In May of 2012, we highlighted the increasing public availability of managed SMS spam services that can send hundreds of thousands of SMS messages across multiple verticals. These services are assisted through the use of proprietary or publicly obtainable phone number harvesting and verifying DIY applications.
In this post, I’ll profile one of the most recently advertised managed mobile phone number harvesting service which allows full customization of the harvesting criteria based on the specific requirements of the customer.
Sample screenshot representing the way the harvested data could be presented:
The default harvesting criteria consists of the following options:
– user ID on the Web site from where the mobile phone number was originally harvested
– education background
– work position
– contact details (as provided)
– ICQ and Skype
Custom harvesting capabilities:
– harvesting based on regions, cities, type of companies or E-shops
– age, sex, interests, work positions
– 100% custom harvesting based on a potential customer’s preferences
It’s worth emphasizing on the fact that the service explicitly points out the time frame required for the harvesting to take place:
– from a 1000 to 35,000 harvested phone numbers based on criteria – 1 to 12 hours
– from 50,000 harvested numbers and more based on criteria – 72 to 86 hours
The accepted payment method is WebMoney. Next to the actual harvesting of mobile phone numbers on demand, the vendor is also ‘vertically integrating’ within the marketplace by also offering phone number verification services as well as actual SMS spamming/SMS based TDoS (telephony denial of service attack) services.
We expect to continue observing an increase in vendors offering cybercrime-as-a-service solutions with vertical market integration in mind, in an attempt by the cybercriminals operating them to occupy an even bigger market share within the TDoS and the SMS spam market segments.