According to a 2006 Ferris Research study, consumers last year were expected to receive a total of about 800 million cell phone spam messages. The number for 2007 is expected to reach about 1 billion. When I first read those numbers, I thought, "Heck, my own regular email account gets about a billion spam messages per year by itself." (Well, not quite…but it often seems like it.) On my cell phone, though, I only get one or two spam messages per month.
There are several reasons why cell phone-based text messaging spam hasn't hit us hard yet. One is the aggressive filtering deployed by large U.S. cell phone carriers. It is in their best interest to keep wireless networks spam-free, and most are using clever filters to do so. Wireless carriers have also been very aggressive in finding and stopping the Web sites and spamming organizations that send out the unwanted messages.
Their brethren wireline ISPs, however, have had far less success filtering spam and tracing back attacks. So, why are the wireless text message spam filters cutting out more garbage than the ISPs' filters?
Many successful cell phone spammers continuously alter spelling and message content, or even launch their spam from a botnet that consists of tens of thousands of machines. Current message-based spammers in the U.S., however, have yet to use as many of these filter-evading and trace-dodging tricks, but they surely will in the near future.
In the U.S., most consumers have to pay a small fee for each text message received, whether spam or not. Thus, a spammer can quickly ring up a large numbers of charges, resulting in more easily calculated damages than those of traditional email spam. Government investigators like to work on these more clear-cut cases, where damages can be more easily associated with a defined cost.
However, botnets are growing, bad guys' anonymity has improved and text messages can now be conveniently sent to cell phones via the Internet, meaning it's only a matter of time before text message inboxes everywhere are filled with unwanted spam.
This was first published in June 2007