An Overview of 7726 User Reports: Uncovering SMS Scams and Scammer Strategies

TL;DR

This study analyzes 1.35 million user reports to distinguish between spam and scam SMS messages, revealing scam strategies, infrastructure abuse, and the most common scam types, providing new insights into SMS scam evasion tactics.

Contribution

First comprehensive analysis of user-reported SMS messages that differentiates spam from scams and classifies scam types, revealing scammer infrastructure and tactics.

Findings

89.16% of reports are text messages

35.12% of unique messages are spam

40.27% are scam messages

Abstract

Mobile network operators implement firewalls to stop illicit messages, but scammers find ways to evade detection. Previous work has looked into SMS texts that are blocked by these firewalls. However, there is little insight into SMS texts that bypass them and reach users. To this end, we collaborate with a major mobile network operator to receive 1.35m user reports submitted over four months. We find 89.16% of user reports comprise text messages, followed by reports of suspicious calls and URLs. Using our methodological framework, we identify 35.12% of the unique text messages reported by users as spam, while 40.27% are scam text messages. This is the first paper that investigates SMS reports submitted by users and differentiates between spam and scams. Our paper classifies the identified scam text messages into 12 scam types, of which the most popular is 'wrong number' scams. We explore the various infrastructure services that scammers abuse to conduct SMS scams, including mobile network operators and hosting infrastructure, and analyze the text of the scam messages to understand how scammers lure victims into providing them with their personal or financial details.