Apple iMessage now accounts for more than 30 percent of all mobile spam messages sent to users, with cybercriminals easily able to send messages to a large number of users. To better combat spam messaging, Apple previously put in place iMessage rate-limiting, as hackers last year were able to send a large volume of messages with little resistance. However, it still remains a lucrative tool for cybercriminals to use for spam and phishing attacks, with the problem seemingly out of control.
To register for an iMessage account, a criminal simply needs a victim's linked email address - a mobile phone number isn't required. Security experts have seen message come from U.S. companies such as Microsoft's Hotmail to China's Yeah.net, indicating a large number of accounts have been created to send out spam.
Trying to report iMessage spam abuse is a tiresome, annoying process: users must email Apple, including a screenshot of the spam message, email address or phone number of sender, along with the date and time the message was sent by the spammer.