Back in the early days of mobile spam, SMS messages bearing promises of cheap home loans or testing and keeping new phones were fairly few and far between. With the rise of affiliate marketing, where somebody could be paid to run spam for somebody else, SMS spam took off around 2012. According to a report that AT&T gave the FCC, this was partly due to the ease of obtaining a cheap SIM card with unlimited SMS messaging available. Protections were put in place, to an extent, with reporting and SIM blocking available, but the spam wasn’t going to be stopped that easily, with thousands of spammers out there using various means to get their message out.
Spammers these days face increased protections, but also have a few new ways to propagate their spam. While SMS spam is now mostly auto-detected, spammers can now build out botnets, webs of infected phones or email accounts that they’ve taken control of. Countless types of malware also populate the web, with new ones being developed as fast as exploits can be found to get them into devices’ systems. Compromised mobile devices are, of course, not the only culprits; desktop-based SMS tools are widely available now, leading to spam via those avenues. Naturally, a mobile device can also be spammed via push notifications from compromised apps or those made to hide spam within. One of the most prominent spam methods out there, using what’s known as “over-the-top messaging”, is used for services like Whatsapp and Facebook Messenger, but also powers the wide range of spam messages from shortcode numbers bearing messages like jackpots won, vacations offered and “limitless” pills available. AT&T’s report states that about 1 percent of all SMS traffic out there is over-the-top spam. The report also mentioned a phone spam attack that managed to shut down AT&T service for a day in Charleston, West Virginia.
Speaking on possible best practices for defenses, AT&T started by stating their policies in regards to blocking SMS spam. Their threefold protection includes a database of blacklisted numbers, an SMS sending limit per number and content filters to find spam, utilizing both A.I. and human workers. AT&T points to their own statistics, showing about 760,000 blocked messages out of roughly 750,000,000 sent each day on their network. They go on to call for new regulations and blocking methods for all providers, as well as the continuance of the industry’s collective development on a new method of identifying and blocking mobile spam. They also point out that providers, both in mobile and email, should be filtering spam internally and at the source, watching outbound messages as closely as inbound and applying the same algorithms to detect spam. Essentially, with spam growing more diverse and more common, AT&T has called for the mobile and web industries to come together to fight spam.