Mobile Spam Threat Worth Keeping a Watchful Eye
Right now carriers are doing the anti-spam lifting but things could change.
If smartphones morph into computing devices, as pundits predict, there may be one long-standing PC issue not in play: dealing with spam. At least, that is, as long as wireless carriers continue to do most of heavy lifting in keeping messages spam-free.
That's good news, given that most mobile users aren't too concerned about device and messaging security. A recent McAfee survey reported that more than three quarters of users don't have any security programs on mobile devices. In fact a majority (six of 10) surveyed expect mobile operators to take primary responsibility for protecting devices and data.
But enterprises shouldn't ignore the potential headaches mobile spam could create. After all, there is the possibility that carriers could shirk their spam fighting duties as filtering costs increase and spammers get smarter. There have already been signs of sophisticated phishing and spoofing events in which spammers are hacking carriers' internal messaging transit methods.
North American cell phone users, unlike those abroad and in Asia, pay for text messaging, so it behooves carriers to keep spam low. But if receiving messages becomes a free service, there could be a real onslaught scenario -- the likes of which 200 million Chinese subscribers experienced just a week ago.
"Right now we're in the very early stages of mobile spam issues because users are paying for text messaging both ways, and carriers view stopping spam as an important customer service," Jamz Yaneza, Trend Micro's research project manager, told InternetNews.com.
Last Monday, almost half of China's mobile phone user population began receiving spam messages from online advertising firms. The huge attack, now under investigation by China's State Council, impacted customers of the leading carrier, China Mobile, and China Unicom. In response, the providers have established support hotlines to handle consumer complaints.
Such a spam event is unlikely in the U.S. for several reasons, according to experts. One is increasing competition and keeping customer service levels high.
"A spam message here and there is mildly irritating and while people pay for it, they're likely not calling up and screaming for remittance. But carriers are cognizant of the fact that once users start to become dissatisfied they'll just switch rather than complain," Richi Jennings, lead analyst for e-mail security at Ferris Research told InternetNews.com. "Right now the wireless carriers are keeping a lid on it as they're motivated to keep the user experience good."
That lid is pretty tight at this point, despite what may appear to be huge figures when it comes to spam.
In 2006, U.S. consumers received about 800 million text messages identified as spam, according to Ferris Research. Last year that figure hit 1.1 billion.
"Our estimate for 2008 is 1.5 billion," said Jennings, explaining the figure represents spam that survived carrier filtering efforts.
But factor in the current 200 million mobile user base, and 365 days of the year, and the average spam impact is minimal.
The biggest spam threat with mobile devices, explained a security expert, is the transit of e-mails that are forwarded onto mobile devices. Lax security and a lack of good filtering on the enterprise network end could spur spam on the device end.
"The IT organization has to educate users about keeping on eye on suspicious messaging and it has to do a good job of securing its own e-mail and messaging systems that may be pushing e-mail to devices," Jamie de Guerre, CTO at messaging security firm Cloudmark, told InternetNews.com. de Guerre said that at least 25 percent of e-mails in transit to mobile devices are being detected as spam.
"Malicious attacks are coming. It's critical that companies make sure they're securing that e-mail heading to mobile devices."
Security News Solutions