SMS Spam: taking it personally

We have just release a survey and white paper into mobile user’s attitude towards spam messages. It revealed some interesting results – one of them was that people take SMS spam very personally.

68% of our respondents had received some kind of SMS spam.

If you’ve received a spam SMS, do you remember what it was? Chances are you do. How many spam messages have you ever received? One or two? I suspect it’s a handful at most.

Now compare that with email. Do you know the last spam message you got? Quite unlikely. Do you know how many you have ever had? Or how many in the last week? Or last day? I doubt that many people know the answer to this.

So why do we remember mobile spam so clearly? Naturally there are relatively few spam text messages, so that is part of the reason. But the other part is that most of us take it very personally. When you think about it, that’s hardly surprising. Most of us are just a few feet away from our mobile phone at all times. If we forget it when we leave the house most of us feel lost without it. It’s the device that we text our loves on. We customise them with backgrounds and ringtones. Increasingly it’s also the place where we store our personal photos. How many other technology devices do we have that kind of relationship with?

So, the mobile phone IS personal. If you are marketing to phones, you need to understand that it is the case, and be very mindful of the relationship through the phone.

That’s not to say that we don’t want marketing messages on our phone. We do. The study also showed that 55% are happy to receive offers and promotions from brands that they have selected. The point is that mobile users want CONTROL. And lots of it.

The other day I received messages from two restaurants. I had given them my mobile number as part of a booking over a year a go. They didn’t ask me if I wanted to receive these messages. They just assumed that I did. It was quite within the regulations to send such messages as a soft opt-in, but I was understandably put out. I complained to both restaurants.

The study also showed that we want to choose the time of day and frequency of the messages we receive. So, if brands want to market to mobile phones, there are plenty of people happy to receive that information. But they shouldn’t assume that we all automatically want to be told about everything. Brands need to seek permission and give users control over what and when they receive their messages.

Please click the following link if you would like to read the Mobile Spam Survey in full.

How to stop mobile spammers

Click here for my tips, Dos and Donts to stop mobile spammers

A couple of days ago, two friends of mine received the same spam SMS. It read:

‘FREE MSG: Our records indicate u maybe entitled to £5000 in compensation for your recent Accident, To claim just reply with CLAIM to this msg, 2 stop txt STOP’

Poor grammar aside, my friends were (unsurprisingly) quite upset by the message, as neither had had an accident, nor had opted in to any kind of marketing on their phone. Although there was no premium rate SMS attached to the messages it looked like a crude attempt at fraud.

I decided that it would be an interesting exercise to see if I could find the spammers/fraudsters.

The first thing was to identify the network that supplied the reply number. The spammers had used a standard long number (like a mobile phone number), which meant that it could not be a premium rate SMS. All PSMS are connected to a 4,5 or 6 digit shortcode.
For those of us in the business, there is a simple way to identify the network using something called an HLR Lookup. This gives the number, a unique ID, the current network (even if the number has been ported) and it’s approximate location.

Checking the number gave me the following information:

Number: 447797800425
IMSI: 234507100200425
MCC: 234
MNC: 50
Operator Name: Jersey
Operator Country: United Kingdom
MSC: 447797706004
MSC Location: null

There are two particularly useful bits of information – the operator and the MSC Location. The mobile operator was Jersey Telecom. The MSC Location was ‘null’. This means that the number was not attached to any mobile phone handset, and therefore would have been used in conjunction with a messaging platform. Messaging Platforms are systems for sending bulk SMS and receiving replies. Typically they are web-based but include a connection to the mobile operator. These are used by companies and individuals for legitimate purposes, such as sending service updates or opted in mobile marketing. I know about these, because that’s what my company does! It would appear that the spammers had access to one of these platforms.

Next thing was to contact Jersey Telecom with all of the HLR and message information. They responded within a few hours (good going for a mobile network) with the following:

‘I have now received confirmation from our client that your request has been
forwarded on to their ‘opt-out’ department in order to have the number
provided removed from any mailing list. ‘

Now this is not what I wanted to hear. The spammers are probably involved with fraud, so I wanted to find the company. I emailed Jersey Telecom back asking for the name of the platform provider. They responded with:

‘I am not in a position whereby I can simply divulge our clients’ information or identity. I also work within certain ‘data protection’ restrictions.’

That really got my back up. The Data Protection Act and PEC Regulations are there to protect individuals, and not to allow companies to hide their identity, especially dishonest companies. In fact, the regulations are the opposite. Companies must make their identity explicitly clear in their communications.
Jersey Telecom received an irate response from me, explaining why they were totally in the wrong. The next day, much to my surprise, I got the following reply:

‘we have conducted an investigation into this incidence & have stopped this provider from sending these messages through our network’

Not only that, but they gave me the name of the platform provider. A company called Mblox.

Result!

To be clear, Mblox are an entirely honest and reputable company. They are not responsible for the spam, but rather have provided their messaging system to the company (or individuals) who then misused it for spam.

I then emailed Mblox asking for the details of the company who sent the messages, so I can pursue the matter further. That was a day ago, and so far I haven’t had a reply from them. But watch this space, as soon as I find out who they are, I will update the blog.