Category Archives: Information Security

Dealing with mobile SMS / text spam in Nigeria

Email spam no longer causes me any problems; very little spam gets through to either my work or personal inbox. There is plenty coming in (a quick look into my spam quarantines confirms that!), but it is being successfully recognised and filtered out.

What about SMS spam? Is the same true?

For me at least, SMS spam seems to be a growing problem. In recent months, I have seen an increase in the volume of SMS spam reaching me. The messages cover the expected range of content; from advertisement  to telecom’s content subscription services. Take an example I received over the weekend:

SMS message contents:

Win tons of exciting prizes, including instant airtime and VIP tickets to the Headies and mingle with your favorite stars! Text HHW to 32045 to play. N30/SMS

This sounds unsolicited to me, and sadly, no provision to opt out. This is clearly a message touting some form of deceptive content. It’s probably familiar to many readers – this type of spam is certainly not new. There is a twist to this particular campaign however. Notice the call-to-action phone number – this is an 080xxxxxxxxx number, not a premium rate number that you might normally expect. *

Anyway, the point is that this campaign is old, simplistically constructed and should be easy to stop. But it is actually making its way to the end user – me, in this case.

Another example, that arrived several weeks earlier:

SMS message contents:

Win up to N500,000 on 31/9 in U Think U Know Nigeria Quiz. Kanu Nwankwo is a ?

A. Footballer B. Musician C. Actor Text A,B,C to 35020. N100/SMS

A quick look in Google for this shortcode number (35xxx) shows plenty of hits from about two/three months ago. So, another example of an old, simple campaign that could easily have been blocked.

The emergence of bulk SMS in a country without walls of any sort, (no info security, no laws against perpetrators, except for EFCC that do not know their left from their right in terms of I.T. and Telecoms security) is a pandemic.

So why are these messages coming through? Shouldn’t my network provider be doing a better job of filtering such messages?

The first step in being able to do that is to have visibility into the problem. How can users quickly report spam SMS messages (without relying on any separate app)?

In the world of email, in the rare event when I do receive a spam message, I am able to remove it from my inbox and report it to the appropriate organisation in a single click.

The situation is a little more complex for mobile users, but you can report the message to your network provider. In the UK at least, you can forward the messages to 7726, which spells SPAM on the numerical keypad. Easy to remember:

What kind of IT and Telecom Security “Professionals” do we have in this country? Do they think at all or they go there to play computer games and receive bogus salary to buy cars? No offense! What are the guys at FCC doing? Na wah o!

For some reason, MTN should think of something like this to make their users prepend this number with 3 (making it ‘37726’), and Glo users with a 5 (making it ‘57726’), and Etisalat users with a 9 (making it ‘97726’), and so on. So not quite so simple, but at least there is a reporting mechanism.

Note to providers: please can we have a menu option added into the default messaging applications for users to report spam?

Additionally, readers may be interested in a couple more options they have.

Firstly, they may wish to report the message to the Information Commissioner’s Office (ICO), that’s if we actually have someone that is ready to solve problems. They provide a link to a survey where you can forward details of the offending messages to them for further investigation.

When the spammy messages involve premium-rate numbers or short-code numbers, they should do something like PhonepayPlus. This is the organisation that regulates premium-rate services within the UK. Within their site is a useful tool that can be used to query information about the number in question.

Now is the situation likely to get worse? Will I end up installing one of the many apps that purport to filter incoming SMS messages? I just might. What about you?

However, I think it is also important that people report active scams. This is the only way that perpetrators will be likely to be investigated, prosecuted and stopped. The network providers and software vendors can also help – make it easier for users to report suspect messages.

Actually, this message looks like it may well be a continuation of a scam that has been active for several years. The basic modus operandi appears to be tricking recipients into calling a normal geographical number, and then subsequently calling them back in order to invoice them. lol!

1 Comment

Posted by on September 11, 2012 in Information Security


Tags: , , , , ,

%d bloggers like this: