Gift card SMS spam drops after FTC action, Cloudmark finds

Antispam vendor Cloudmark found that the FTC action against gift card spammers may have spooked them

The volume of mobile spam messages touting free gift cards sharply fell after the U.S. Federal Trade Commission (FTC) filed complaints in early March against eight companies, according to antispam vendor Cloudmark.

The fraudulent messages told users they could get a free gift card for retailers such as Best Buy, Walmart and Target in exchange for people's personal information. The messages are illegal under US law.

The FTC filed eight complaints in various U.S. courts against 29 defendants, accusing them of sending upwards of 180 million messages that confused consumers and often asked them to pay in order to receive the gift cards.

Gift card spam comprised more than 50 percent of all mobile spam messages in the U.S. around Feb. 18, according to Cloudmark's report, which covers the first three months of this year. It sharply dropped to less than 10 percent following the FTC's March 7 announcement.

Those named in the spam investigation are likely "out of the spam business now," said Andrew Conway, research analyst for Cloudmark.

Gift card spam still took the top spot for the most prevalent type of SMS spam for the first quarter of the year due to high volumes in January and February, Cloudmark said. The second most frequent type was payday loan scams, followed by bogus job listings, adult content and bank account phishing schemes.

Cloudmark, which also provides antispam products to ISPs, named in its report two companies that appear to be favored by spammers: a domain registrar called and, a hosting service. had provided domain registration services for rogue internet pharmacies but recently curbed that practice, according to LegitScript, which offers a service that verifies the legitimacy of particular online pharmacies.

Cloudmark wrote that domains registered by were used for command-and-control servers that were part of the SpamSoldier botnet. The SpamSoldier malware targeted Android phones, masquerading itself as a legitimate game., which has country-code top level domain belonging to the Bahamas, is owned by two Panamanian residents, which complicates legal efforts to get the domains shut down.

" does a lot of very dubious domain registrations," Conway said. "But to shut one down, you have to serve legal papers for a Bahamian corporation for people in Panama. That's not tenable."

Cloudmark has flagged as suspicious about 80 percent of the IP space belonging to, which allows people to pay for hosting services with a higher degree of privacy using payment services such as Web Money or Liberty reserve, Conway said. Cloudmark's customers can decide whether they want to actually block content coming from those flagged IP addresses.

The email spam seen originating from its IP block targets people in Brazil. Conway said there is no antispam law in Brazil, but Cloudmark does flag the messages as suspect.

In the last two months, Cloudmark saw a major spam run from Romania using IPv6, an Internet specification that dramatically expands the number of IP addresses. But the problem is that IPv6 addresses are so plentiful that blocking an individual address has little effect on spam.

Conway said it's better for antispam products to throttle the number of messages that can be received from a block of IPv6 addresses. Cloudmark already flags 3.3 million of Romania's 14 million IPv4 addresses as having a reputation for spam, Conway said.

As it becomes more difficult to send spam from Romania, Conway said there are signs spammers may be using IP addresses in Belarus. "Spammers will follow the line of least resistance," he said.

Send news tips and comments to Follow me on Twitter: @jeremy_kirk

Join the CSO newsletter!

Error: Please check your email address.

Tags antispamCloudmarksecuritymobileUS Federal Trade Commission

More about Andrew Corporation (Australia)CloudmarkFederal Trade CommissionFTC

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts