Covid-19 text message scams tackled by banking and mobile industries
Efforts to identify and block scam text messages pretending to be from trusted organisations during the coronavirus crisis are being stepped up.
The mobile phone and finance industries have joined forces to help tackle the problem of “spoofing”.
Spoofing techniques by criminals mean they can make text messages appear to be from a legitimate organisation, by changing the sender ID at the top of the text.
Texts may also be spoofed so that they appear in a chain of messages alongside previous legitimate ones.
Some may claim to offer “goodwill” payments from bodies such as HM Revenue and Customs (HMRC) and encourage recipients to click on links.
Our Managing Director of Economic Crime Katy Worobec said: “We would urge consumers to be on their guard against criminals exploiting the Covid-19 outbreak to commit fraud." https://t.co/ra2Hy4WOJGpic.twitter.com/e1IMkzQyMZ
— UK Finance (@UKFtweets) April 22, 2020
Trade association UK Finance, which is working with several other organisations, said a “white list” and a “blacklist” have been set up to thwart the scammers.
The white list, developed by the Mobile Ecosystem Forum (MEF), allows legitimate organisations to register and protect sender IDs used when sending texts.
This limits the ability of criminals to send messages using the same sender ID as a particular brand or government department, by first checking whether the sender is the genuine registered organisation.
UK Finance said 50 bank and government brands are currently being protected through the initiative, with 172 trusted sender IDs registered to date.
Meanwhile, the blacklist helps to block messages from sender IDs that have been used to send scam texts, or from potential sources that could be used to impersonate trusted brands and organisations in future.
More than 400 sender IDs have been identified so far on the blacklist, including 70 related to Covid-19.
Joanne Lacey, chief operating officer of the MEF, said: “The industry has been able to support the UK Government’s campaign and demonstrate the vital role of messaging, not least in times of emergency and crisis.”
We are aware of scammers claiming to be from HMRC offering financial support as a result of #coronavirus
If you receive an email, text or call claiming to be from us that asks you to click on a link or give information such as your name, credit card or bank details, it’s a scam. pic.twitter.com/CyQ36a099a
— HM Revenue & Customs (@HMRCgovuk) April 22, 2020
Mike Fell, head of cyber operations at HMRC, said: “This trial builds on the success of an HMRC pilot, conducted with telecoms providers, which resulted in a 90% reduction in reports of the most convincing HMRC-branded SMS scams.”
Other bodies taking part in the industry efforts to block scam texts include Mobile UK and the National Cyber Security Centre (NCSC).
Dr Ian Levy, technical director at the National Cyber Security Centre (NCSC), said: “We are pleased to be supporting this experiment, which is yielding promising results.”
Katy Worobec, managing director of economic crime at UK Finance, said: “We would urge consumers to be on their guard against criminals exploiting the Covid-19 outbreak to commit fraud.
“Always follow the advice of the Take Five To Stop Fraud campaign and avoid clicking on links in any unsolicited text messages in case it’s a scam.
“Remember, you can report suspicious texts by forwarding the original message to 7726, which spells SPAM on your keypad.”
Gareth Elliott, head of policy and communications at Mobile UK, said: “The contribution from the industry to the registry will help reduce the number of scam texts pretending to be from trusted brands. This gives much-needed protection against fraud, including for the most vulnerable customers.”
