What are mobile networks doing to stop smishing?

If you’ve ever received an unsolicited spam email claiming to be from a service provider or reputable business, you’ve experienced an attempted smishing campaign.

Historically, email was used to distribute bulk messages that attempt to trick people into surrendering personal information, or compromising the safety of their devices.

Yet our growing reliance on smartphones has seen the SMS message being adopted by increasing numbers of cybercriminals.

That explains the use of the term SMiShing to describe this regrettable phenomenon.

We published an article about smishing – and its cousin vishing – last year.

Since then, surveys suggest almost 85 per cent of businesses have faced smishing attacks.

The Covid-19 outbreak (and subsequent lockdown) was an ideal opportunity for heartless criminals to trick frightened people into following instructions in fraudulent text messages.

So what are the UK’s mobile networks doing to try and stop smishing? And is this something they can realistically stamp out?

An industry-wide collaboration

A trial has been underway for over a year to develop a registry of SMS senders.

The UK’s four big mobile networks are working alongside the UK Government, the National Cyber Security Centre and key clients in the banking and finance sectors.

These collective efforts are focused on developing a system which pre-emptively identifies and blocks fraudulent SMS texts.

Legitimate organisations can register the message headers used to distribute authentic texts, ensuring these communications are being sent by the people claiming to be behind them.

Think of it as a text version of Twitter’s blue tick, indicating verified accounts.

Hundreds of trusted SenderID accounts have been established, including the endlessly-impersonated HMRC and DVLA branches of government.

At the same time, hundreds of fraudulent impersonators (including many attempting to cash in on coronavirus confusion) have been added to a blacklist.

Statistics earlier this year indicated early success in attempts to stop smishing campaigns, with a ‘significant drop’ being reported in fraudulent message distribution and receipt.

HMRC has seen a 90 per cent reduction in SMS scams involving its name and logo, which will add legitimacy to genuine texts sent from Revenue and Customs departments in future.

Do I need to do anything?

In terms of the campaign itself, no.

The mobile networks and related bodies are collaboratively developing the SMS SenderID Protection Registry to stop smishing.

No consumer input is currently required, though unsolicited SMS messages should still be immediately forwarded onto 7726 – the numbers spelling SPAM on a numeric keypad.

Every time a smishing campaign is flagged up, it reduces the likelihood of other victims being ensnared in future.

If you’re not sure whether a message is genuine or fraudulent, take a moment to consider whether the sender has a valid reason to be in touch.

If there are weblinks, proceed with extreme caution, and never ring a phone number from an SMS link. Google it and call the company directly, in case the number is bogus.