COVID-19 smishers,Mobile industries teams up

The UK’s mobile and finance industries have teamed up with GCHQ’s National Cyber Security Centre (NCSC) to better detect and block SMS phishing attempts designed to capitalize on the COVID-19 crisis.

Known as smishing, these attacks use similar social engineering and spoofing techniques as phishing emails but arrive as texts, tricking users into clicking on malicious links and/or divulging personal and financial information.

The current initiative is part of an ongoing NCSC-backed project by the Mobile Ecosystem Forum (MEF), Mobile UK and UK Finance centered around the MEF-developed SMS SenderID Protection Registry.

Organizations that sign up to the registry can protect their text message headers, making it difficult for fraudsters to impersonate their brand in fake SMS phishing attempts. The system will check to see if a message is being sent by a genuine organization and block it if not.

According to Mike Fell, head of cyber-operations at HM Revenue and Customs (HMRC), the current project builds on an HMRC trial which resulted in a 90% reduction in reports of the most convincing HMRC-branded SMS scams.

Some 50 banks and government organizations have signed up to have their text messages protected, with 172 SenderIDs registered to date. Over 400 unauthorized text variants are being blocked thus far, but the blacklist is growing all the time.

All of the UK’s major operators — BT/EE, O2, Three and Vodafone — have signed up, as have leading messaging providers including BT’s Smart Messaging Business, Commify, Firetext, Fonix Interactive, HGC Global Communications Limited, IMImobile, mGage, OpenMarket, SAP Digital Interconnect, Sinch, TeleSign, Twilio and Vonage.

“We are pleased to be supporting this experiment which is yielding promising results,” said NCSC technical director, Ian Levy. “The UK government’s recent mass-text campaign on COVID-19 has demonstrated the need for such industry collaboration in order to protect consumers from these kinds of scams.”

The news comes as the NCSC claimed an early win in its suspicious email reporting service which was officially launched this week

It said more than 80 malicious web campaigns were taken down in a day after 5000 suspicious emails were flagged to the automated service for investigation.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.