UK industries unite to tackle SMS fraudsters exploiting COVID-19 text alerts

The UK mobile, banking and finance industries along with the National Cyber Security Centre (NCSC) have joined forces to prevent fraudsters sending scam text messages that seek to exploit the Covid-19 crisis.

The collaboration is part of an ongoing industry initiative by Mobile Ecosystem Forum (MEF), Mobile UK and UK Finance, supported by the NCSC, to help identify and block fraudulent SMS texts and protect messages from legitimate businesses and organisations.

Text messaging scams that trick consumers into sending money or sharing their account details with fraudsters are known as ‘Smishing’ (or phishing by SMS). Criminals send bogus texts which appear to come from a trusted sender, for example, in the case of the Government’s mass-text campaign UK_Gov.

These messages often contain links to fake websites or phone numbers using sophisticated social engineering techniques to trick the victim into revealing their personal and financial information or sending money. Criminals will also often use a technique called “spoofing”, which can make a message appear in a chain of texts alongside previous genuine messages from that organisation.

As part of the cross-stakeholder trial, MEF has developed the SMS SenderID Protection Registry which allows organisations to register and protect the message headers used when sending text messages to their customers. The Registry limits the ability of fraudsters to send messages impersonating a brand by checking whether the sender is the genuine registered party.

50 bank and Government brands are currently being protected through the trial with 172 trusted SenderIDs registered to date. Over 400 unauthorised variants are being blocked on an ever-growing blacklist, including 70 senderIDs relating to the Government’s Coronavirus campaign.

14 banks and Government agencies including HMRC and DVLA are participating in the ongoing trial which is supported by BT/EE, o2, Three and Vodafone.

The trial also has the support of the UK’s leading messaging providers including BT’s Smart Messaging Business, Commify, Dynamic Mobile Billing, Firetext, Fonix Mobile, HGC Global Communications Limited, IMImobile, mGage, OpenMarket, SAP Digital Interconnect a division of SAP, Sinch, TeleSign, Twilio and Vonage.

In the last six months, the cross-stakeholder working group has seen a significant drop in fraudulent messages being sent to the UK consumers of the participating merchants.

All stakeholders involved in business messaging have a responsibility to follow industry best practice and proactively work together to be one step ahead of the fraudsters. The SMS SenderID Protection Registry is a tactical solution to mitigate smishing and spoofing, backed by MEF’s A2P SMS Code of Conduct. Through the Registry, the industry has been able to support the UK Government’s campaign and demonstrate the vital role of messaging not least in times of emergency and crisis

Joanne Lacey, COO, MEF