No, that’s not a typo. Smishing refers to phishing over SMS, which is apparently on the increase as SMS fraudsters seek to exploit COVID-19 text alerts.
A bunch of UK organizations, including the Mobile Ecosystem Forum (MEF), Mobile UK and UK Finance, are trialling a new system designed to protect people from this opportunistic foulness. The trial, which is supported by the NCSC, uses the SMS SenderID Protection Registry, which allows organisations to register and protect the message headers used when sending text messages to their customers.
“The SMS SenderID Protection Registry is a tactical solution to mitigate smishing and spoofing, backed by MEF’s A2P SMS Code of Conduct,” said MEF’s COO, Joanne Lacey. “Through the Registry, the industry has been able to support the UK Government’s campaign and demonstrate the vital role of messaging not least in times of emergency and crisis.”
“Mobile companies work hard to protect their customers from fraud and the contribution from the industry to the Registry will help reduce the number of scam texts pretending to be from trusted brands,” said Mobile UK’s Head of Policy & Communications, Gareth Elliott. “This gives much-needed protection against fraud, including for the most vulnerable customers.”
“This trial builds on the success of an HMRC pilot, conducted with telecoms providers, which resulted in a 90% reduction in reports of the most convincing HMRC-branded SMS scams,” said Mike Fell, Head of Cyber Operations HM Revenue and Customs. “We are happy to collaborate with MEF and partners to take forward our work to safeguard the UK public from such SMS-related scams.”
“We are pleased to be supporting this experiment which is yielding promising results,” said Dr Ian Levy, Technical Director at the NCSC. “The UK Government’s recent mass-text campaign on Covid-19 has demonstrated the need for such industry collaboration in order to protect consumers from these kinds of scams.”
50 bank and Government brands, including 14 banks and Government agencies including HMRC and DVLA, are currently participating in the trial with 172 SenderIDs registered so far. Over 400 unauthorised variants are being blocked on an ever-growing blacklist, including 70 senderIDs relating to the Government’s Coronavirus campaign. The UK’s four MNO’s are also supporting the scheme.