The SMS SenderID Protection Registry, developed by the Mobile Ecosystem Forum (MEF) with the backing of the UK government’s National Cyber Security Centre (NCSC), allows organisations to register and protect the message headers used when sending text messages to their customers.
Katy Worobec (pictured), managing director of economic crime at UK Finance, one of MEF’s partners in the project, said: “This initiative shows how by working together with the government, law enforcement and other sectors, we are protecting the public from these cruel scams.”
Dr Ian Levy, technical director at the NCSC, said: “We are pleased to be supporting this experiment which is yielding promising results. The UK government’s recent mass-text campaign on Covid-19 has demonstrated the need for such industry collaboration in order to protect consumers from these kind of scams.”
Their trial is designed to check whether the registry limits the ability of fraudsters to send messages impersonating a brand by checking whether the sender is the genuine registered party.
As well as NCSC and UK Finance, MEF – the mobile industry organisation, not the Metro Ethernet Forum, which uses the same abbreviation – is working with Mobile UK to help identify and block fraudulent SMS texts and protect messages from legitimate businesses and organisations.
Telcos taking part include BT’s EE, Telefónica’s O2, Three and Vodafone, as well as a number of telecoms and messaging companies, such as HGC Global Communications, Twilio and Vonage.
Gareth Elliott, Mobile UK’s head of policy and communications, said: “Mobile companies work hard to protect their customers from fraud and the contribution from the industry to the registry will help reduce the number of scam texts pretending to be from trusted brands.”
NSCS and others believe that Coronavirus has given fraudsters an opportunity to launch smishing – phishing by SMS – attacks, by sending bogus texts that appear to come from a trusted sender.
MEF warns that these messages often contain links to fake websites or phone numbers, and use social engineering techniques to trick the victim into revealing their personal and financial information or sending money.