Skip to main content

iMessage is overrun by scammers, but Apple does nothing

Apple's iMessage service has seen a rise in spam across its range of iPads, iPhones and Macbooks.

Late last year cybersecurity firm Cloudmark reported receiving its first piece of spam in the iMessage service. Since then the amount of spam has risen exponentially; iMessage spam now accounts for over 30 per cent of mobile spam messages.

Tom Landesman, security researcher at Cloudmark, found that in May and June "34 percent of all reported SMS spam in the entire US was from this single campaign advertising various discount sale sites peddling, likely knock-off, designer goods."

The iMessage's vulnerability to spam originates from how integrated the service is across Apple's product range. To link Apple products you need to attach an email address to the account, so instead of needing your phone number, scammers can use your email address to send spam to your plethora of devices.

"It's almost like a spammer's dream...With four lines of code, using Apple scripts, you can tell your Mac machine to send message to whoever they want," Landesman told Wired.

By making iMessage so accessible Apple have made it incredibly easy for scam artists, all you need is an email address for an account. Spammers can quickly amass a large amount of accounts and send swaths of messages, and because the messages travel through Apple's network, mobile carriers are unable to do anything about it.

To combat the spammers Apple have set up a way to report (and subsequently ban) iMessage spammers but the process is a little convoluted.

You need to email Apple; a screenshot of the spam, date and time of the message, and the email address or phone number it was sent from. But the process may prove fruitless as spammers can simply set up another iMessage account.