spam that we've seen over the last year."

sms phishing smishing

When the U.K. broke up one of these large SMS operations in the past, he continued, it decreased the volume of the spam but it didn't eliminate it.

"We applaud the legal action, but it's not the final solution to the problem," Conway said. "It may drive some of them to seek alternative forms of monetization and drive some of them offshore."

Spammers working offshore would likely use mules to do the heavy lifting on the mainland, he said.

A mule's task

Mules would buy SIM cards for a SIM card box that could be connected to a computer and be used to send out thousands of spam messages.

"That's been the easiest way to send SMS spam since the carriers began offering unlimited texting plans," Conway maintained.

With email spam volumes declining for a number of reasons, including a decline in their effectiveness, SMS spam and its sibling SMS phishing, also known as "smishing," have been on the increase.

However, carriers have been trying to stay ahead of the problem. In 2011, for example, they began participating in a program proposed by the GSMA to collect spam information from consumers and use it to fight spam on their networks.

Consumers who wish to become spam fighters should forward suspected spam SMS messages to 7726, which is "spam " on a phone keypad.

Subscribe to the Security Watch Newsletter

Comments