Goodbye smishing? SMS crackdown should stop you getting fake messages

Mobile industry, banks and NCSC collaborate on SMS SenderID Protection Registry - which has already stopped at least 70 COVID-19 SMS scams from being sent.
Written by Danny Palmer, Senior Writer

As cyber criminals continue to exploit the coronavirus outbreak for their own gain, the UK's mobile and banking industries have teamed up with the National Cyber Security Centre (NCSC) to prevent fraudsters sending scam text messages attempting to exploit the crisis.

Text messaging scams – also known as smishing – see scammers attempt to trick people into sharing passwords and account details with fraudsters or even sending them money.

These fake messages, which can be sent via SMS or other communications platforms, often claim to come from medical bodies or governments issuing advice about COVID-19 – but if the user clicks the link, they could soon find that their personal details or finances are stolen.

SEE: Cybersecurity: Let's get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)

It's estimated that over £2million has been lost to coronavirus-related scams in recent months. Scammers are doing this because they know that the government is sending out messages, so people might be more likely to trust unexpected texts that are spoofed to look like they come from the authorities.

Now a collaboration between trade bodies Mobile Ecosystem Forum (MEF), Mobile UK and UK Finance, supported by the NCSC, is looking to protect the public from smishing attacks, with over 400 variants of scams blocked so far – including 70 relating to coronavirus.

The SMS SenderID Protection Registry allows organisations to register and protect the message headers used when sending messages to customers.

By registering with the registry, it limits the ability of fraudsters to send messages claiming to be that brand, as it will check to see if the sender is the genuine registered party. If it isn't, the message won't be sent – protecting potential victims from falling for an attack before it even arrives in their inbox.

A total of 14 banks and government agencies including HMRC and the DVLA are participating in the trial, which is supported by major mobile networks in the UK – EE, O2, Three and Vodafone. It also has the support of many in the telecoms industry – including BT – as well as the NCSC.

SEE: Coronavirus-themed phishing attacks and hacking campaigns are on the rise

"We are pleased to be supporting this experiment which is yielding promising results. The UK Government's recent mass-text campaign on COVID-19 has demonstrated the need for such industry collaboration in order to protect consumers from these kind of scams," said Dr Ian Levy, technical director at the NCSC, the cyber arm of GCHQ.

As part of the safety campaign, people are also reminded to take heed of the Take Five to Stop Fraud campaign and to remain vigilant against criminals attempting to exploit coronavirus by impersonating trusted organisations via text message.

People are urged to take a moment to think about if parting with money or information will help keep them safe and to be sceptical of any demand that seems unnecessarily urgent. People are also urged to contact their banks if they believe they've fallen victim to fraud.

The announcement of of a clampdown on smishing comes the day after the NCSC urged people to forward phishing emails to them in order to help take down cyber criminals running coronavirus scam websites.


Editorial standards