Byron Acohido, USA TODAY
SEATTLE - Messaging security firm Cloudmark today issued a first-of-its-kind list of the top 25 area codes targeted by cellphone spammers.
Atop the heap are Fort Lauderdale, Los Angeles, Dallas, Miami, San Francisco, Seattle, San Antonio, New York City and Austin.
Andrew Conway, research analyst at Cloudmark, supplied CyberTruth with some clarity about the volume and types of spam reaching U.S. cellphone users.
CT: What general observation can you make about the level and deployment patterns of mobile spam in the US in 2012 and 2013?
Conway: The amount of SMS spam that is being sent is growing. However, the phone companies are getting a lot better at detecting it and blocking it, so the amount of spam that is being delivered to users is actually going down.
CT: What kinds of spam are you seeing?
Conway: Bank and other account phishing spam is on the increase. This is when cyberthieves attempt to use fraudulent text messages to deceive individuals into revealing sensitive financial information. Android malware distribution is back on the scene. This is still low level in the United States since most people get their apps only from Google Play.
Free gift card/iPad spam is on the decrease. The indictments against 29 defendants and temporary restraining orders issued by the Federal Trade Commission in March were extremely effective in curbing this sort of spam.
CT: So some forms of heavily- distributed mobile spam are annoying, though otherwise benign. But other forms, such as phishing mobile spam, are clearly nasty, correct?
Conway: Yes. We see spam selling diet pills or Viagra. While that is annoying, the only risk to consumers is what they choose to spend. However if you fall for phishing spam, and part with your credit card number or bank account log in, your whole account could be cleared out. We are seeing bank phishing being geotargeted now.
Smaller financial institutions may have less strong fraud detection and prevention systems in place, so it is easier for the criminals to make money. So the criminals will pick a regional bank, credit union or savings and loan and send phishing messages just to the area codes served by that institution.
CT: Why do you think why SMS spam is clustering in South Florida ?
Conway: Most of the South Florida spam is "We buy junk cars." This is just a very small number of scrap dealers (who think this is a cheap way to advertise. They are limited by the range of their tow trucks, that is where the spam goes.
CT:Why do you think SMS spam is clustering in, say, Seattle?
Conway: A lot of the Seattle traffic was for dating sites. The attack was concentrated in late June and early July. I'm not sure why this particular attacker chose this area to concentrate on - perhaps because Redmond has one of the largest percentages of rich single people in the country.
Sometimes when we see an area code get near the top of the ratings it is because of a particular short term attack like this. The South Florida attack is unusual because it has gone on for such a long time.
CT: Anything else?
Conway: Generally don't trust a phone number or URL sent to you in a text message. If it looks like a message from your bank, look up the phone number yourself and call them.
Note that some bank phishing scammers are now copying the recorded message you get when you call your bank, so if you do call the phone number in a phishing message, it will sound just like your bank, at least at first.