What is SPIM?
Table of Contents
- By Greg Brown
- Feb 27, 2023
Logging into a chatroom in the early 1990s and talking with someone on the other side of the world was nothing short of thrilling. You were in the comfort of your home, talking with another person on the other side of the globe, with little delay. From there, instant messaging was born. From 1997 to 2000, AOL, Yahoo, and MSN launched new IM products, and the world changed.
No modern online communications app, website, or financial institution is free of predators looking to ruin lives or make a quick buck. Enter “spam over instant messaging” or SPIM. Unsolicited messages received from instant messaging apps, including Messenger, WhatsApp, and WeChat, are quickly becoming infected by SPIM.
Spammers use all available means to deliver annoying and unwanted ads and pornographic images through instant messaging, with the most popular method being email. According to Pew Research, instant messaging has become increasingly popular, with over 53 million Americans using several different apps. Of all these users, nearly 17 million receive unwanted ads or SPIM.
Targeted SPIM Attacks
Younger age groups are the most likely target for unwanted SPIM, with the 18 to 34 age group spending a significant amount of time chatting with friends. In 2005 the first convicted SPIM predator was an eighteen-year-old who sent out nearly 1.5 million ads.
Millennials are the most targeted group of consumers for several reasons. Younger consumers who watch TV, YouTube, and internet apps, are targeted the most by mainstream media. Now instant messaging has arrived on the scene, which is seeing an explosion of illegal advertising tactics.
Marketing to millennials is the hottest ticket in town right now. No matter where you turn, there is advice on selling products and services to this age group. Marketers and SPIM predators find it easier to shape a future buyer’s purchasing habits than to convert older established customers from their competitors. The proliferation of instant messaging apps is the perfect vehicle to shape a young person’s future buying habits while targeting groups with illegal ads.
- 92% of millennials own a smartphone, and 95% follow brands through social media platforms
- Millennials, more than any other age group, are likely to get their news from social networking sites on their smartphones
SPIM predators target millennials for several reasons, including embracing modern technology, and the group considers social media a part of their immediate communication needs.
Instant messaging advertising attacks take their queue from email predators with a lot more experience. People who use email as a communication tool are well aware of SPAM. Unsolicited digital communication sent out in bulk is the dreaded SPAM.
Modern SPAM messaging contains a wide variety of malware and ransomware attack vectors. Unwitting users are often the focal point of large-scale SPAM predators who want to take down financial accounts, networks, and government infrastructure.
Many inside experts feel SPIM will eventually become a bigger problem than SPAM. The main reason for this growth is that many instant messaging apps have published directories of their users. These directories contain valuable information, including name, age, date of birth, and much more.
SPIM attack messages contain the same dangerous links to malware websites. In the early stages of SPIM, most users feel that unwanted advertisements on their instant messaging apps are annoying, moving them to junk files. Unfortunately, these junk files do not protect the users from attacks.
Many instant messaging platforms are publicly linked to social media, giving predators another large arena of victims. Scammers gather login information from the user and then begin their attacks on the social media user base.
Spam bots can be easily created with only five lines of Python code. On the other end of the spectrum, complex Bots mimic human behavior and automatically disseminate any information it is given. They create an unlimited number of bogus accounts linked to any number of online platforms. Once access to a platform is achieved, they create messages based on the spammer’s rules.
Bots are used extensively to spread false advertising and pornographic imagery. Spam bots create profiles from the information gathered in email and IM accounts and sign on to services such as KIK or Skype. Once on the platform, bots spread pornographic images with links to websites. If a user responds, an enormous effort is made to gain credit card information. Bots target random names in the given database, with a high probability of minors getting pornographic messages.
Protect Against SPIM
Defending against SPIM attacks and other malware is more a function of common sense than a specific process. As more SPIM attacks occur, engineers will develop software and procedures to counteract these predators.
Multi-factor authentication is probably the most effective way to counteract attacks against an instant messaging app. Without a password, predators have no way of entry into the system. Users must not have an easily recognizable second word like a birthday or a child’s name.
Every modern messaging app has a list of filters users can employ to keep messages from getting into their app in the first place. Some platforms are more complex than others, with several categories of filters users can take advantage of. With the right combination of filters, users can determine if their buddy or contact list has been compromised.
Receiving SPIM from a buddy list will usually contain malware and other dangerous links. Messages from compromised contact lists will have a different tone in writing and be formatted differently.
A telling sign of a compromised instant message; any links will have an HTTP prefix rather than an HTTPS secure prefix. HTTP websites are inherently unsafe because they are not encrypted.
Stay away from free or unknown instant messaging apps, if possible. Top cyber security is expensive to build and maintain, which is why it cannot typically be a part of a free business model. When choosing an instant messaging app, make sure there are plenty of safeguards against SPIM. Also, ensure user data is not stored on free plans and that there is two-factor authentication to get into an account.