FTC crackdown on text spammers highlights business threat

The Federal Trade Commission's recent crackdown on organizations suspected of sending millions of spam text messages puts a dent in an illicit activity that threatens businesses and consumers.

The FTC reported on Thursday that it was charging 29 individuals with collectively sending more than 180 million spam text to consumers. Through the lure of gifts and prizes, including a $1,000 gift card for major retailers, the alleged spammers tricked people into clicking on links that led to sites used to gather personal information.

"Today's announcement says game over to the major league scam artists behind millions of spam texts," Charles A. Harwood, acting director of the FTC's Bureau of Consumer Protection, said in a statement.

Spam text messages pose a significant threat to businesses because they are sent directly to mobile workers, bypassing filters and firewalls. While the operations busted by the FTC focused on gathering personal information, the links could have easily pointed to a site that downloaded malware.

Because many businesses have yet to deploy mobile security technology, the field of potential victims is still fairly open.

"Very few mobile devices are hardened and secured as most organizations have not deployed MDM (mobile device management)," Jonathan Thompson, founder and managing partner of Rook Consulting, said on Friday. "This exposes the devices to compromises with malware, where any and all communications can be monitored by hackers."

In the past, MDM technology was used primarily to configure settings and to distribute applications on mobile devices. Today, many vendors have added malware detection and the ability to restrict access to corporate data.

"Most mobile devices have access to company IP (intellectual property) through email, so mobile devices will be hot targets for attackers in 2013," Thompson said.

Fortunately, tools for hacking mobile devices are still relatively immature when compared with those available in the underground for breaking into personal computers. Nevertheless, the mobile threat is increasing as the number of malware and variants soars. Malicious apps that secretly bill victims through premium text services are popular among cybercriminals.

In the FTC case, people who went to the bogus gift sites were asked for personal information under the guise of needing shipping information for the gift cards. Once that information was collected, the victims were sent to another site where they ware asked to sign up for as many as 13 "offers" in order to get the gift cards. The offers sometimes required credit card numbers and submitting credit applications.

The information collected was sold to third parties for marketing purposes, the FTC said. In addition, site operators were paid by businesses that gained customers or subscribers through the offer process.

To protect against spam texts, companies should formulate a formal mobile device policy and guidelines that promote best security practices for employees, Thompson said. In addition, businesses should consider MDM software.

Other approaches to mobile security include building a separate workspace on the mobile phone, so corporate data and applications operate in an encrypted environment that cannot be affected by the personal side of the device.

Fixmo is one company that has such technology, and is working with Lockheed Martin and the Institute for Infocomm Research in Singapore on new methodologies for uncovering operating system vulnerabilities and potential attack vectors.

"We do not yet have products in market for this, but it is one of the key areas of R&D at Fixmo Labs," said Tyler Lessard, chief marketing officer for Fixmo.

Read more about wireless/mobile security in CSOonline's Wireless/Mobile Security section.

Join the CSO newsletter!

Error: Please check your email address.

Tags U.S. Federal Trade Commissionapplicationssecurityftcmobile securitysoftwareData Protection | Wirelessdata protectiontext spam

More about Federal Trade CommissionFTCLockheed Martin

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts