We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

FTC crackdown on text spammers highlights business threat

The Federal Trade Commission's recent crackdown on organizations suspected of sending millions of spam text messages puts a dent in an illicit activity that threatens businesses and consumers.

The FTC reported on Thursday that it was charging 29 individuals with collectively sending more than 180 million spam text to consumers. Through the lure of gifts and prizes, including a $1,000 gift card for major retailers, the alleged spammers tricked people into clicking on links that led to sites used to gather personal information.

"Today's announcement says game over to the major league scam artists behind millions of spam texts," Charles A. Harwood, acting director of the FTC's Bureau of Consumer Protection, said in a statement.

Spam text messages pose a significant threat to businesses because they are sent directly to mobile workers, bypassing filters and firewalls. While the operations busted by the FTC focused on gathering personal information, the links could have easily pointed to a site that downloaded malware.

Because many businesses have yet to deploy mobile security technology, the field of potential victims is still fairly open.

"Very few mobile devices are hardened and secured as most organizations have not deployed MDM (mobile device management)," Jonathan Thompson, founder and managing partner of Rook Consulting, said on Friday. "This exposes the devices to compromises with malware, where any and all communications can be monitored by hackers."

In the past, MDM technology was used primarily to configure settings and to distribute applications on mobile devices. Today, many vendors have added malware detection and the ability to restrict access to corporate data.

"Most mobile devices have access to company IP (intellectual property) through email, so mobile devices will be hot targets for attackers in 2013," Thompson said.

Fortunately, tools for hacking mobile devices are still relatively immature when compared with those available in the underground for breaking into personal computers. Nevertheless, the mobile threat is increasing as the number of malware and variants soars. Malicious apps that secretly bill victims through premium text services are popular among cybercriminals.

In the FTC case, people who went to the bogus gift sites were asked for personal information under the guise of needing shipping information for the gift cards. Once that information was collected, the victims were sent to another site where they ware asked to sign up for as many as 13 "offers" in order to get the gift cards. The offers sometimes required credit card numbers and submitting credit applications.

The information collected was sold to third parties for marketing purposes, the FTC said. In addition, site operators were paid by businesses that gained customers or subscribers through the offer process.

To protect against spam texts, companies should formulate a formal mobile device policy and guidelines that promote best security practices for employees, Thompson said. In addition, businesses should consider MDM software.

Other approaches to mobile security include building a separate workspace on the mobile phone, so corporate data and applications operate in an encrypted environment that cannot be affected by the personal side of the device.

Fixmo is one company that has such technology, and is working with Lockheed Martin and the Institute for Infocomm Research in Singapore on new methodologies for uncovering operating system vulnerabilities and potential attack vectors.

"We do not yet have products in market for this, but it is one of the key areas of R&D at Fixmo Labs," said Tyler Lessard, chief marketing officer for Fixmo.

Read more about wireless/mobile security in CSOonline's Wireless/Mobile Security section.

IDG UK Sites

Windows 10 release date, price, features UK: Staggered release with PCs coming first this summer -...

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

MacBook Pro 15in preview: better battery life, faster storage and a new discrete graphics chip may...