Reducing the Impact of Smishing and Spoofing by SMS

Created: Thursday, September 16, 2021, posted by Geetesh Bajaj at 10:00 am



1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

By Dario Betti, CEO, MEF

There are millions of faked SMS sent by fraudsters trying to steal passwords every day. Consumers and organizations need help to fight back against this.

Text messaging scams, which trick consumers into sending money or sharing their account details with fraudsters, are known as ‘Smishing’ (or phishing by SMS). Criminals send bogus texts which appear to come from a trusted sender.

Reducing the Impact of Smishing and Spoofing by SMS
Image: Yay Images

Sometimes fraudsters create an exact copy or ‘spoof’ of a genuine merchant sender ID. These messages, when received by consumers, can be placed into existing message threads or conversations from the same target merchant on the customer’s smartphone – giving more credibility to the fraudulent message.

Aside from using the Wholesale Messaging (Aggregator) delivery channels operated by Mobile Network Operates, scammers also send messages in bulk using ‘SIM farms’ that utilize normal SIM cards as used in mobile phones. These SIM farms are devices that operate several SIM cards at a time and can be programmed to exploit the ‘Unlimited Text’ capabilities offered on consumer tariffs – despite being in breach of the T&Cs of use for such consumer offerings. Messages sent from these devices can be easily identified and blocked by the Registry as they always originate from a regular mobile number rather than from a merchant/brand using alphabetic characters.

One of the most common scams over the last few months has been fake text messages pretending to be from Royal Mail. The message usually requests a small payment for a parcel to be delivered, with a link to a copycat Royal Mail website where victims are then asked to give their bank details.

These fake texts can also spread harmful malware, which once downloaded, gives the fraudster access to sensitive information on your device.

Consumers should be particularly wary of clicking on embedded links within texts and should contact their bank/merchant via the contact number on the back of their card if they are in any doubt before reacting to a text request.

This issue is being tackled by the British mobile industry. Thanks to the industry’s collective efforts a Registry for SMS short-code names has been created by MEF (Mobile Ecosystem Forum).

In the UK, many major banks and Government brands are currently being protected with 352 trusted SenderIDs registered to date. Over 1500 unauthorized variants are being blocked on an ever-growing list, including 300 senderIDs relating to the Government’s Coronavirus campaign.

Government agencies, including HMRC and DVLA, are participating in this ecosystem-wide anti-fraud solution which is supported by BT/EE, O2, Three, and Vodafone, along with the UK’s leading message providers including BT’s Smart Messaging Business, Commify, Dynamic Mobile Billing, Firetext, Fonix Mobile, IMImobile, Infobip/OpenMarket, mGage, Reach-Interactive, Sinch, TeleSign, Twilio and Vonage.

The cross-stakeholder working group has seen a significant drop in fraudulent messages being sent to the UK consumers of the participating merchants.

Following the success in the UK, The Ireland SMS SenderID Protection Registry is being launched with the support of all three Mobile Network Operators, nine Merchants, three major Government agencies, Banks, Retailers, and Utilities. The Registry is also launching in Singapore as The Singapore SMS SenderID Protection Registry.

Whilst the brands (such as postal services) suffer adverse PR, the Banking groups often bear the brunt of the financial losses experienced by consumers, as well as the adverse PR. Hence by reducing smishing there are benefits for many merchants, as well as consumers.


Dario Betti
    
Dario Betti is CEO of MEF (Mobile Ecosystem Forum), a global trade body established in 2000 and headquartered in the UK with members across the world. As the voice of the mobile ecosystem, it focuses on cross-industry best practices, anti-fraud, and monetization. The Forum provides its members with global and cross-sector platforms for networking, collaboration, and advancing industry solutions.

The views and opinions expressed in this blog post or content are those of the authors or the interviewees and do not necessarily reflect the official policy or position of any other agency, organization, employer, or company.


Related Posts


Filed Under: Guest Post
Tagged as: ,

No Comments

Leave a Reply