The texts frequently include a web address that looks like it is from Apple but upon closer inspection is not a legitimate Apple website and are sent from US mobiles numbers (+1-XXX-XXX-XXXX).
“Congratulations! You are Australia’s WINNER OF THE DAY! Go to http://www.apple.au.[redacted].com to claim your prize. Must claim within 24 hrs.”
“Your phone was randomly chosen as Apple’s Over-Stock iWinner. Go to http://ie.appleoverstock.[redacted] & type code 2872 to win your Free Gift-Card now!”
The links typically lead to a reverse auction site where people can bid on high end consumer products for a fraction of their normal price.
“SMS is still one of the most popular ways of communicating via mobile and is highly trusted which makes it very attractive to spammers,” says Ciaran Bradley, VP of Handset Security, AdaptiveMobile. “Over the last 6 months consumers in New Zealand , Australia, Netherlands, Denmark, Austria, Portugal, Switzerland and Ireland have received hundreds of thousands of these spam texts but so far the UK has not been targeted.”.
The spam texts are emanating from the US where spammers are moving from email to SMS due to the availability of low cost, international unlimited SMS packages. A highly connected eco-system based around affiliate marketing that is unique to the US has started to emerge, where advertisers offering products which are frequently of dubious value, are using companies known as affiliate networks to drive traffic to their website or increase sales.
The affiliate network in turn uses its members, known as affiliates, to promote these offers to consumers and in return the advertiser will pass on a fee to the affiliates and networks for each sale or sign up. Each successful signup can generate £1.50 for an affiliate.
Unscrupulous affiliates are beginning to illegally use SMS as a way to promote these offers by purchasing large numbers of phone contacts from list owners who may charge as little as $400 (approx. £250) for 100,000 numbers – with some list owners holding up to 190 million numbers – and “blasting” up to one million spam messages per day in order to maximise the number of leads and sales.
They may send the messages themselves or hire it as a service from people specialising in blasting large numbers of text messages. Some affiliates can earn up to $6,000 (approx. £3,700) from sending up to a million text spam each day.
“This advanced eco-system has seen the emergence of affiliate networks that specialise in offers that are illegally promoted by SMS and this nuisance has no respect for international boundaries,” continued Bradley. “Although it is growing from the US, it is clearly a threat for operators all over the globe. Whilst many operators already have measures in place to counter this threat, it is important that they are aware and prepared for the continuing and escalating scope of this issue so that they can take action.”
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.