The UK’s mobile, banking and finance industries, government departments and agencies, and industry associations have joined forces to tackle fake SMS campaigns.
The organisations taking part in the initiative include:
• 14 banks and the UK Finance, a trade association for British banks and financial service providers
• government department and agenices such as Her Majesty’s Revenue and Customs (HMRC), and Driver and Vehicle Licensing Authority (DVLA)
• Mobile UK, the trade body that represents BT/EE, O2 (Telefonica UK), Three and Vodafone
• the National Cyber Security Centre (NCSC)
• the Mobile Ecosystem Forum (MEF).
Fake text messages trick consumers into sending money or sharing account details with fraudsters are known as smishing (or phishing by SMS). Criminals are using SMS campaigns by legitimate bodies during the coronavirus as ‘cover’.
They send bogus texts which appear to come from a trusted sender, for example, in the case of the Government’s mass-text campaign UK_Gov.
Fake all the way
These messages often contain links to fake websites or phone numbers using social engineering techniques to trick the victim into revealing their personal and financial information or sending money.
Criminals also often use spoofing, which inserts a message in a chain of texts alongside previous genuine messages from an organisation.
Not on the register
As part of the cross-stakeholder trial, MEF has developed the SMS SenderID Protection Registry in which organisations register message headers to protect them when sending texts to customers.
The Registry blocks fraudsters from sending messages impersonating a brand by checking whether the sender is the genuine registered party.
Fifty bank and government brands are protected through the trial so far, with 172 trusted SenderIDs registered.
More than 400 unauthorised variants are blocked on an ever-growing blacklist, including 70 senderIDs relating to the UK Government’s Coronavirus campaign.
Wide-base of support
The trial also has the support of the UK’s leading messaging providers including BT’s Smart Messaging Business, Commify, Dynamic Mobile Billing, Firetext, Fonix Mobile, HGC Global Communications Limited, IMImobile, mGage, OpenMarket, SAP Digital Interconnect a division of SAP, Sinch, TeleSign, Twilio and Vonage.
Mike Fell, Head of Cyber Operations HM Revenue and Customs, who were one of the first Government agencies to report Covid-19 text scams said: “This trial builds on the success of an HMRC pilot, conducted with telecoms providers, which resulted in a 90% reduction in reports of the most convincing HMRC-branded SMS scams.
“We are happy to collaborate with MEF and partners to take forward our work to safeguard the UK public from such SMS-related scams.”