Apple’s iMessage platform has been inundated with the largest mobile spam run of the year, with daily volumes at times comprising 80% of all reported mobile messages in the US.
On-going since Q2, the messages appear to be coming from China, and try to flog counterfeit goods to bargain-hunting punters, according to security firm Cloudmark.
The 'spamvertising' campaign differs from many in that goods are actually delivered – in this case mainly knocked-off handbags and sunglasses. However, the quality of the items is apparently poor.
“Shipped from Suzhou, China, a fake Michael Kors bag came with numerous and humorous defects that left it looking more akin to a child’s toy purse than a high quality designer bag,” the vendor explained in a blog post.
“The messages themselves also hailed from China with the majority of email domains being popular Chinese webmail services used to sign up for the perpetrating Apple IDs. In recent months, legal teams representing the various brands have taken notice and begun aggressive takedowns on the fake sites in question.”
A peak of 59% of emails registered were Chinese, with the items shipped from a location around three hours from Suzhou.
“This one campaign spam is contributed to almost the entirety of 'Auction / Sale Site Spam' seen during the third quarter,” said Cloudmark.
“Other entire types of SMS spam, such as bank and account phishing, were a larger portion of the SMS complaints but are an aggregate of many separate campaigns, targeting different types of accounts, and run by seeming unrelated entities, where the iMessage spam seemed to be all part of one campaign.”
Meanwhile, area code-targeted bank phishing spiked in September to reach half of all reported texts in the US, having been in decline up until that month.
Fake versions of banking websites hosted on disposable domains and hacked web servers lend the campaign greater legitimacy in the eyes of the victims.