Covid-19 SMS spoofing thwarted by UK banking and mobile industries
Written by James Orme Thu 23 Apr 2020
400 unauthorised sender IDs blocked to stamp out scam messages mimicking trusted organisations
Efforts to identify and block scam text messages pretending to be from trusted organisations during the coronavirus crisis are being stepped up.
The mobile phone and finance industries have joined forces to help tackle spoofing, where criminals make text messages appear to be from a legitimate organisation, by changing the sender ID at the top of the text.
Texts may also be spoofed so that they appear in a chain of messages alongside previous legitimate ones.
Some may claim to offer “goodwill” payments from bodies such as HM Revenue and Customs (HMRC) and encourage recipients to click on links.
Trade association UK Finance, which is working with several other organisations, said a “white list” and a “blacklist” have been set up to thwart the scammers.
The white list, developed by the Mobile Ecosystem Forum (MEF), allows legitimate organisations to register and protect sender IDs used when sending texts.
This limits the ability of criminals to send messages using the same sender ID as a particular brand or government department, by first checking whether the sender is the genuine registered organisation.
UK Finance said 50 bank and government brands are currently being protected through the initiative, with 172 trusted sender IDs registered to date.
Meanwhile, the blacklist helps to block messages from sender IDs that have been used to send scam texts, or from potential sources that could be used to impersonate trusted brands and organisations in future.
More than 400 sender IDs have been identified so far on the blacklist, including 70 related to Covid-19.
90% reduction in reports
Joanne Lacey, chief operating officer of the MEF, said: “The industry has been able to support the UK Government’s campaign and demonstrate the vital role of messaging, not least in times of emergency and crisis.”
Mike Fell, head of cyber operations at HMRC, said: “This trial builds on the success of an HMRC pilot, conducted with telecoms providers, which resulted in a 90% reduction in reports of the most convincing HMRC-branded SMS scams.”
Other bodies taking part in the industry efforts to block scam texts include Mobile UK and the National Cyber Security Centre (NCSC).
Dr Ian Levy, technical director at the National Cyber Security Centre (NCSC), said: “We are pleased to be supporting this experiment, which is yielding promising results.”
Katy Worobec, managing director of economic crime at UK Finance, said: “We would urge consumers to be on their guard against criminals exploiting the Covid-19 outbreak to commit fraud.
“Always follow the advice of the Take Five To Stop Fraud campaign and avoid clicking on links in any unsolicited text messages in case it’s a scam.
“Remember, you can report suspicious texts by forwarding the original message to 7726, which spells SPAM on your keypad.”
Gareth Elliott, head of policy and communications at Mobile UK, said: “The contribution from the industry to the registry will help reduce the number of scam texts pretending to be from trusted brands. This gives much-needed protection against fraud, including for the most vulnerable customers.”
Paul Davis, retail fraud director at Lloyds Bank, said: “We have already seen some benefit as a result of fewer of these types of texts being sent, and right now, when fraudsters are trying as hard as they can to trick people into handing over their cash, it’s more important than ever to do everything we can to stay safe from scammers.
“Remember, if you’re not sure about an email or text message – do not reply, and delete it. And your bank will never ask for your personal details by text or to send any money.”
Written by James Orme Thu 23 Apr 2020
IoT Wed 6 Feb 2019IoT smartphone apps ripe for breaches, say researchers
Cloud Tue 14 Apr 2020Zoom users can now opt out of data routing through China
Cloud Mon 30 Mar 2020Hackers are spoofing Zoom domains to target remote workers