A rise in COVID-19 (Coronavirus) related text message scams (e.g. Smishing), which often attempt to trick UK mobile users into parting with their money or other sensitive personal details, has prompted mobile operators to join with other industries in order to update a trial of the new SMS SenderID Protection Registry.
The Mobile UK trade body (representing Three UK, Vodafone, BT (EE) and O2) has joined with the Government, messaging providers (Vonage, BT, Firetext etc.), financial and banking industries, the National Cyber Security Centre (NCSC) and the Mobile Ecosystem Forum (MEF) in order to trial the new system, which is already helping to identify and block fraudulent SMS texts.
No doubt almost everybody reading this will have, at some point, already experienced the annoyance of traditional SMS spam. Most of those are merely unwanted marketing messages but some will be Smishing (SMS Phishing), which is a message that attempts to trick people into divulging personal information.
Smishing texts are often designed to look authentic and may even appear in a chain of texts alongside genuine messages, but despite this such messages will contain links to fake websites or dodgy phone numbers (follow these and you’ll end up giving away sensitive personal data to fraudsters). Sadly the COVID-19 crisis has merely presented criminals with a new vector to try and exploit end-users.
The new solution – SMS SenderID Protection Registry – has been in trial since July 2019 and essentially enables organisations to register and protect the message headers used when sending text messages to their customers. The Registry limits the ability of fraudsters to send messages impersonating a brand, such as by checking whether the sender is the genuine registered party.
At present 50 bank and Government brands (e.g. HMRC and DVLA) are already being protected through the trial with 172 trusted SenderIDs registered to date. Over 400 unauthorised variants are being blocked on an ever-growing blacklist, which now includes 70 SenderIDs relating directly to the Government’s Coronavirus campaign.
As a result of this trial the operators’ have, over the past 6 months, seen a “significant drop in fraudulent messages” being sent to UK consumers of the participating organisations.
Gareth Elliott, Mobile UK’s Head of Policy & Communications, said:
“Mobile companies work hard to protect their customers from fraud and the contribution from the industry to the Registry will help reduce the number of scam texts pretending to be from trusted brands. This gives much-needed protection against fraud, including for the most vulnerable customers.”
Customers can report suspected spam text texts to their mobile network provider by forwarding them to 7726.
This sounds like a non-solution. If HMRC is a registered and protected sender value, what’s to stop someone using the sender value HMRCTXT or something else that’s going to fool someone unsuspecting.
A better system should be put into place.
What is the problem of having all obvious combination of HMRC blocked? It works well with number plates, there is no need for another system, just to improve the current one.
The solution does all this and more!