Get the latest report

Global Security Insight

SMS Abuse

SMS attacks continue to be a commercial threat, with Operators worldwide continuing to suffer the effects of SMS Fraud and Abuse on their networks.  The majority of SMS abuse appears as legitimate SMS messages, bypassing the simple firewall gateways that operators have deployed to catch signalling frauds.  Analysis of the range of SMS frauds within operator networks show the following characteristics:

  • Highly localised: targeting a single operator, or segment of an operator’s subscriber base in a single country.  These frauds will emulate legitimate operator notifications, or trusted institutions in the country but use fraudulent call back or short code numbers to collect revenue. For example:
    • Wachovia has limited your 4828xxxxxxxx card. To Reactivate Call 732572xxxx
  • Short duration: while the cost to run an SMS fraud attack has reduced with the continuing bundling of large SMS volumes in the last twelve months, SMS frauds are typically less than 24 hours in duration, as shown in the graph below.  This is to minimise the opportunity for log based fraud management systems to identify the attack.

  • Targeting wholesale arbitrage: many SMS campaigns may not target subscriber trust as a means to gain a return, but may affect the operator by having legitimate advertising messages or mobile content delivered via other countries to avoid paying bulk messaging rates. Indirectly, this erodes subscriber trust as it prevents personal opt-in controls over messaging, and encourages unsolicited spam.

The difficulty for an operator is that the source of these attacks is highly volatile, as the generation may be through technical compromise of an overseas network, exploitation of low wholesale rates, or through cheap SMS bundle packages.  A typical attack will last less than 72 hours, but will comprise more than 1 million messages. The animation below shows the how rapidly the sources of the attacks changed across a recent 30 day period as measured by our customers.

 
The complexity of the frauds varies as the networks in question respond to the probing from the attackers, moving from simple SRI scanning to identify legitimate subscribers through to more sophisticated attack patterns, as shown in this example from a 7 day period.

Premium Rate Content Services

While many content providers will adhere to the operator’s contractual terms, and national regulation, subscribers are still at risk from rogue Content Service providers who fail to provide sufficient clarity of ongoing charges, or who fail to immediately action opt-out messages from subscribers.

News + Events:
  • Telecoms and wireless companies travel to New Orleans conference  Read more
  • Mobile security is a big worry for the majority of phone users Read more
  • Rapid LTE Growth Leaves Security Gaps due to High Traffic, Lack of Security Stan Read more
  • 75% of consumers would pay more for privacy-protected apps Read more
 
close

Signup to AdaptiveMobile newsletters