The battle against fraudsters
We are proud to announce that we have joined a group of UK mobile, banking, and finance companies to prevent fraudsters from sending scam text messages that attempt to exploit the COVID-19 crisis.
The collaboration, which also includes the National Cyber Security Centre (NCSC), is part of an ongoing industry initiative by the Mobile Ecosystem Forum, Mobile UK and UK Finance, to help identify and block fraudulent SMS messages and protect legitimate businesses and organisations.
Text messaging scams that trick consumers into sending money or sharing their account details with fraudsters are known as 'Smishing' (or phishing by SMS). Criminals send bogus texts which appear to come from a trusted sender, for example, in the case of the Government's mass-text campaign UK_Gov.
These messages often contain links to fake websites or phone numbers using sophisticated social engineering techniques to trick the victim into revealing their personal and financial information or sending money. Criminals will also often use a technique called "spoofing", which can make a message appear in a chain of texts alongside previous genuine messages from that organisation.
As part of the cross-stakeholder trial, MEF has developed the SMS SenderID Protection Registry which allows organisations to register and protect the message headers used when sending text messages to their customers. The Registry limits the ability of fraudsters to send messages impersonating a brand by checking whether the sender is the genuine registered party.
50 bank and Government brands are currently being protected through the trial with 172 trusted SenderIDs registered to date. Over 400 unauthorised variants are being blocked on an ever-growing blacklist, including 70 senderIDs relating to the Government's Coronavirus campaign. 14 banks and Government agencies including HMRC and DVLA are participating in the ongoing trial which is supported by BT/EE, O2, Three, and Vodafone.
In the last six months, the group has seen a significant drop in fraudulent messages being sent to the UK consumers of the participating merchants.
Here is an example text message sent using the senderID 'coronavirus'.
You can find the original article, with quotes from industry leaders, on the Mobile Ecosystem Forum.