UK Finance revealed that in the UK there were 43,875 reported cases of authorised push payment scams in 2018. These scams involve criminals tricking consumers into authorising payments to them by sending them messages pretending to be from their bank.
The fraudulent message will often claim that the recipient’s savings are at risk and they have to call a number provided immediately. The number really belongs to a scammer or a scam call centre where they trick the caller into providing their financial information – bank details, address etc. and then steal whatever money they can get their hands on, plus they sell the details to other criminals.
Losses due to unauthorised fraud totalled almost £732 million in 2018 and further £236 million lost to authorised push payment scams.
In order to prevent millions of their customers from falling victim to these text message based phishing scams, the mobile networks EE, O2, Three and Vodafone have a new initiative called SMS PhishGuard. This is led by Mobile UK, Mobile Ecosystem Forum and UK Finance.
EE, O2, Three and Vodafone have joined forces to combat SMS-based phishing attacks, with key objectives of
- raising awareness of phishing by SMS
- reducing the number of phishing attacks by SMS
- Making it easy for consumers to report any such attacks..
Starting with the banking industry and UK Government agencies, a new SMS SenderID Protection Registry scheduled will be jointly established by MEF (Mobile Ecosystem Forum), a cross-network initiative, to allow participants to register and protect the message headers they use in SMS communications to consumers. This initiative will widen to all merchants and other public sector bodies that use named SMS messages.
This new Registry will significantly reduce the ability for criminals to send fraudulent messages impersonating a bank or similar organisation, by checking whether the sender using that sender ID is the genuine registered party and will block any messages that are fraudulent.
Essentially, the mobile networks will block any attempt to send a text from that number that doesn’t come from the bank. The register will be widened to other sectors after the banking industry.
Do you have an opinion on this matter? Please comment in the box below.