Apple’s iMessage service is being polluted by spammers

“Apple’s iMessage system is a great way to send texts from phone-to-phone without the paying fees to your mobile carrier,” Robert McMillan reports for Wired. “ut over the past year, it has also become something of a nuisance. iMessage, you see, is yet another communications tool being polluted by spam. It’s a cheap and easy way for luxury goods spammers to get their junk messages front-and-center on your phone.”

“A year ago, Tom Landesman—who works for security and anti-spam company Cloudmark—had never seen an iMessage spam,” McMillan reports. “But he and his company now say that, thanks to one particular aggressive campaign from a junk mailer, it accounts for more than 30 percent of all mobile spam messages.”

“Apple’s iMessage system spans across the iPad, iPhone, and Apple’s laptop and desktop systems. That fusion of the desktop and mobile world makes it particularly easy for scammers to write a Mac OS script that can send messages to all types of devices just as fast as Apple will allow,” McMillan reports. “‘It’s almost like a spammer’s dream,’ says Landesman. ‘With four lines of code, using Apple scripts, you can tell your Mac machine to send message to whoever they want.'”

Much more in the full article here.


          1. … conceited, but he does not seem to be a parasite, as phasmainmachina claimed. So, maybe you could go a little easier on him – asshole, or not – rather than supporting a guy who (you claim) draws pencil sketches all day. We can all live without your buddy’s “art work”, but if you “need” “Darwin’s” attention, maybe you CAN’T live without it.

    1. I’ve seen a couple of spam iMessages in the last year, and I’ve had the same phone number and .Mac/MobileMe/iCloud address for years, and all are mapped to my iCloud account. Based on my personal experience, I can’t quite see how the 30% figure is remotely possible. How would it not be front-page news if any significant number of people were receiving dozens of spam messages on their iPhones as SMS-type messages every week?

        1. I’ve only received them once every few months, but have received 3 in the past month, so maybe the spammers are getting more clever. Each time I get one, I take the time to report it to Apple using Apple’s official instructions on how to report iMessage spam.

          Note that Apple believes it happens, what with having an official way to report it. I assume that reporting it helps them in their efforts to prevent it, not by filtering one address, but by figuring out patterns of abuse.

      1. Me too never a spam message with the service. Very pleased with it. I do however use another service with friends in Europe at times and it’s called Telegram. Very fast and no spam either. I killed Whatsapp months ago when Facebook purchased the company.

    2. No iSpam on my equipment, additionally no one I know either.

      The spam I have had were all over SMS. Particularly when entreating Walmart. lol Yes there are reasons to go there, saving money is not one of them.

  1. BTW, avoiding text messaging costs is only one advantage (and it’s not even an advantage for me because I have unlimited texting): you get to see when a message is delivered and you can write texts longer than the normal limit. And I think it’s faster as well…

    1. Apple controls ALL the .mac/mobileme/iCloud accounts. I haven’t read the terms of service word for word (who does?), but I’d be shocked if it does not say somewhere in there that you can’t use the system for spam efforts. All Apple has to do is have people forward spam messages to a specific Apple site, Apple verifies it as spam, then Apple kills that account.

      It would take Apple setting up a specific team to deal with this, but Apple could kill the vast majority of these accounts and thus the spam generated by them.

  2. I haven’t gotten a lot, but in the past 6 months I’ve gotten around 8 or so. I got one yesterday that was ‘cc-d to 10 other non-sequential numbers. I just block the number but I’ll bet, long-term, it’s ineffective. I think registering with the gummint “do-not-call” list might be a good start.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.