The NY Times’ Laura Holson reports on the latest battleground with spammers as they have figured out how to hit cellphone users with unsolicited and unwanted text messages, which depending on your service plan, you may well have to pay for.
American consumers are expected to receive an estimated 1.5 billion unsolicited text messages in 2008, according to Ferris Research, based in San Francisco, which tracks mobile messaging trends. That is nearly double what they received in 2006.
Of course that is a small percentage of the overall number of messages: an industry survey showed that consumers in the United States sent and received about 48 billion text messages in December alone. But for many people who are charged as much as 20 cents for an incoming message or are interrupted in the middle of dinner, even one is too many.
“The reason this really burns people up is because they have to pay for messages they don’t want, and they shouldn’t have to,” said Chris Murray, senior counsel for Consumers Union, a nonprofit group.
There’s some discussion of fighting with your carrier to get refunds, but more interesting is cutting off the spam before it arrives:
Most phone spam is actually e-mail that comes through gateways linking the Internet and cellphone networks, industry executives said.
Most wireless phones have a dedicated e-mail address. At AT&T, for example, it is a customer’s cellphone number followed by @text.att.net. Using computers, spammers create millions of possible number combinations, then send messages to those addresses.
All major communications companies give consumers the ability to thwart spam by changing the easily guessed e-mail addresses for their phones, or completely blocking messages coming from the Internet. They can do this by logging onto the company’s Web site and changing their preferences.
“I did that six months ago and I have not received any spam,” Mr. Melone of Verizon said. “No one, not even me, wants their cellphone to ring at 2 in the morning.”
The utility of blocking all messages from the Internet depends on how you use your phone, but changing the default email address is a precaution that everyone should take. And there’s more danger on the horizon:
But inconvenience is not the only downside; there is also the threat of viruses as phones become more like personal computers. Some companies are already preparing for this.
Last winter, Symantec, a maker of security software, introduced a product for smartphones that connect with the Internet to detect mobile threats, check for viruses and automatically delete spam or corral suspect texts in a folder.
Khoi Nguyen, a product manager for mobile security at Symantec, said the company developed the software mainly for Asia and Europe, where creative spammers try to steal credit card information or banking data through phones. He said he expected to see the same trend here in the next 6 to 12 months.
What percentage of mobile phone users do you think will install and correctly operate a mobile security package?
The news that Symantec was working on a anti-botnet protection tool was fine and dandy except for the fact that they want an additional $29.95 yearly subscription. If you are beginning to wonder how many different security programs Symantec can think up to separate you from your cash, so is Ryan Naraine:
The anti-botnet tool is being marketed as “complementary solution to existing antivirus or security suites,” adding yet another application to the list of security tools needed by PC users to avoid computer takeover attacks.
Here’s a list of the products sitting on your machine, sucking valuable system resources under the guise of protecting you from hacker attacks: Anti-virus, anti-spyware, anti-rootkit, anti-spam, drive-by browser protection, etc., etc.
It has to be the biggest con job in IT to convince consumers that they should pay a separate subscription for each of the above “protection” products.
$29.95 here and $29.95 there – sooner or later it adds up to real money.
Netcraft reports that MySpace accounts are at risk from a phishing attack that uses MySpace’s own servers:
Netcraft has discovered that the social networking site, MySpace, appears to have been compromised by phishers who have presented a spoof login form on the main site. This modified login form is designed to submit the victim’s username and password to a remote server hosted in France.
Netcraft has notified MySpace of the issue, although it currently remains live. Because the fraudulent login page is hosted on MySpace’s own servers and does not exhibit any signs of external content, such as cross-site scripting (XSS) or open redirects, it is convincing and even security-conscious users are at risk of becoming victims. The attack is launched from a profile page, where the username is login_home_index_html, and uses specially-crafted HTML in order to hide the genuine MySpace content from the page and instead display its own login form.
More details and the screenshots by following the link, but Netcraft provides a well-regarded, free browser tool bar for IE and Firefox that prevents phishing vulnerabilities including this one via a community reporting process.
As for MySpace, this is yet another peril of allowing users to have in depth control over their own Web space.