SMS Spam: this time it’s mis-sold loans and credit cards

As expected, in response to increasing pressure in the accident claims sector, the spammers are switching their messaging to claiming for mis-sold personal insurance, bank loans and credit cards. Messages typically look like this:

From: (a mobile number)

Message:

URGENT!! if you took out a Bank Loan prior to 2007 then you are almost certainly be entitled to  £2900 compensation, to Claim reply YES …

(message shortened)

This message is illegal for two reasons: firstly no one has opted in to receive it, and secondly the company is not identified in the message. If a recipient replies to a message with YES or CLAIM they will receive a call to make it into a qualified lead which will be sold on. The call is always from a withheld number (also illegal) and the company will tell you that their name is something like ‘PPI Compensations Team’ or ‘Affiliate Data Systems’  and that information was passed on from their ‘Network Affiliate Response Team’. If you ask for any more information about the company, such as their address or website, then they will simply terminate the call.

The companies have also started to ask if the enquiry was as the result of completing an online survey and that no unsolicited message was received in order to generate the lead. Of course, as the spammers and the company calling are one and the same, they know that the lead was a result of their unsolicited message. However, if someone believes that they really will bet £2900 then they are likely to agree that they did indeed complete an online survey. By creating this collusion with the claimant it confirms to the company that they will not report them for an unsolicited text when they reveal their identity much further down the line. However the fact remains they are operating illegally in both the SMS and by refusing to reveal the company’s identity during the call.

The advice for dealing with these messages and calls remains the same as the accident claims ones. Best advice is to ignore it and report it to your operator (forward the message to 7726, or 67726 on Vodafone). If you have any further information about the company then report it to the Information Commissioner. Exactly the same operational methods are being used for the loans that have been used for the accident claims texts. The company, Affiliate Data Systems have been doing the rounds for some time. If you want to have fun with it, then you can reply YES and make up a claim (as long as you don’t actually attempt to claim) and waste as much of their time as you can.

SMS Spam: what does India tell us about stopping it?

It was little over a month ago when the Indian regulator, TRAI took steps to stem the flood of spam in the country. A number of measures were introduced, including larger fines, registration of messaging companies, and limiting the daily text messages on pre-pay SIMs to 100 per day. It was the latter move that grabbed the worldwide headlines because it was something that significantly affected many consumers. And surprise surprise, it seems to have made little difference. Although a dip was reported shortly after the measure was introduced, feedback from consumers shows that in just a few weeks, the spam levels have gone back up. All the spammers did was to switch their operating method to using web-based messaging systems. There are even reports of a switch to voice-calling.

Although the two markets are different in some respects, this is very telling for the work being done in the UK to reduce SMS spam. No one has yet suggested restricting text messages, however some people have called for ID to be used when buying PAYG SIMs. However, the government is planning to remove paid leads in the personal injuries market. This may or may not reduce the spam in this area, but the evidence is that they will simply move on to something else: PPI claims or debt management. As long as there is money to be made, spammers will try.

Does this mean there’s no solution to spam? There is one, but it will come from a combination of better filtering and management by the operators, better enforcement of the existing regulations and consumer education to ignore and report unsolicited messages.

DMA finds 8 million spam texts sent every day in the UK

A couple of weeks ago, The Sun claimed that there were 5 million spam text messages sent everyday in the UK. They didn’t quote a source, but the figure seemed rather high. Given that a number of journalists had been asking the DMA about the volume of spam SMS, we decided to find out. Using Touluna QuickSurvey we asked 1000 UK adults if they had received spam. The results were more surprising than we expected:
  • 58% of people had received SMS spam in the last month
  • 11% of people had received more than 10 spam messages in the last month
If those figures are mapped against the UK adult mobile population of 48.5m it means that 23 million people received spam last month. Accounting for the number of messages that each person received, it means that there were 263 million spam messages in the last month, or 8 million per day. Surprisingly, it seems as though The Sun has been under exaggerating the figure. The DMA’s study has been widely reported by the BBC today.
The definition of spam is a difficult one. Legally, spam is where the recipient has not opted-in, however many mobile owners regard any message they don’t want as spam, even if they opted-in previously. For example a previous purchase is considered as a soft opt-in (provided it was stated in the T&Cs). It is quite acceptable under the regulations to send such messages, but not acceptable from a consumer perspective.

To try to understand a bit more about the types of company, we split the 58% of spam recipients as follows:

  • 22% have received SMS spam from company the recipient had previously bought products from or made an enquiry with – technically a soft-opt in.

  • 23.5% have received SMS spam from a company they knew, but had no previous contact with

  • 54% have received SMS spam from companies they don’t know and have had no previous contact with

  • 30% have received SMS spam from a company not identified in the message – these are typically accident claims, debt management or mis-sold PPI messages

8 million spam messages per day is a lot. It could be argued that more than one fifth of these meet the regulatory requirements but consumers still see them as spam. The 8 million spam texts are just 3% of the 300 million messages sent each day in the UK. Compare that to email, where it is estimated that 78% of the billions of daily messages are spam. So why should 3% be a problem in mobile spam?

There are three important reasons why:

  • Mobile is very personal – this is the device that we have with us all the time. We don’t share it, and it’s the place that most of us communicate with our friends and family. Unsolicited messages in this channel are very intrusive. A DMA/IAB study last year found that there was a 98% recall of brand SMS. Clearly, people remember a text message – solicited or unsolicited.

  • People are not used to mobile spam – we have all learnt to live with a certain amount of email spam. That is helped in part by increasingly sophisticated spam filters and report spam buttons in email. Those management tools don’t exist for individual mobile users (yet).

  • Mobile spam is bad news for legitimate permission-based marketing – even in world of apps and mobile web, SMS is an important driver for brand marketing, service and CRM. For consumers it can offer a convenient and immediate communication tool. If there is a perception that the channel is full of spam consumers will be reluctant to give brands their mobile number. In the email channel, the service providers have a major issue getting around spam filters, black-listing of servers and getting consumers to open their message. This is where SMS could end up if spam levels continue to rise.

In the end, text spam will be dealt with by a combination of better enforcement from the regulators, better filtering by the mobile operators and consumers not responding to unsolicited messages. The DMA is doing considerable work in this area – watch this space for updates.

SMS Spam: taking it personally

We have just release a survey and white paper into mobile user’s attitude towards spam messages. It revealed some interesting results – one of them was that people take SMS spam very personally.

68% of our respondents had received some kind of SMS spam.

If you’ve received a spam SMS, do you remember what it was? Chances are you do. How many spam messages have you ever received? One or two? I suspect it’s a handful at most.

Now compare that with email. Do you know the last spam message you got? Quite unlikely. Do you know how many you have ever had? Or how many in the last week? Or last day? I doubt that many people know the answer to this.

So why do we remember mobile spam so clearly? Naturally there are relatively few spam text messages, so that is part of the reason. But the other part is that most of us take it very personally. When you think about it, that’s hardly surprising. Most of us are just a few feet away from our mobile phone at all times. If we forget it when we leave the house most of us feel lost without it. It’s the device that we text our loves on. We customise them with backgrounds and ringtones. Increasingly it’s also the place where we store our personal photos. How many other technology devices do we have that kind of relationship with?

So, the mobile phone IS personal. If you are marketing to phones, you need to understand that it is the case, and be very mindful of the relationship through the phone.

That’s not to say that we don’t want marketing messages on our phone. We do. The study also showed that 55% are happy to receive offers and promotions from brands that they have selected. The point is that mobile users want CONTROL. And lots of it.

The other day I received messages from two restaurants. I had given them my mobile number as part of a booking over a year a go. They didn’t ask me if I wanted to receive these messages. They just assumed that I did. It was quite within the regulations to send such messages as a soft opt-in, but I was understandably put out. I complained to both restaurants.

The study also showed that we want to choose the time of day and frequency of the messages we receive. So, if brands want to market to mobile phones, there are plenty of people happy to receive that information. But they shouldn’t assume that we all automatically want to be told about everything. Brands need to seek permission and give users control over what and when they receive their messages.

Please click the following link if you would like to read the Mobile Spam Survey in full.

How to stop mobile spammers

Click here for my tips, Dos and Donts to stop mobile spammers

A couple of days ago, two friends of mine received the same spam SMS. It read:

‘FREE MSG: Our records indicate u maybe entitled to £5000 in compensation for your recent Accident, To claim just reply with CLAIM to this msg, 2 stop txt STOP’

Poor grammar aside, my friends were (unsurprisingly) quite upset by the message, as neither had had an accident, nor had opted in to any kind of marketing on their phone. Although there was no premium rate SMS attached to the messages it looked like a crude attempt at fraud.

I decided that it would be an interesting exercise to see if I could find the spammers/fraudsters.

The first thing was to identify the network that supplied the reply number. The spammers had used a standard long number (like a mobile phone number), which meant that it could not be a premium rate SMS. All PSMS are connected to a 4,5 or 6 digit shortcode.
For those of us in the business, there is a simple way to identify the network using something called an HLR Lookup. This gives the number, a unique ID, the current network (even if the number has been ported) and it’s approximate location.

Checking the number gave me the following information:

Number: 447797800425
IMSI: 234507100200425
MCC: 234
MNC: 50
Operator Name: Jersey
Operator Country: United Kingdom
MSC: 447797706004
MSC Location: null

There are two particularly useful bits of information – the operator and the MSC Location. The mobile operator was Jersey Telecom. The MSC Location was ‘null’. This means that the number was not attached to any mobile phone handset, and therefore would have been used in conjunction with a messaging platform. Messaging Platforms are systems for sending bulk SMS and receiving replies. Typically they are web-based but include a connection to the mobile operator. These are used by companies and individuals for legitimate purposes, such as sending service updates or opted in mobile marketing. I know about these, because that’s what my company does! It would appear that the spammers had access to one of these platforms.

Next thing was to contact Jersey Telecom with all of the HLR and message information. They responded within a few hours (good going for a mobile network) with the following:

‘I have now received confirmation from our client that your request has been
forwarded on to their ‘opt-out’ department in order to have the number
provided removed from any mailing list. ‘

Now this is not what I wanted to hear. The spammers are probably involved with fraud, so I wanted to find the company. I emailed Jersey Telecom back asking for the name of the platform provider. They responded with:

‘I am not in a position whereby I can simply divulge our clients’ information or identity. I also work within certain ‘data protection’ restrictions.’

That really got my back up. The Data Protection Act and PEC Regulations are there to protect individuals, and not to allow companies to hide their identity, especially dishonest companies. In fact, the regulations are the opposite. Companies must make their identity explicitly clear in their communications.
Jersey Telecom received an irate response from me, explaining why they were totally in the wrong. The next day, much to my surprise, I got the following reply:

‘we have conducted an investigation into this incidence & have stopped this provider from sending these messages through our network’

Not only that, but they gave me the name of the platform provider. A company called Mblox.

Result!

To be clear, Mblox are an entirely honest and reputable company. They are not responsible for the spam, but rather have provided their messaging system to the company (or individuals) who then misused it for spam.

I then emailed Mblox asking for the details of the company who sent the messages, so I can pursue the matter further. That was a day ago, and so far I haven’t had a reply from them. But watch this space, as soon as I find out who they are, I will update the blog.