As mobile users are more frequently pestered by SMS spam, one security vendor is applying its experience in stopping e-mail spam for mobile networks.
Cloudmark released on Tuesday a suite of services designed for operators to stop abuse on their networks, such as MMS (Multimedia Messaging Service) and SMS spam as well as malware aimed at mobile devices.
The suite, called MobileAuthority, combines several features and services that Cloudmark had offered individually, but now make more sense to offer as a suite, said Neil Cook, head of technology services for Europe.
The Sender Intelligence component of MobileAuthority allows operators to detect and then block mobile spam originating from either inside their network or from one of their partners. The filtering component looks for patterns in order to block spam, malware or phishing scams.
Cloudmark has also set up a managed security service with a team that will monitor a mobile provider’s networks for abuse and make adjustments in filtering in order to stop further problems.
As hackers and spammers see the potential for profit by hitting people with various scams over their mobiles, it’s likely they will proliferate, Cook said.
Mobile users in North America and Europe haven’t been inundated with as much spam as people in Asia, but it is on the rise. “We haven’t seen that much, although it’s now starting to get reasonably pernicious in North America,” said Hugh McCartney, Cloudmark’s CEO.
In India and China, 30 percent to 40 percent of messages sent to mobile users are spam. Cook said Cloudmark has seen quite targeted phishing attacks in Asia as well as North and South America.
Sometimes, the phishing attempt will take the form of an SMS (Short Message Service) message asking a person to call their bank. The number provided, however, isn’t the bank’s, but the scammers have replicated the voice prompts. The prompts will then ask for personal information, such as account details.
In Europe, premium-rate number scams are prevalent. A user will receive an SMS saying they’ve won a prize and are asked to reply with a short-code number, which then causes the person to be charged an excessive rate for sending that text message, Cook said. Other times, it could be a more common phishing attack, asking someone over SMS to visit a Web site on their PC.
Scammers are taking advantage of the fact that users tend to put more faith in SMS. “SMS is a much more trusted medium than e-mail,” Cook said. “They [scammers] get a better hit rate on it.”
And those scammers are also figuring out ways to send higher volumes of messages. Since mobile networks are closed off to the public, the environment is much different than how the public Internet works.
However, in regions such as Asia, scammers have been able to bribe their way into getting access to networks, Cook said.
“It’s a closed club, but that club is opening up,” Cook said.
In Asia, the cost of sending messages has fallen to nearly nothing due to intense competition between operations.
Spammers will buy lots of SIM cards and “tether” them together, sending masses of SMSs. Operators in Asia also have tended not to invest in security tools and instead been more focused on adding customers, Cook said.
For MobileAuthority, Cloudmark charges its customers per transaction; essentially, a small fee per SMS. For the reputation service component, Cloudmark will charge based on the size of the carrier’s network and the data it scans.