{"id":20764,"date":"2022-02-24T10:03:31","date_gmt":"2022-02-24T10:03:31","guid":{"rendered":"https:\/\/www.brosix.com\/?p=20764"},"modified":"2022-02-24T10:03:31","modified_gmt":"2022-02-24T10:03:31","slug":"what-is-spim","status":"publish","type":"post","link":"https:\/\/www.brosix.com\/blog\/what-is-spim\/","title":{"rendered":"What Is SPIM (Spam Over Instant Messaging)?"},"content":{"rendered":"

SPIM are spam messages symptomatic of widely-used free instant messaging<\/a> apps like Messenger, Whatsapp<\/a>, Viber<\/a>, Telegram<\/a>, Skype and WeChat. These spam messages are usually commercial-type spam but can contain malware and spyware.<\/p>\n

Most apps have built-in filters that block messages from unknown sources. However not all of them have this as the default setting, which means that you might still fall victim to this problem. Which is exactly what SPIM relies on to win its small victories.<\/p>\n

How instant messaging spam works<\/h2>\n

\"How
\nEvery SPIM has its spimmer. The spimmer\u2019s goal is to spread an unsolicited message to as many users as possible. The best way to spread that message is to \u201cborrow\u201d their victim\u2019s identity and spam the users from their buddy list.<\/p>\n

Spimmers hack into their victims\u2019 profiles by sending an instant message with a link that has a malicious code buried in it. Here\u2019s what happens next:<\/p>\n

    \n
  1. When the victim clicks the link, they basically give away their identity on that IM platform<\/a> to the spimmers<\/li>\n
  2. The spimmers then use the identity to send unsolicited commercial messages to users on their victims\u2019 buddy lists<\/li>\n
  3. Some users from the buddy list click on a malicious link and the cycle continues<\/li>\n<\/ol>\n

    Another scenario is that a link is sent to a funny video hosted on a phony website designed to look like a popular social network. If you\u2019re not savvy to these tricks, you\u2019ll enter your credentials and effectively give away your account to a cybercriminal.<\/p>\n

    There\u2019s also a less insidious way spimmers conduct their IM spams \u2013 They create software bots that generate innumerable throwaway accounts on instant messaging software<\/a>. Once they do, Once this is done, they go in rapidly-fire mode and\u00a0 send countless unsolicited messages to as many accounts as possible.<\/p>\n

    Of course, not all SPIM is evil. Most of it is just annoying commercial spam from companies without the moral compass and business shrewdness to know better.<\/p>\n

    Ways to combat SPIM<\/h2>\n
      \n
    1. Use two-factor authentication (2FA)<\/li>\n
    2. Delete SPIM messages<\/li>\n
    3. Use filters to block messages from unknown sources<\/li>\n
    4. Use antivirus with a built-in web filter<\/li>\n<\/ol>\n

      Two-factor authentication<\/h3>\n

      Add another layer of authentication so that a cybercriminal who got your passwords can\u2019t access your accounts. This is a great way to stop the \u201cfunny-video hackers\u201d in their tracks. Without a security question, the password alone is useless.<\/p>\n

      Use filters<\/h3>\n

      Even better than deleting unsolicited messages is not getting them in the first place. That\u2019s why limiting incoming messages to only your contacts or buddy list is the way to go. That only leaves you with SPIM you get from hacked accounts of the people from your contacts. Meaning that you would only potentially receive SPIM if one of your contacts were hacked.<\/p>\n

      How to recognize SPIM from a buddy list<\/h2>\n

      \"How
      \nSPIM from a buddy list usually requires some form of interaction and almost always contains an external link (spyware\/malware alert!). It will most probably look weird and be in a different tone to what you\u2019re used to from that person. In the event that you click on the link and the website you\u2019re taken to looks legit, it will often have one tell tale sign \u2013 it\u2019ll be an HTTP website instead of HTTPS. HTTP websites don\u2019t have encrypted data and are therefore unsafe.<\/p>\n

      To stay on the safe side, use antivirus with a built-in web filter. This filter will recognize phishing websites and alert you not to visit them and subsequently, not give out your sensitive information to hackers. With Brosix, you can integrate our app with your preferred antivirus<\/a> software easily.<\/p>\n

      Spam over internet telephony (SPIT or VoIP spam)<\/h2>\n

      SPIT is a fitting acronym for a spam method that includes voice. This type of spam includes the same unsolicited messages, just in the form of a (usually) prerecorded voice message.<\/p>\n

      They are extremely common today because VoIP calling rates are either free or very cheap. Meaning that the companies that deem this a profitable way of \u201cmarketing\u201d see it as an investment. To add insult to injury, telephony software like Asterisk makes it really easy for spammers to deliver robocalls at scale.<\/p>\n

      Thankfully, there are ways to battle this on your own, you just have to adjust the VoIP app settings on your phone or desktop. You can also rely on third-party software that blocks calls and detects fraud.<\/p>\n

      Why are free instant messaging apps susceptible to SPIM?<\/h2>\n

      \"Why
      \nThere\u2019s a simple reason why free instant messaging apps suffer from SPIM \u2013 top cyber security is expensive and that\u2019s why it can\u2019t be a part of a freeware business model.<\/p>\n

      Take Whatsapp for example \u2013 they collaborate with companies that want to advertise their products and services by selling your contact information. That\u2019s why, every once in a while, you\u2019ll get a \u201cgreat deal\u201d in your Whatsapp chats. Learn more about Whatsapp\u2019s security shortcomings in this blog post<\/a>.<\/p>\n

      None of that happens with Brosix<\/a>, even on a free plan<\/a>. We don\u2019t store user data unless you specifically ask us to and all our end users have to pass authentication in order to access their accounts. So no third party has access to your Brosix data and there\u2019s no way that unauthorized accounts can even attempt to communicate with you.<\/p>\n

      [highlight_block title=”If you\u2019re interested in secure messengers that offer more advanced features, check out our article:” link1=”https:\/\/www.brosix.com\/blog\/encrypted-messaging-apps\/” link2=”” link3=”” ]<\/p>\n

      Improve your online security with password managers<\/h2>\n

      \"Improve
      \nBecause online security mostly revolves around passwords, both individuals and organizations big and small can benefit from password manager software. Here are some of the reasons why:<\/p>\n

      Password managers, just like web filters on antivirus software, recognize malicious websites and don’t auto-complete your credentials, thus keeping your account information safe.<\/p>\n

        \n
      1. They allow you to use a unique password for each online account that you have. This way, even if one of your passwords gets hacked, your entire online identity won\u2019t be compromised.<\/li>\n
      2. Where organizations are concerned, as soon as a team member leaves the company, a password manager generates new passwords and disables them from accessing your accounts.<\/li>\n
      3. This software enables something called digital inheritance \u2013 in the case of a person passing away, their family would gain access to the password vault of the deceased.<\/li>\n<\/ol>\n

        Read our review of the LastPass password manager<\/a> and other productivity tools.<\/p>\n

        Conclusion<\/h2>\n

        Unfortunately we\u2019re stuck with SPIM, as long as there are companies and individuals who believe taking shortcuts is the way to run a business. That\u2019s why you need to be able to recognize a spim message even when it comes from one of your contacts and act accordingly. Block unknown numbers that contact you and restrict communication only to buddy lists. However, don\u2019t forget that spammers have ways to infiltrate accounts and pose as other people.<\/p>\n

        With this in mind, always be alert when there\u2019s a link in one of your messages, even if it\u2019s from a family member. It\u2019d be good to have an antivirus with a built-in web filter in order to disallow autofill of your data even if you click on a link accidentally.<\/p>\n

        Finally, if you need an instant messenger for your business, consider software with high-end security features<\/a>.<\/p>\n

        [highlight_block title=”Improve your team\u2019s communication today.\u00a0” link1=”https:\/\/www.brosix.com\/request-demo\/” link2=”” link3=”” ]<\/p>\n

        FAQ<\/h2>\n

        What do you mean by SPIM?<\/h3>\n

        Spim is email spam\u2019s younger cousin and as a \u201ccool kid\u201d, uses an acronym to represent itself. That acronym stands for spam over instant messaging<\/a>. SPIM are all the unsolicited messages people receive on apps such as Messenger, Whatsapp, Twitter chat, WeChat etc.<\/p>\n

        How can you avoid SPIM?<\/h3>\n

        You can avoid SPIM by restricting incoming messages only to your contacts or your buddy list, deleting unwanted messages before opening them and thinking twice before opening links that your contacts send you (their accounts might have been hacked).<\/p>\n

        What is SPIM malware?<\/h3>\n

        Spim malware are usually lines of code hidden in the links spammers send to their victims. An example of this is a popular Messenger scam that uses an enticing call to action \u201cis that you in the video?\u201d and a link leading users to a phony Facebook login page, where they attempt to steal people\u2019s FB login details.<\/p>\n

        Every malicious IM spam has a link, which is why we implore you to be extra careful when clicking on them. One reminder \u2013 if a linked website starts with \u201cHTTP\u201d instead of \u201cHTTPS\u201d, the chances are, it\u2019s malware.<\/p>\n

        What is spit cyber security?<\/h3>\n

        SPIT cyber security is the practice of defending your VoIP network from spam, malware, phishing and other malicious practices. Voice traffic firewall software is a great example of effective SPIT cyber security because it screens potentially harmful caller IDs and restricts their access to your VoIP network.<\/p>\n

        Call encryption is another way to make your online conversations safer. If a VoIP provider you are considering doesn\u2019t offer call encryption, start looking elsewhere. That’s why choosing a secure VoIP provider is half the battle.<\/p>\n

        However, if you have concerns about internet telephony, Brosix\u2019s voice chat messaging app<\/a> is a great alternative to using VoIP altogether, precisely because of its security features.<\/p>\n","protected":false},"excerpt":{"rendered":"

        SPIM are spam messages symptomatic of widely-used free instant messaging apps like Messenger, Whatsapp, Viber, Telegram, Skype and WeChat. These spam messages are usually commercial-type spam but can contain malware and spyware. Most apps have built-in filters that block messages from unknown sources. However not all of them have this as the default setting, which […]<\/p>\n","protected":false},"author":3,"featured_media":20782,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-20764","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-instant-messaging"],"_links":{"self":[{"href":"https:\/\/www.brosix.com\/blog\/wp-json\/wp\/v2\/posts\/20764","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.brosix.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.brosix.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.brosix.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.brosix.com\/blog\/wp-json\/wp\/v2\/comments?post=20764"}],"version-history":[{"count":0,"href":"https:\/\/www.brosix.com\/blog\/wp-json\/wp\/v2\/posts\/20764\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.brosix.com\/blog\/wp-json\/wp\/v2\/media\/20782"}],"wp:attachment":[{"href":"https:\/\/www.brosix.com\/blog\/wp-json\/wp\/v2\/media?parent=20764"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.brosix.com\/blog\/wp-json\/wp\/v2\/categories?post=20764"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.brosix.com\/blog\/wp-json\/wp\/v2\/tags?post=20764"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}