The UK mobile industry, banking and finance sector and the National Cyber Security Centre (NCSC) have joined forces to prevent criminals from sending scam text messages exploiting the Covid-19 crisis.
To date 50 brands and government organisations have been protected from being impersonated by criminals. Some 400 unauthorised sender IDs are being blocked to prevent them being used to send scam text messages mimicking trusted organisations.
The ongoing industry initiative by the Mobile Ecosystem Forum (MEF), Mobile UK and UK Finance, supported by the NCSC, is helping to identify and block the growing number of fraudulent SMS texts while also safeguarding messages from legitimate businesses and organisations.
According to UK Finance, the group that represents over 250 businesses in the financial sector, criminals are using advanced ‘spoofing’ techniques to make scam text messages appear more convincing. Sometimes criminals will change the sender ID that appears at the top of a text message to mimic a genuine brand or organisation and trick the recipient into believing it is legitimate.
For example, scam texts exploiting the government’s response to Covid-19 have been sent using +Gov_UK instead of the genuine UK_Gov. Criminals will also use technology to copy genuine sender IDs, making a fraudulent message appear in a chain of texts alongside previous genuine messages from that organisation.
As part of a cross-industry initiative, MEF has developed a white list, which allows organisations to register and protect the sender IDs used when sending out legitimate text messages. The registry limits the ability of criminals to send messages using the same sender ID as a particular brand or government department, by checking first whether the sender is the genuine registered party.
Fifty bank and government brands are currently being protected through the initiative with 172 trusted sender IDs registered to date.
A blacklist has been established to block messages from sender IDs that have been used to send scam texts, or from unauthorised variations that could be used to impersonate trusted brands and organisations in future. Over 400 sender IDs have been identified so far on the ever-growing blacklist, including 70 related to Covid-19.
Dr Ian Levy, Technical Director at the National Cyber Security Centre (NCSC), said: “We are pleased to be supporting this experiment, which is yielding promising results. The UK Government’s recent mass-text campaign on Covid-19 has demonstrated the need for such industry collaboration in order to protect consumers from these kind of scams.”
Katy Worobec, Managing Director of Economic Crime at UK Finance, said: “Banks are joining forces with other industries and law enforcement to protect the public from cruel coronavirus scams. We would urge consumers to be on their guard against criminals exploiting the Covid-19 outbreak to commit fraud.
Always follow the advice of the Take Five to Stop Fraud campaign and avoid clicking on links in any unsolicited text messages in case it’s a scam. Remember you can report suspicious texts by forwarding the original message to 7726, which spells SPAM on your keypad.”
Gareth Elliott, Head of Policy and Communications at Mobile UK, added: “Mobile companies work hard to protect their customers from fraud and the contribution from the industry to the Registry will help reduce the number of scam texts pretending to be from trusted brands. This gives much-needed protection against fraud, including for the most vulnerable customers.”