The UK’s MEF Registry launches in Ireland and Singapore – significantly reducing the impact of Smishing & Spoofing by SMS
The Mobile Ecosystem Forum’s SMS Protection Registry, which was developed and piloted in the UK, is now being launched in Ireland and Singapore.
The Registry significantly reduces the impact of Smishing & Spoofing by SMS. In the UK, many major banks and Government brands are currently being protected with 352 trusted SenderIDs registered to date. Over 1500 unauthorised variants are being blocked on an ever-growing list, including 300 senderIDs relating to the Government’s Coronavirus campaign.
Government agencies, including HMRC and DVLA, are participating in this ecosystem wide anti-fraud solution which is supported by BT/EE, O2, Three and Vodafone, along with the UK’s leading message providers including BT’s Smart Messaging Business, Commify, Dynamic Mobile Billing, Firetext, Fonix Mobile, IMImobile, Infobip/OpenMarket, mGage, Reach-Interactive, Sinch, TeleSign, Twilio and Vonage.
The cross-stakeholder working group has seen a significant drop in fraudulent messages being sent to the UK consumers of the participating merchants.
Following the success in the UK, The Ireland SMS SenderID Protection Registry is being launched with the support of all three Mobile Network Operators, nine Merchants, three major Government agencies, Banks, Retailers and Utilities.
The Registry is also launching in Singapore as The Singapore SMS SenderID Protection Registry. With strong interest from numerous other territories, MEF expects new Registries will soon follow.
“There are millions of faked SMS sent by fraudsters trying to steal passwords every day. We need to help consumers and organisations fight back. Thanks to the collective efforts of the British mobile industry MEF has managed to show a way: a Registry for SMS short-code names. The fight against fraudsters is a relentless one, it will never stop. But we are happy to celebrate one successful tool created in the UK.” said Dario Betti, CEO of the Mobile Ecosystem Forum.
MEF’s SMS Protection Registry reduces the ability for fraudsters to send messages impersonating a brand in the message header, by checking whether the sender using that sender ID is authorised by the merchant/brand. If not, messages from this route are blocked as fraudulent, ensuring SMS remains a trusted communication channel for brands and consumers alike.
Sender IDs set up by fraudsters made up of misspellings and special characters aimed at impersonating a merchant or brand are also blocked via a ‘denied list’ circulated to messaging partners.
Text messaging scams, which trick consumers into sending money or sharing their account details with fraudsters, are known as ‘Smishing’ (or phishing by SMS). Criminals send bogus texts which appear to come from a trusted sender.
MEF’s SMS Protection Registry was established to automate cross-stakeholder processes, allowing reliable and fast sharing of information to facilitate an orchestrated blocking system.
The online Registry platform helps identify and block fraudulent SMS texts, protecting consumers, legitimate businesses and organisations falling victim to text messaging scams.
It enables organisations to register the sender IDs/message headers used when sending text messages to their customers. This limits the ability of fraudsters to impersonate a brand, as the Registry automatically checks whether the sender is the genuine authorised party.
Sometimes fraudsters create an exact copy or ‘spoof’ of a genuine merchant sender ID. These messages, when received by consumers, can be placed into existing message threads or conversations from the same target merchant on the customers smartphone – giving more credibility to the fraudulent message. The Registry works to reduce spoofing by registering the legitimate and authorised message sources.
Aside from using the Wholesale Messaging (Aggregator) delivery channels operated by Mobile Network Operates, scammers also send messages in bulk using ‘SIM farms’ that utilise normal SIM cards as used in mobile phones. These SIM farms are devices that operate several SIM cards at a time and can be programmed to exploit the ‘Unlimited Text’ capabilities offered on consumer tariffs – despite being in breach of the T&Cs of use for such consumer offerings. Messages sent from these devices can be easily identified and blocked by the Registry as they always originate from a regular mobile number rather a merchant/brand using alphabetic characters.
One of the most common scams over the last few months has been fake text messages pretending to be from Royal Mail. The message usually requests a small payment for a parcel to be delivered, with a link to a copycat Royal Mail website where victims are then asked to give their bank details.
These fake texts can also spread harmful malware, which once downloaded, gives the fraudster access to sensitive information on your device.
With the Mobile Ecosystem Forum’s SMS Protection Registry, everything stays the same for the consumer – all that changes is the reduction on Smishing texts. There are no additional steps for consumers to take, however consumers are strongly advised to stay vigilant and to react only to texts if they are expecting to be contacted, for example, you’ve just requested a one-time-PIN.
Consumers should be particularly wary of clicking on embedded links within texts and should contact their bank/merchant via the contact number on the back of their card if they are in any doubt before reacting to a text request.
Whilst the brands (such as postal services) suffer adverse PR, the Banking groups often bear the brunt of the financial losses experienced by consumers, as well as the adverse PR. Hence by reducing smishing the Registry provides benefits for many merchants, as well as consumers.