With a recent report from the University of Minnesota and AT&T Labs showing that more than two-thirds of mobile phone users received SMS spam last year, it is clear these attacks are creating a growing headache for consumers. But mobile users are not the only victims: fraudsters, spammers and scammers are also causing increasingly serious problems for mobile network operators.
In 2012, users received an estimated 4.5 billion mobile spam messages, and researchers reported roughly 350,000 distinct variants of SMS spam. For operators, this illegitimate traffic creates a number of negative outcomes. Foremost is revenue loss or leakage, which can occur because of unexpected costs and imbalances in interconnect agreements. Unwanted messages also consume network capacity and drive up customer support and staffing costs.
Subscribers targeted by spam and fraud suffer diminished satisfaction, which translates into increased complaints and higher churn. In extreme cases, concentrated fraudulent activity has prompted regulatory scrutiny and intervention from government organisations.
Security researchers warn that attackers are finding it increasingly easy to access mobile users’ chat logs and phone data — including location, contacts, email and other sensitive information. Reports have highlighted vulnerabilities in popular messaging services, demonstrating how messages can be intercepted or decrypted by third parties. Demonstrations at security conferences have shown how insecure implementations in some messaging apps enable attackers to read or manipulate messages sent by users.
SMS remains a powerful channel, with open rates often cited near 95% compared to roughly 20% for email, and that effectiveness has driven explosive growth in SMS marketing from both consumer-focused and enterprise applications. Legitimate businesses are rushing into mobile marketing to establish niches and direct customer engagement. Unfortunately, spammers and scammers are doing the same, producing a steady flood of unsolicited traffic. Industry measurements vary: some vendors report that around 5% of all messages are spam or fraud related, while broader industry estimates put the figure as high as 20% in some markets.
The surge in SMS marketing has also sharpened debate about what consumers consider acceptable messaging. Low-cost, bulk SMS providers in particular have drawn criticism when their practices cross the line of legitimacy. These providers often compete on price by routing traffic at lower cost than mobile network operators (MNOs). The result can be inconsistent quality of service, unreliable routing and connections that may not be properly contracted or regulated.
Illegitimate messaging can originate from many sources: peer-to-peer gateways, messaging applications, black market SIM boxes (also called SIM farms), and various foreign or unregulated networks. Some messages and traffic patterns violate operator agreements, content provider policies or local laws. Addressing these threats requires a layered solution capable of identifying and controlling multiple attack vectors.
With heavy investment in LTE rollouts and an intensely competitive operator landscape, it is more important than ever for operators to protect revenue streams effectively. Plugging leaks from unsolicited services ensures proper charging for legitimate traffic and prevents exploitation or abuse of inter-operator agreements. This protects both short-term revenue and the long-term value of network relationships.
Operators must balance protecting their networks, services and revenue with maintaining customer satisfaction. One practical tactic is to close fraudulent access points, which minimizes direct revenue leakage and incentivizes legitimate routing channels. By blocking abusive paths, operators can preserve market pricing and improve overall revenue potential.
Mobile operators already possess large volumes of traffic and subscriber data. Applying intelligent analytics to these datasets — looking at traffic patterns, origin/destination profiles and behavioral indicators — enables operators to detect anomalies and limit revenue leakage. Rapid detection and response help counter continuous attempts to exploit weaknesses in both networks and devices, allowing operators to deploy targeted protections before problems escalate.
An effective anti-fraud solution must protect both the network and subscribers. It should reduce customer dissatisfaction, support compliance with industry regulations, and be interoperable across diverse technologies, core networks, messaging platforms and handset variations. Multi-layered approaches implemented at the network level can filter a wide range of threats, from SIM box fraud and routing abuse to phishing, spoofing and other forms of messaging-based fraud.
As mobile users continue to rely on SMS for its ubiquity and immediacy, the threat posed by fraudsters, spammers and scammers is likely to persist. To safeguard customers, maintain revenue integrity and keep churn low, operators need a comprehensive strategy that detects and prevents the full spectrum of fraud and spam techniques. Deploying analytics-driven, multi-layered defenses and closing illegitimate access paths will be essential elements of any effective response.