Mobile Messaging Threat ReportAugust 2013

Spammers Target Specific Area Codes Disguised as User’s Carrier or Bank

This August, the United States saw the continuation of a highly targeted phishing campaign aimed precisely at specific geographic regions. These attacks have come in two flavors. The first, a form of account phishing, impersonates official SMS messages from each user’s carrier in an attempt to steal the victim’s login credentials. Isolated mostly to Austin, Texas, attackers seem to know with an alarming degree of accuracy exactly which carrier each victim in Austin uses. Their message is tailored to impersonate that carrier instead of blindly flooding sets of numbers.

Another run of phishing attempts is using the recipients area code to custom tailor their bank phishing messages. Live in Phoenix or Mesa, AZ? Phishing messages to your phone try to pass off as SMS from Arizona Federal Credit Union. Members of San Antonio see SMS imitating another regional bank, Generations Federal Credit Union. Central Georgia and several other non-metropolitan areas seem to be stricken with a more blanketed form directed at pre-paid debit cards issued by a government benefits program, social security.

Figure 1
Figure 2

PPI Compensation scams in the UK follow a similar vein on a national scale. A set of fines levied by the UK’s Financial Services Authority for Payment Protection Insurance abuse has resulted in compensation for those who were mis-sold the insurance. Enterprising spammers have extended promises of such payouts to UK numbers. Luckily, these scams only aim to appropriate personal information for resale and marketing.

Wide-spectrum financially themed SMS spam is still alive and well on a global scale though. Payday loan spams alone contributed to approximately 36% of all SMS spam this month. Altogether, spam and scams using financial hooks (highlighted with green in Figure 3) accounted for 70% of SMS reports.

Figure 3

During August of 2013, SMS spam and scams:

  • Directed users to URLs in 56% of cases;
  • Used phone numbers for 18% of pitches;
  • Asked 26% of recipients to reply directly via SMS.

Cloudmark August 2013 - Mobile Messaging Threat Report (523KB)

back to top

Cloudmark August 2013 - Mobile Messaging Threat Report (523KB)

Cloudmark is a trusted leader in intelligent threat protection against known and future attacks, safeguarding 12 percent of the world's inboxes from wide-scale and targeted email threats.

With more than a decade of experience protecting the world's largest messaging environments, only Cloudmark combines global threat intelligence from a billion subscribers with local behavioral context tracking to deliver instant and predictive defense against data theft and security breaches that result in financial loss and damage to brand and reputation.

Cloudmark protects more than 120 tier-one service providers, including Verizon, Swisscom, Comcast, Cox and NTT, as well as tens of thousands of enterprises.

Site Map  •  Privacy Policy  •  ©2002–2017 Cloudmark, Inc.