SMS text spam plunges in UK as ICO fine spooks PPI pests

Have mobile spammers taken fright?

The ICO's crackdown on a firm accused of sending huge amounts of payment protection insurance (PPI) SMS spam appears to have caused a marked drop in the number of unsolicited messages being received by UK mobile users, figures from security firm Cloudmark show.

Using figures from the GSMA's 7726 Spam Reporting Service supplied by an anonymous UK operator, unsolicited text volumes dropped markedly after November 2012 with the commonest form, PPI spam, falling from a peak of 47 percent of complaints to 35 percent by December.

By early 2012, the decline had consolidated, with PPI spam accounting for only 26 percent of unsolicited messages in March as overall volumes continued to fall.

Although cause and effect is difficult to prove, Cloudmark believes the decline is most likely connected to the huge £440,000 ($660,000) fine handed out in November by the Information Commissioner to the two owners of Manchester-based Tetrus Telecoms.

The ICO judgement said the firm had made up to £8,000 a day sending out hundreds of thousands of text messages from unregistered pay-as-you-go SIM cards on the themes of PPI compensation and personal injury claims.

Anyone replying - in other words confirming their mobile number - would have been targeted to receive further spam with stronger leads passed to claims management firms looking for business.

It now looks as if Tetrus probably ceased its spamming but the record size of the fine could also have discouraged others using the same business model, amplifying the sudden drop.

The figures are imperfect because they only reveal how many subscribers complained to a single network, not how many received the messages in total. It could also be that PPI volumes have declined as the public issue of compensation has waned naturally. The correlation does at least appear sudden enough to rule out pure coincidence.

Earlier this week figures from Cloudmark's Q1 Global eMessenging Report connected a large drop in the amount of gift card scam texts received by US mobile users to a 7 March 2013 announcement by the Federal Trade Commission (FTC) that it was filing complaints against eight firms.

In the early months of 2013, gift card campaigns fell from around half of all SMS spam to around 10 percent in the period after the FTC's move, Cloudmark found using an analysis of the US 7726 complaint stats.

It's important to note a distinction between the messages the FTC took exception to which were rated as misleading and therefore fraudulent. In the UK, spam pushing PPI claims companies is not illegal per se even if many commentators see them as a form of constructed scam in which the user is charged money for a useless service.

Despite the declines in mobile spam, unwanted messages remain a major nuisance for UK consumers, with payday loans now the most often complained about type of message.

Encouragingly, the connection between regulatory action and a drop in SMS spam suggests that the issue of unwanted messages on mobiles does not have to turn into a re-run of what happened in the PC world a decade ago.

"Our data shows that PPI spam complaints make up a significantly lower proportion of the UK SMS spam reports than prior to the ICO action against the spammers in November," confirmed Cloudmark's senior director of security research, Chris Barton.

"This evidence, alongside the impact shown by the FTC's actions in the USA, suggests that regulators have a significant part to play in tackling spammers. We look forward to working with the regulators to continue to combat these threats," he said.

Join the CSO newsletter!

Error: Please check your email address.

Tags icoPersonal TechtelecommunicationCarriersantispamGSMACloudmarksecurity

More about CloudmarkFederal Trade CommissionFTCICOmobiles

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place