In the past decade, there has been a substantial rise in the use of SMS (Short Message Service), aka texting, as a tool for marketers to promote their products and services through mobile messaging.
In the Digital World, almost everyone can be reached through text messages. In fact, text messages are much more likely to be read than emails, having a higher average open rate compared to that of emails. Spam directed to email inboxes often goes straight to the junk folder and is never read, whereas text messaging spam is almost always viewed by the receiver. It is easy to fall victim to shady links delivered via text message—common indicators you’ve been taught to look out for on your desktop often either don’t apply to mobile or aren’t as easily identifiable on a mobile device. Don’t panic just yet. We’re here to help you learn to differentiate between legitimate messaging and spam messaging on any device.
Common Types of Spam
There are six main types of risks when it comes to mobile messaging scams. Those risks include phishing, malware, financial scams, the promotion of adult content, counterfeit offers, and other deceptive affiliate offers.
Phishing and malware are often identified as the most serious, as they can expose your device to harmful viruses and your personal information to fraudsters. Phishing is a fraudulent message that prompts consumers like you to provide personal information to what appears to be a legitimate company but is actually fake. For example, you may receive a text message from a phisher posing as your bank; if you click the link in the message, you will be directed to a phishing site that may appear identical to that of your bank’s actual website, but the information being asked of you in the “bank’s” form has you list out your full debit card number, ATM pin, CVV, mother’s maiden name, answer to your secret question, etc. For security reasons, your bank will never require you to provide this information in a web form.
Phishing attacks may also deliver malware to your device, enabling cybercriminals to control your device remotely, spy on your activities on your device, or encrypt your data. Malware is software that is intended to damage your device, and your device can become infected with malware by clicking on malicious links you find delivered through spam messaging.
Financial scams target consumers looking for resources that involve student loans, payday loans, work-from-home opportunities, and the like. Often, these scams involve document preparation services that offer assistance packaging loan consolidation, repayment, or forgiveness documentation for exorbitant prices. Essentially, these scammers charge unknowing consumers outrageous prices for what is otherwise a free service.
Adult content is unsolicited explicit or pornographic content. Are you receiving late night text chat messages from a service you never signed up for? Is your ten-year-old daughter receiving graphic images on her cellphone? Adult content spam should never go unreported, and with this spam type, the risk goes well beyond data exploitation.
Counterfeit offers are when the URL in the message directs the user to a website that is selling products with too-good-to-be-true discounts that can steal your information or send you a different item than the one you purchased. Perhaps you’ve seen Michael Kors handbags advertised for 85% off the original price, or Rayban sunglasses offered for only $9.99—you guessed correctly, those are prime examples of counterfeit offers.
Deceptive affiliate offers also involve those too-good-to-be-true scams—think of the products promising 20-pound weight loss in one week or shady pharmaceutical advertisements pushed by online pharmacies. By clicking on links for deceptive affiliate offers, you’re helping line the pockets of fraudsters looking to make a quick buck. Those fraudsters earn money for every link clicked. As always, when in doubt, don’t click!
Although some messages may be more bothersome than harmful, nobody wants to receive spam and potentially be charged messaging or data rates for these messages.
How to Identify Spam
Differentiating between these threats and legitimate messages can sometimes be difficult, especially when the attack was carried out by a sophisticated cybercriminal. Here are some threat indicators to watch out for on mobile devices:
Sense of Urgency – Message is in all caps and seems extremely urgent, e.g., “HURRY, JOIN NOW!” These messages are trying to grab your attention and scare you into thinking you need to enter personal information or risk being locked out of your account.
Vague Message Introduction – Spam is usually sent out in mass messages and therefore uses generic phrases in the beginning of the message. For example, “Dear customer...” More sophisticated scammers use your name, but it is more common to see less personal introductions.
Spelling or Grammatical Errors and Randomly Placed Punctuation – Scammers often have to get creative with the URL they are sending out because they are trying to make it look as much like the website they are impersonating, e.g. “Fa=cebook.com.” This is an example of typo-squatting. Receivers of messages should always examine the link or scroll over the hyperlink to check if the entire link looks like it will lead to a legitimate site.
Request for Personally Identifiable Information (PII) – If the message asks the user to provide personally identifiable information, or PII, such as your social security number (SSN) or credit card information, the message is likely spam. Legitimate companies will not ask for PII over unsecured messaging systems—like SMS—or email.
You Can Protect Yourself!
Do not click on URLs you receive before examining the entire link . If a message seems like a scam, you can report it to organizations like SpamResponse that investigate reported spam messages. You may think that simply blocking a number will stop the spam from reaching you, but spammers often use numerous phone numbers to distribute unsolicited content and bypass filtering mechanisms.
Spammers’ tactics evolve daily and are becoming more complex and prevalent. Just as you remain aware of your surroundings in the Physical World, it is important to remain vigilant about the type of content you interact with in the Digital World. If you are in doubt of the legitimacy of your messaging content, you can report it to SpamResponse and we’ll investigate potential threats for you.