iMessage is responsible for more than 30% of all spam messages on mobile devices, according to research done by security expert Tom Landesman and anti-spam company Cloudmark (via Wired). The researcher notes that there are multiple reasons as to why the platform has become a prime choice for spammers, stating that iMessage's reach across the iPhone, iPad, and Mac along with its accessibility have made it easy to target users:
That fusion of the desktop and mobile world makes it particularly easy for scammers to write a Mac OS script that can send messages to all types of devices just as fast as Apple will allow. “It’s almost like a spammer’s dream,” says Landesman. “With four lines of code, using Apple scripts, you can tell your Mac machine to send message to whoever they want.”
With iMessage, spammers can send unwanted messages to a user's associated emails and phone numbers if enabled. The ability for the desktop Messages client to verify numbers with the iMessage network has also made sending spam to confirmed users easier, along with the fact that signing up for the service can be done with just an email. The researcher further notes that iMessage's read receipts feature (which can be turned off) allows spammers to better generate a list of verified users to spam based on activity.
Apple has made a few moves to combat spam in iMessage over the past year, adding a rate-limit for sent messages after some iOS developers experienced a denial-of-service prank, and adding a spam reporting tool. However, that tool remains a bit complicated to use, as it requires users to send Apple an email containing the screenshot of the spam message, the email or phone number it was received from, and the date and time.
