ACMA found Modica didn't have proper procedures to verify the legitimacy of text-based SMS sender IDs, which allowed scammers to reach many mobile users in Australia.Īlthough ACMA's code is useful, it's challenging to identify all A2P providers who aren't following it. In January, A2P texting solutions company Modica received a warning for failing to comply with the rules. The Reducing Scam Calls and Scam Short Messages Industry Code required providers to share threat intelligence about scams and report them to authorities. ![]() Last year the Australian Communications and Media Authority introduced new rules for the telecom industry to combat SMS scams by tracing and blocking them. Moreover, telecom providers generally can't block scam SMS messages due to how difficult it is to distinguish them from genuine messages. There are also no requirements for telecom companies to verify this. Web portals and apps offering A2P services generally don't do their due diligence and check whether a sender is the actual owner of the sender ID they're using. ![]() And, of course, they could still impersonate ANZ even if no previous legitimate thread existed, in which case it would show up in a new thread. In the example above, the scammer would have simply needed to write "ANZ" in the sender ID field for their fraudulent message to show up in the real message thread with ANZ. The problem with A2P messaging is that applications can be used to enter any text or number (or combination) in the sender ID field-and the recipient's phone uses this sender ID to group messages into threads. Peer-to-peer (P2P) is what most people use to send messages to friends and familyĪpplication-to-person (A2P) is a way for companies to send messages in bulk through the use of a web portal or application. The absence of the latter is the reason we see highly believable scams like the one below.Īn example of a scam SMS message ending up in a legitimate message thread. SMS is an older technology that lacks many modern security features, including end-to-end encryption and origin authentication (which lets you verify whether a message is sent by the claimed sender). One of the more concerning types of SMS scams is when fraudulent messages creep into legitimate message threads, making it difficult to differentiate between a legitimate service and a scam. What kinds of scams would the proposed registry help prevent? And is it too little, too late? Under this system, organizations that want to SMS customers will first have to register their sender ID with a government body. Last month, the federal government announced plans to fight SMS-based scams by implementing an SMS sender ID registry. ![]() These figures are probably much higher if you include unreported losses, as victims often won't speak up due to shame and social stigma. This year they've already reached A$4 million-more than the 2020 total. In 2022 SMS scam losses exceeded A$28 million, which is nearly triple the amount from 2021.
0 Comments
Leave a Reply. |