New mobile security statistics show consumers fearful of mobile spam

A survey of UK consumers found trust in mobile device security is declining as more users fall prey to mobile spam.

New data suggests enterprises in the UK face a challenge convincing customers mobile commerce is indeed safe and secure.

People tend to trust material they think is coming from their mobile operator, and will download it.

Alan Ranger,

More than half of UK consumers don’t trust the security of their mobile devices enough to use them to pay for goods and services, and their level of trust is declining. Mobile security statistics from a recent survey sponsored by messaging security and infrastructure provider Cloudmark revealed the trend is fueled by the rise of SMS messaging mobile malware, targeted mainly at Android-based devices.

Cloudmark’s Connected Communications survey of 1,000 UK consumers, released last week, was conducted by online polling company Toluna in September 2011.

Cloudmark found trust in mobile security is falling among consumers, especially older consumers, as they become more aware of security issues with mobile devices. Younger consumers, according to the survey, tend to be less sceptical about using mobile phones to make payments, and 77% of 18-24 year-olds said they were happy to do so.

Overall, only 47.7% of all respondents said they would be willing to use their mobile to pay for goods or services.

While SMS is still a trusted communication channel, 19.1% of respondents viewed SMS as less secure than it was a year ago. Alan Ranger, VP of mobile marketing at Reading-based Cloudmark, said this was partly due to the increase in SMS spam.

“We’ve seen a rise in claims harvesting SMS messages where ‘ambulance chasers’ send people a text message asking if they’ve had an accident and want to claim for it. Messages concerning claims for mis-selling of payment protection insurance are also on the rise,” he said.

Other more serious scams try to get users to call premium-rate numbers without their knowledge. “You’ll get a message saying, ‘My battery’s low, can you call me on this line?’ and it will be a premium-rate number,” Ranger said.

With more users running email over their mobile phones and tablets, fraud and spam are migrating quickly to the mobile world, aided by a sharp rise in the amount of malware targeting Android devices. For example, last month Kasperksy Lab issued a report on DDoS attacks, showing Android malware had grown by a multiple of 200 during 2011, compared to 2010, and continues to rise at an ever-increasing rate. In December 2011, the company detected 82,000 variations of Android malware, but by mid-January, that figure had nearly quadrupled to 320,000.

The mobile channel is also being used to deliver malware. “There was a big attack against China Mobile late last year when a lot of subscribers received a text message asking them to download a security update,” Ranger said. “It infected a million phones in a three-week period before it was tracked down and stopped. People tend to trust material they think is coming from their mobile operator, and will download it.”

Legitimate Android apps can also be re-engineered by hackers and uploaded to an unofficial app store to be downloaded by unsuspecting users. In one incident in the US last November, said Ranger, a free Tic Tac Toe (Noughts and Crosses) game app tricked users into granting permission to send texts and make calls, and them up for a monthly subscription to receive more games. It then sent messages to everyone in the user’s address book suggesting they play the game too.

“Telcos are only just waking up to the problem,” Ranger said. “It was OK when the problem was low-level SMS spam, but now it is causing subscribers to lose money and creating a lot of dissatisfaction.”

Read more on Endpoint security