Gift card SMS spam drops after FTC action, Cloudmark finds

Antispam vendor Cloudmark found that the FTC action against gift card spammers may have spooked them

By , IDG News Service |  Security

The volume of mobile spam messages touting free gift cards sharply fell after the U.S. Federal Trade Commission (FTC) filed complaints in early March against eight companies, according to antispam vendor Cloudmark.

The fraudulent messages told users they could get a free gift card for retailers such as Best Buy, Walmart and Target in exchange for people's personal information. The messages are illegal under U.S. law.

The FTC filed eight complaints in various U.S. courts against 29 defendants, accusing them of sending upwards of 180 million messages that confused consumers and often asked them to pay in order to receive the gift cards.

Gift card spam comprised more than 50 percent of all mobile spam messages in the U.S. around Feb. 18, according to Cloudmark's report, which covers the first three months of this year. It sharply dropped to less than 10 percent following the FTC's March 7 announcement.

Those named in the spam investigation are likely "out of the spam business now," said Andrew Conway, research analyst for Cloudmark.

Gift card spam still took the top spot for the most prevalent type of SMS spam for the first quarter of the year due to high volumes in January and February, Cloudmark said. The second most frequent type was payday loan scams, followed by bogus job listings, adult content and bank account phishing schemes.

Cloudmark, which also provides antispam products to ISPs, named in its report two companies that appear to be favored by spammers: a domain registrar called Internet.bs and Panamaserver.com, a hosting service.

Internet.bs had provided domain registration services for rogue internet pharmacies but recently curbed that practice, according to LegitScript, which offers a service that verifies the legitimacy of particular online pharmacies.

Cloudmark wrote that domains registered by Internet.bs were used for command-and-control servers that were part of the SpamSoldier botnet. The SpamSoldier malware targeted Android phones, masquerading itself as a legitimate game.

Internet.bs, which has country-code top level domain belonging to the Bahamas, is owned by two Panamanian residents, which complicates legal efforts to get the domains shut down.

"Internet.bs does a lot of very dubious domain registrations," Conway said. "But to shut one down, you have to serve legal papers for a Bahamian corporation for people in Panama. That's not tenable."

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question