It’s not just you, SMS spam is a nightmare right now
No, it’s really not just you. There is more spam than ever. It doesn’t matter where you live or what phone you have, spam trying to extort money from you is everywhere. They vary between convincing and not at all convincing, and are often a seemingly endless and boring interruption.
Why do these messages keep popping up, what are they trying to gain, and how much of a problem is it?
Research from spam call and SMS blocking company RoboKiller indicates SMS spam in the United States increased by 28% between February and March alone this year, with an almost unfathomable number 11 billion spam messages sent in March. That’s the most the company has seen since setting its records in 2017, and puts 2022 on target to easily beat 2021’s estimated total of 86 billion spam SMS messages sent.
TrueCaller, a caller ID and spam blocking service, puts the average number of unwanted text messages received by a person in the United States at the rate of 16.9 messages per month. Similarly, huge numbers are seen all over the world. In mid-2021 in the UK, Ofcom, the country’s telecommunications regulator, said that 45 million people had received a spam SMS over a period of three months.
The huge numbers involved mean that even if only a tiny percentage is tricked into clicking on a link in the message, many people are opening themselves up to a scam and potentially having their money stolen. In the Ofcom report, it is stated that 2% of the 45 million people who received a spam message interacted with it, or about 900,000 people.
The exact true cost of SMS fraud is not known, but data from TrueCaller estimates that 59 million people in the United States have lost money to a phone scam (i.e. i.e. SMS and calls) in 2021, while a report of Strategy and javelin research showed that identity theft scams, which originate from text messages, calls and emails, had a cost per victim of $1,029 in 2021.
You’ll probably be more aware of spam SMS messages that claim to be from a known or reputable company, with a link to follow to correct a problem or collect a prize. Attractiveness is usually related to money, a product waiting for you, or a desirable service. But how do they achieve this goal? Understanding this is a big step forward in avoiding getting scammed by SMS.
Cybersecurity company Malwarebytes has a great breakdown of a common spam SMS message you may have seen recently. Supposedly from the US Postal Service, the message will tell you that a package could not be delivered and you should follow a link to arrange delivery. Similar spam can come from other delivery and courier companies, or be related to service cancellations, insurance or medical bills.
The average amount lost to scams like this is £4,500, or around $5,850
The link may lead to a convincing but bogus website where you will be asked to fill in your personal information and possibly pay a fee, which is supposed to be redelivery in the case of US Postal Service SMS. This is all a scam, designed either to collect your personal data so that it can be used for other scams or sold to other scammers, or to directly collect money fraudulently.
A study carried out in October 2021 by the British bank TSB found that 81% of fraudulent SMS messages were related to deliveries and highlighted another mode of operation of these scams. If you follow the link and provide your details, the scammer can then call you and pose as your bank’s fraud team, trying to persuade you to put your money in a fake “secure account” after completing the fake delivery form. The bank says the average amount lost to scams like this is £4,500, or about $5,850.
“Clicking on a link in a text message may seem like a small act, but it could be the start of stealing your savings,” said the director of TSB’s fraud prevention team. told the Guardian.
Do you think you can always recognize a spam SMS? Some can be very convincing, and when you’re busy or expecting a similar authentic message, it’s pretty easy to get tricked. The three messages you see below are examples of spam SMS messages sent to one of our editors and give you a good idea of what to look for.
The Amazon Prime message is grammatically compelling, correctly spelled, and entirely believable. However, the giveaway that it’s wrong – apart from the fact that Amazon won’t send you an SMS message like this – is the use of a URL shortener, which hides where the link will actually take you if you click on it. This will not be Amazon’s website, but a fake version designed to collect your information, just like the US Postal spam message described above.
The Netflix post is notable because it uses non-standard fonts. These are designed to bypass spam filters on your phone network. So, even if the message seems strange to us, it will not be automatically picked up by an automated filter. It’s the same tactic for spam that arrives with uneven spacing between characters.
At the network level, it is very difficult to stop SMS spam. Verizon recently described the steps it has taken to thwart SMS spam before it reaches your phone. Tools include network monitoring to identify unusual activity from new numbers, as well as filters to block messages. Verizon claims to have blocked a grand total of 20 billion spam calls from reaching phones, but does not list how many messages it has blocked.
Unfortunately, it’s relatively easy for criminals to set up a “SIM farm” to send multiple spam messages, so no matter how many messages are blocked, there are usually more just behind them. UK consumer watchdog group Which? writes the following in his overview of the spam problem:
“Basically, scammers can use computers to generate number combinations and send mass messages using ‘SIM farms’, devices that mine multiple SIM cards at once. Equipment and software are available online, and anyone can get cheap paid SIM cards with unlimited free texts.
Random numbers sending spam text messages are one thing, but scammers are smart. Many messages arrive and appear to be from legitimate companies, increasing credibility and the chance of success. This is due to the way mobile networks work and a specific protocol called Signaling System 7 (SS7), which can be exploited to show a different number than the one used to contact you.
According to network security and fraud experts BICS, a Brussels-based company, speaking to the BBC about the matter last year, the networks are still dependent on SS7 and are probably another 10 years.
What can you do?
The risk of not receiving spam text messages is extremely unlikely, given the massive amount sent every day and the established technology exploited, but you can take steps to make sure they don’t become an annoyance, or worse, that you fall victim to them.
Report SMS spam on your network, then block the number. Report spam by forwarding a message to the number 7726, which can be remembered because it spells SPAM on an alphanumeric keypad. Fortunately, this number applies to people all over the world, but check with your carrier if you are unsure. There are also subscription services, such as RoboKiller and TrueCaller, available if spam becomes a serious problem for you.
Technology aside, making sure you’re aware of the threat and how these scams work is just as vital for protection. Verizon has some great advice in an article on how it is to protect its subscribers. He writes :
“Slow down. Criminals want you to act first and think second. Legitimate organizations will never ask for personal data via email or text message.”
The message is simple but effective. A moment taken to reflect on what you see could make all the difference. The director of the TSB’s fraud prevention team said something similar: “It’s important to stay on your toes. Never enter personal details in an SMS link, and certainly not your card details.
In addition to reporting and blocking spam SMS numbers, staying alert and aware of how dangerous SMS spam is is an equally important step in protecting yourself against scams.