Skip to main content

It’s an unfortunate fact that with any significant form of digital interaction, fraudsters seek to exploit consumers with sharp practices.

MEF’s recent Mobile Messaging Fraud Report 2016, found 26 per cent of chat app users get an unsolicited message every day, while 49 per cent receive at least one a week. With SMS it’s a similar story. More than a quarter of consumers (28 per cent) receive an unsolicited SMS message every day with 58 per cent report receiving one every week.

The majority of unsolicited mobile messages are of course just a nuisance, however 33 per cent said that they had received a SMiShing message aiming to trick them into disclosing personal data such as bank details or passwords for online services.

In this post from the first edition of our quarterly Messaging eBulletin, Robert Gerstmann, MD for CLX Enterprise Division, takes a deeper look at the report findings.

The messaging and fraud report provides a remarkable update on how the messaging ecosystem is evolving and how some newer mobile messaging channels are increasingly being polluted by unsolicited and fraudulent messages.

It’s interesting to note that although the SMS channel receives the highest daily occurrence of unsolicited messages it remains the most trusted. This is likely because the percentage of spam messages is still a tiny fraction at less than one per cent overall. When compared to the nearly 50 per cent on email, SMS is still a clean and powerful channel. It’s also extremely surprising that over-the-top messaging apps only lag behind SMS by two per cent in daily occurrence, yet SMS is by far more ubiquitous and open.

In our experience there has always been a high correlation between the cost to deliver a message and the amount of spam and fraud the channel attracts. It could be argued that the reason for low levels of spam in Germany and France is directly related to:

a) The cost to send a message through legitimate routes is relatively high in those countries

b) The effectiveness of local operators in those countries to block fraudulent routes into their networks and filter spam is very good.

By contrast India, Nigeria and South Africa have a cost for sending a message that is relatively low, and although things are improving rapidly these networks have historically been less protected. As a consequence the incidents of spam are high.

It is also true that in many mobile first countries consumers are less likely to have email addresses and SMS therefore acts as a substitute for email marketing.

It should also be noted that TOTP apps are more secure they are still vulnerable to attack just like any software,  and which ever TOTP app you use,  you need to make sure they are trusted to keep it updated (without losing service configurations) and will be in business for perpetuity or you risk leaving all your users stranded and having to ask them to change their authenticator app at some point.

Lastly,  looking at the number of US mobile phone subscribers that have a realistic chance of actually downloading at TOTP app;  We forget that not everyone in the world has a smart phone and as a consequence using SMS again becomes the best method for these users.    Comscore currently believes US smartphone penetration sits at 79.1%,  leaving nearly 21% of the population unlikely to use any mobile based out of band authentication type (except SMS).

This however is not the whole story,  as the number of users that ever download an app on their smart phone is extremely low,  with 65.5% of those users hardly ever downloading an app. Which means that 72% of the US population are unlikely to ever download an alternative to SMS 2FA.

Cost, (or lack of it) may be the reason why 72 per cent of users have received unsolicited messages on over-the-top (OTT) messaging apps such as Whatsapp, yet no official APIs exist for sending Enterprise to Consumer messages on many of these platforms yet.

This is a cause for concern as it indicates that fraudsters are using weaknesses in the person to person capabilities of these apps to send messages on behalf of enterprises. These apps will need to tread carefully when they do decide to open their apps up to legitimate enterprise communications. They would not want to replicate the fate of push notifications, where overzealous marketers have caused this channel to be trusted by jus 16 per cent of the 6,000 respondents.

It could be argued that the reason why most people in the UK report unsolicited messages on SMS is because the operators have done a good job in collaborating on creating a cross operator shortcode (7726) that can be used to report such messages. In addition, there is a perception that regulators in the UK and the USA will prosecute offenders which is not always the case in other mobile first countries.

In our view there are a number of things that can be done in order to reduce fraud and spam across all channels;

1) Create a global shortcode, long number or email that can be used to report unsolicited messages. The easier we make it, the more people will do it. And ensure that the resulting reports are shared across the ecosystem in an automated way so that they can be acted on by key players.

2) Operators must continue to install SMS and SS7 firewalls into their networks to prevent grey and fraudulent routes from being exploited and used for sending spam and phishing messages.

3) OTT messaging apps must close holes in their systems that allow individual user accounts to send large amounts of unsolicited marketing messages undetected.

4) When OTT messaging apps finally allow for sanctioned Enterprise to Consumer messages to be sent legitimately via an API, they must seriously consider charging something meaningful to deliver the message so as to ensure that both fraudsters and overzealous marketers do not abuse the channel.

5) Cloud communication providers like CLX must innovate and implement better ways to validate the identity of companies to ensure that phishing attempts are thwarted early and often.

All of the above recommendations will be presented and discussed at the MEF Future of Messaging Programme with the intention of getting adoption across the ecosystem and driving real change to protect and improve the consumer experience of mobile messaging.

Robert Gerstmann

Managing Director, CLX Networks


Download the free MEF Messaging eBulletin now

Download our first quarterly Messaging eBulletin which takes a look at some of the issues being tackled by MEF’s Future of Messaging Programme including contributions from Aditya Dhruva, Head of Messaging and Broadband at Mahindra Comviva discussing the challenge of revenue leakage and Robert Gerstmann’s, MD for CLX Enterprise Division, analysis of the recently published MEF Messaging Fraud Report.

The eBulletin also includes news, stats and A2P market forecasts and analysis from Mobilesquared’s Chief Insight Analyst, Nick Lane, whilst MEF’s COO, Joanne Lacey, looks at another, much-hyped, driver of engagement via messaging – conversational commerce.