so someone found the GSM number of one of my family members who didn't know what to do with it
* she didn't ask for it
* she didn't fill in her GSM in some of the online 'phishy' games
* it was in english
* telling her that she won a British lottery
where do we send it to block this spam ?
nobody at proximus.be because there is no security and fraud department on the frontpage
you have to find it out yourself
this is the stupid apple filosophy - hide insecurity and don't tell anyone
I like the microsoft filosophy - insecurity is all around us - tell us and we will try to solve it
but the mobile companies still think that it won't happen to them
and even if there is no security-awareness and no security-alerts on promixus or any other mobile operator (even if mobile phones are being used for banking and paying and authentification) there is even no mention of any phonenumber you can send the SMS to. A general fraud and spamfunction on the phones for example.
If the phone companies say that they are blocking the numbers that are being used so that there is no problem for their users than they have to use the cooperation of their users-community to receive those sms-phonemails as fast as possible to be able to block them as fast as possible (in phishing the rule is that a phisher makes his money in the first four hours so time is really money).
and even that is reactive security which is a very old security concept in the online securityworld that has been abandoned since long as a standalone concept (except for Apple but they don't care a bit about security for now).
what the mobile operators need to do is to
* use "honeyphones" that will respond to those games and frauds and will be the first to receive new ones (active intelligence)
* cooperate in realtime with other phone-operators and exchange mobile and malware information and don't make the same mistake as the webworld where each company or network has developed its own description and naming system. Keep it simple. Start with the phone number used to send it, the other phone numbers involved and than a choice among a list of definitions (spam, malware, texting subscription, stealing logons, .......)
* filter incoming calls and text and mail-webtraffic on malicious code and those telephone numbers
* scan the mobile webpages for malware and scripts and block them if necessary
* give users mobile securitysoftware
* give them a simple 'forward to our fraud or security department' option
* have a clear frontpage announced securitywebsite with announcements, help pages and alerts and solutions
don't complain that you didn't know (you won't if you didn't read this blog :))