Banks and mobile phone companies unite to tackle SMS scams

The UK mobile industry, banking and finance sector and the government’s National Cyber Security Centre (NCSC) have united to tackle criminals sending scam text messages exploiting the coronavirus pandemic.

As part of the cross-industry initiative, the Mobile Ecosystem Forum (MEF) has developed a “white list” which allows businesses and organisations to register and protect their sender IDs when sending out real text messages.

This makes it harder for criminals to send messages using the same sender ID as a particular brand or government department, by checking first whether the sender is the genuine registered party.

Some 50 bank and government brands are currently safeguarded as part of the initiative with 172 trusted sender IDs registered.

A blacklist has also been created to block fraudulent messages from sender IDs that have been used to send scam texts, or from unauthorised variations that could be used to impersonate trusted brands and organisations in future.

Over 400 sender IDs have been identified so far, including 70 related to coronavirus scams.

Criminals can utilise advanced techniques known as “spoofing” to make scam text messages appear more real. This includes changing the sender ID that appears at the top of a text message to mimic a genuine brand or organisation and trick the recipient into believing it is legitimate.

Scam texts taking advantage of the coronavirus pandemic have been sent by scammers pretending to be the UK government using the sender ID “+Gov_UK” instead of the genuine “UK_Gov”.

Mike Fell, head of cyber operations HM Revenue and Customs, said: “This trial builds on the success of an HMRC pilot, conducted with telecoms providers, which resulted in a 90% reduction in reports of the most convincing HMRC-branded SMS scams. We are happy to collaborate with MEF and partners to take forward our work to safeguard the UK public from such SMS-related scams.”

Criminals can also use technology to copy genuine sender IDs, enabling them to send a fraudulent message within a chain of texts alongside previous genuine messages from a legitimate organisation.

The move to tackle coronavirus-related scam messages comes as part of an ongoing industry initiative by the MEF, Mobile UK and UK Finance, supported by the NCSC.

Ian Levy, technical director at the NCSC, said: “We are pleased to be supporting this experiment which is yielding promising results. The UK government’s recent mass-text campaign on COVID-19 has demonstrated the need for such industry collaboration in order to protect consumers from these kind of scams.”

Gareth Elliott, head of policy and communications at Mobile UK, said: “Mobile companies work hard to protect their customers from fraud and the contribution from the industry to the Registry will help reduce the number of scam texts pretending to be from trusted brands. This gives much-needed protection against fraud, including for the most vulnerable customers.”

Katy Worobec, managing director of economic crime at UK Finance, advised people to avoid clicking on links in any unsolicited text messages in case it’s a scam. She said: “Remember you can report suspicious texts by forwarding the original message to 7726, which spells SPAM on your keypad.”