Nuisance Calls and Texts
Neil Cook, Cloudmark Chief Technology Officer
Cloudmark Confidential. Do not copy, repurpose, or distribute.
Who is Cloudmark?
Cloudmark Service
Data Feed
Global Operator Networks
Mobile Operator
Mobile Operator
Security Operations
Cloudmark Service Traffic Analysis System Expert Analysis System
Trust Evaluation System
Advanced Message Fingerprinting Algorithms
THREATS
Cloudmark Research
Cloudmark Advanced Fingerprinting Algorithms
THREATS
GSMA Spam Reporting Service
Cloudmark develops messaging security software solutions for communications service providers to protect their networks and subscribers from spam, fraud, phishing and malware.
Cloudmark Confidential. Do not copy, repurpose, or distribute.
Are Nuisance Calls and Texts Really a Problem?
2
Source: Step Change Debt Charity
Source: Step Change Debt Charity
More than 45M people in the UK have received unsolicited calls or text messages.
Cloudmark Confidential. Do not copy, repurpose, or distribute. 3
Are Nuisance Calls and Texts Really a Problem?
Nearly 2 Billion SMS spam sent in the UK annually.
200 Million SMS Spam Variants
92% of British adults who text say it is at least somewhat important that their carrier have a mechanism for reporting mobile spam.
Source: Cloudmark
Cloudmark Confidential. Do not copy, repurpose, or distribute.
Common Attack Types in the UK
4
35%
39%
48%
51%
62%
Financial Product Sales
Non Financial Product Sales
Silent Calls
Personal Injury Claims
PPI Compensation
Most Common Nuisance Call Types
Source: Which?, 2013
6%
7%
10%
21%
41%
Debt Relief
Product Promotion
Accident Compensation
PPI Compensation
Payday Loan Spam
Most Common SMS Spam Types
Source: Cloudmark, 3Q 2013
Citizens Advice UK, 2013
Citizens Advice UK, 2013
Citizens Advice UK, 2013
2/3 of British adults have received PPI themed nuisance texts and calls.
90% by phone
40% by automated message
35% by text
98% Did not give permission to be contacted.
Cloudmark Confidential. Do not copy, repurpose, or distribute.
Common UK SMS Spam Attack Examples
5
We have been trying to contact you regarding your PPI claim, we have details to show that you could be owed £2500.Reply REFUND or STOP REFUND to Opt Out.
PPI
Friday Cash! 100% acceptance on ALL payday loans, cash in your account Before 17:00 at www.[REDACTED].net. Apply now for Cash Today !! Reply stop to stop.
Accident and Personal Injury
Payday Loan
2612.84 is waiting in your name, its compensation for the accident you had, to get it sent out ASAP fill out the form at http://www.[REDACTED].mobi
Cloudmark Confidential. Do not copy, repurpose, or distribute.
Call For Change
6
Coordinated approach: • Regulation • Reporting • In-Network Filtering
Regulation
• Information Commissioner’s Office fines PPI spammers
UK, civil action 2012-11-28 (raided 2011-08, 2012-02)
• Regulations against referral fees for personal injury cases
UK, civil penalties 2013-04-01
• London police arrest pension liberation spammers
UK, criminal action 2013-05-09
PPI Spam, UK • January 2011, PPI compensation spam ramps up
Unsure if you qualify for a refund of PPI paid on a loan or credit card? Reply PPI and we will run a no obligation check or reply STOP to opt out.
• 27 July 2011, Tetrus Telecoms (Gary McNeish and Chris Neibel) in Stockport called on by ICO enforcement officers. McNeish already living in Thailand.
• 29 July 2011, SMS spam sent via Stockport mast ceases
http://breachwatch.com/wp-content/uploads/2012/11/tetrus_mcneish_monetary_penalty_notice.pdf
• 11 August 2011, ICO search warrant for now vacant Stockport location
• 28 February 2012, search of Neibel’s home • 24 September 2012, letter of intent served on
McNeish • 26 November 2012, fines levied by ICO
Personal Injury Referral Fee Ban, UK
December 21, 2009, Lord Justice Jackson's Review of Civil Litigation Costs recommends ban on referral fees for personal injury claims May 1, 2012, UK Government approves ban as part of Legal Aid, Sentencing and Punishment of Offenders Act 2012 April Fool’s Day, 2013, ban takes effect
Lawyers in UK have tight restrictions on advertising, but were allowed to pay for cases referred to them
Source: Linkedin
Pension Liberation SMS Spam, UK Hi, as you have a frozen pension, you can get a large cash payment within 4 weeks, to get it started today reply 'CASH' to this text IMPORTANT FREE MESSAGE: Release CASH from your frozen UK Pension Minimum pension value 18,000 call 020 8720 7291 (no cash fees) To Opt-Out reply stop Tino great news for Xmas release a cash lump sum from your pension even if under 55 Old or new pensions can be released Visit www.freemypensionfund.com No mention of tax penalties for early withdrawal Either advanced fee scams or fraudulent investment schemes
Pension Liberation Arrests
February 2013, UK Pensions Regulator created a task force: • Serious Fraud Office • Serious Organized Crime Agency • Home Office
May 9th, 2013, arrests and computers seized in London, Glasgow, Ayr and Cheshire
Photo: Wikipedia Commons
Cloudmark Confidential. Do not copy, repurpose, or distribute.
APPG on Nuisance Calls and Texts September 10, 2013
Key Recommendations: • Improve compliance • Make reporting easier and more
effective • Protect and empower consumers • Improve the regulators’ capacity
to take action
12 Cloudmark Confidential. Do not copy, repurpose, or distribute.
Reporting
Cloudmark Confidential. Do not copy, repurpose, or distribute. 13
Many countries have deployed GSMA SRS • Global service for spam intelligence • Subscribers report SMS spam to
short code 7726 • Real-time insight to network traffic • Operators and regulator share all
information facilitated by SRS
Automated Analysis
Analytics Dashboard
Attack Fingerprint
Subscriber Reports
In-Network Filtering
Cloudmark Confidential. Do not copy, repurpose, or distribute.
Clean Traffic
Application Firewall
Spam/Virus Filtering Message Fingerprinting
Global & Per-Subscriber Policies
Sender Reputation and Volumetric Controls
Clean Traffic Spam and Fraud
Message Type Restrictions
Network Level Protection Network Firewall
Cloudmark Confidential. Do not copy, repurpose, or distribute.
Conclusions
Regulation
Reporting
In Network Filtering
• Nuisance calls and texts are on the rise in the UK
• Not just nuisance – includes fraud and other malicious activities
• Consumers want protection • Successful strategy will
include: - Regulation - Reporting - In network filtering
Thank you
16
Top Related