News

April 22, 2020

Industries unite to tackle SMS fraudsters exploiting COVID-19 text alerts

sms messaging

The UK mobile, banking and finance industries along with the National Cyber Security Centre (NCSC) have joined forces to prevent fraudsters sending scam text messages that seek to exploit the Covid-19 crisis.

The collaboration is part of an ongoing industry initiative by Mobile Ecosystem Forum (MEF), Mobile UK and UK Finance, supported by the NCSC, to help identify and block fraudulent SMS texts and protect messages from legitimate businesses and organisations.

Text messaging scams which trick consumers into sending money or sharing their account details with fraudsters are known as ‘Smishing’ (or phishing by SMS). Criminals send bogus texts which appear to come from a trusted sender, for example, in the case of the Government’s mass-text campaign UK_Gov.

These messages often contain links to fake websites or phone numbers using sophisticated social engineering techniques to trick the victim into revealing their personal and financial information or sending money. Criminals will also often use a technique called “spoofing”, which can make a message appear in a chain of texts alongside previous genuine messages from that organisation. 

As part of the cross-stakeholder trial, MEF has developed the SMS SenderID Protection Registry which allows organisations to register and protect the message headers used when sending text messages to their customers. The Registry limits the ability of fraudsters to send messages impersonating a brand by checking whether the sender is the genuine registered party.

50 bank and Government brands are currently being protected through the trial with 172 trusted SenderIDs registered to date. Over 400 unauthorised variants are being blocked on an ever-growing blacklist, including 70 senderIDs relating to the Government’s coronavirus campaign.

14 banks and Government agencies including HMRC and DVLA are participating in the ongoing trial which is supported by BT/EE, O2, Three and Vodafone.

The trial also has the support of the UK’s leading messaging providers including BT’s Smart Messaging Business, Commify, Firetext, Fonix Interactive, HGC Global Communications Limited, IMImobile, mGage, OpenMarket, SAP Digital Interconnect a division of SAP, Sinch, TeleSign, Twilio and Vonage.

In the last six months, the cross-stakeholder working group has seen a significant drop in fraudulent messages being sent to the UK consumers of the participating merchants.

Dr Ian Levy, Technical Director at the NCSC, said: “We arepleased to be supporting this experiment which is yielding promising results. The UK Government’s recent mass-text campaign on Covid-19 has demonstrated the need for such industry collaboration in order to protect consumers from these kind of scams.”

Mobile UK’s Head of Policy & Communications, Gareth Elliott added that “Mobile companies work hard to protect their customers fromfraud and the contribution from the industry to the Registry will help reduce the number of scam texts pretending to be from trusted brands. This gives much-needed protection against fraud, including for the most vulnerable customers.”

As part of the Coronavirus campaign, consumers have also been reminded to follow the advice of the Take Five to Stop Fraud campaign and remember that criminals are experts at impersonating people, organisations and the police. Customers can report suspected spam text texts to their mobile network provider by forwarding them to 7726.

Katy Worobec, Managing Director of Economic Crime at UKFinance, said: “This initiative shows how by working together with the government, law enforcementand other sectors, we are protecting the public from these cruel scams. We would urge consumers to remain vigilant of criminals exploiting the Covid-19 outbreak to commit fraud and report suspicious texts by forwarding the original message to 7726, which spells SPAM on your keypad. Always follow the advice of the Take Five to Stop Fraud campaign and avoid clicking on links in any unsolicited text messages in case it’s a scam.”

Mike Fell, Head of Cyber Operations HM Revenue and Customs, who were one of the first Government agencies to report Covid-19 text scams said: “This trial builds on the success of an HMRC pilot, conducted with telecoms providers, which resulted in a 90% reduction in reports of the most convincing HMRC-branded SMS scams. We are happy to collaborate with MEF and partners totake forward our work to safeguard the UK public from such SMS-related scams.”

MEF’s COO, Joanne Lacey summarised: “All stakeholders involved in business messaging have a responsibility to follow industry best practice and proactively work together to be one step ahead of the fraudsters. The SMS SenderID Protection Registry is a tactical solution to mitigate smishing and spoofing, backed by MEF’s A2P SMS Code of Conduct. Through the Registry, the industry has been able to support the UK Government’s campaign and demonstrate the vital role of messaging not least in times of emergency and crisis.”

Notes to Editors

  1. The SMS SenderIDProtection Registry is part of an industry working group established in late 2018 that established the Registry which the banks and NCSC have been trialling since July 2019
  2. https://mobileecosystemforum.com/2018/11/27/sms-senderid-protection-registry-announced/
  3. https://www.mobileuk.org/news/sms-phishguard-upping-the-ante-in-the-fight-against-fraud
  4. https://mobileecosystemforum.com/2020/02/11/case-study-industry-collaboration-to-combat-smishing/
  5. Take Five is a national campaign led by UK Finance that offers straight-forward and impartial advice tohelp everyone protect themselves from preventable financial fraud. Thisincludes email deception and phone-based scams as well as online fraud –particularly where criminals impersonate trusted organisations -https://takefive-stopfraud.org.uk/

About Mobile Ecosystem Forum

MEF is a global trade body established in 2000 and headquartered in the UK, MEF has members across Africa, Asia, Europe, North and Latin America. As the voice of the mobile ecosystem MEF drives cross-industry best practices focused on anti-fraud and monetisation. The Forum provides its members with global and cross-sector platforms for networking, collaboration and advancing industry solutions. The goal is to accelerate the growth of a sustainable mobile ecosystem that delivers trusted mobile services.

MEF – Steve Green, Giant PR, +44 07775677101; steve@giantpr.co.uk

About UK Finance

UK Finance is the collective voice for the banking and finance industry. Representing more than 250 firms across the industry, we act to enhance competitiveness, support customers and facilitate innovation.

UK Finance press office on 020 7416 6750 or email press@ukfinance.org.uk  

About Mobile UK

Mobile UK is the trade association for the UK’s mobile network operators - BT/EE, O2, Three and Vodafone. Our goal is to realise the power of mobile to improve the lives of our customers and the prosperity of the UK as a whole.

Gareth Elliott, Head of Policy and Communications, Tel: 07887 911 076 or email press@mobileuk.org

About Building Mobile Britain

Building Mobile Britain logo

Building Mobile Britain is a campaign created by Mobile UK seeking to work with national and local government, as well as interested industry groups to overcome the challenges we face with expanding the existing mobile networks, while also developing innovative services for customers.

See here for further information - or #BuildingMobileBritain

Media Contacts

Gareth Elliott
Head of Policy and Communications
Tel: 07887 911 076
Email: press@mobileuk.org

< View all news items