Banking and mobile industries unite to tackle Covid-19 text message scams

  • Covid-19 scam text messages blocked by ongoing initiative from mobile industry and banking sector
  • 50 genuine brands and government organisations protected from being impersonated by criminals
  • 400 unauthorised sender IDs are being blocked to prevent them being used to send scam text messages mimicking trusted organisations

The UK mobile industry, banking and finance sector and the National Cyber Security Centre (NCSC) have joined forces to prevent criminals from sending scam text messages exploiting the Covid-19 crisis.

The ongoing industry initiative by the Mobile Ecosystem Forum (MEF), Mobile UK and UK Finance, supported by the NCSC, is helping to identify and block fraudulent SMS texts and safeguard messages from legitimate businesses and organisations.

Criminals will use advanced techniques known as 'spoofing? to make scam text messages appear more convincing. Sometimes criminals will change the sender ID that appears at the top of a text message to mimic a genuine brand or organisation and trick the recipient into believing it is legitimate. For example, scam texts exploiting the government's response to Covid-19 have been sent using +Gov_UK instead of the genuine UK_Gov. Criminals will also use technology to copy genuine sender IDs, making a fraudulent message appear in a chain of texts alongside previous genuine messages from that organisation.

As part of a cross-industry initiative, MEF has developed a ?white list?4 which allows organisations to register and protect the sender IDs used when sending out legitimate text messages. The registry limits the ability of criminals to send messages using the same sender ID as a particular brand or government department, by checking first whether the sender is the genuine registered party. 50 bank and government brands are currently being protected through the initiative with 172 trusted sender IDs registered to date

A blacklist has been established to block messages from sender IDs that have been used to send scam texts, or from unauthorised variations that could be used to impersonate trusted brands and organisations in future. Over 400 sender IDs have been identified so far on the ever-growing blacklist, including 70 related to Covid-19.

 Dr Ian Levy, Technical Director at the National Cyber Security Centre (NCSC), said:

We are pleased to be supporting this experiment which is yielding promising results. The UK Government's recent mass-text campaign on Covid-19 has demonstrated the need for such industry collaboration in order to protect consumers from these kind of scams.

Katy Worobec, Managing Director of Economic Crime at UK Finance, said:

Banks are joining forces with other industries and law enforcement to protect the public from cruel coronavirus scams. We would urge consumers to be on their guard against criminals exploiting the Covid-19 outbreak to commit fraud. Always follow the advice of the Take Five to Stop Fraud campaign and avoid clicking on links in any unsolicited text messages in case it's a scam. Remember you can report suspicious texts by forwarding the original message to 7726, which spells SPAM on your keypad.

Gareth Elliott, Head of Policy and Communications at Mobile UK, said:

Mobile companies work hard to protect their customers from fraud and the contribution from the industry to the Registry will help reduce the number of scam texts pretending to be from trusted brands. This gives much-needed protection against fraud, including for the most vulnerable customers.

Mike Fell, Head of Cyber Operations HM Revenue and Customs, said:

This trial builds on the success of an HMRC pilot, conducted with telecoms providers, which resulted in a 90% reduction in reports of the most convincing HMRC-branded SMS scams. We are happy to collaborate with MEF and partners to take forward our work to safeguard the UK public from such SMS-related scams.

Joanne Lacey, Chief Operating Officer of the Mobile Ecosystem Forum, said:

All stakeholders involved in business messaging have a responsibility to follow industry best practice and proactively work together to be one step ahead of the fraudsters. The SMS SenderID Protection Registry is a tactical solution to mitigate smishing and spoofing, backed by MEF's A2P SMS Code of Conduct. Through the Registry, the industry has been able to support the UK government's campaign and demonstrate the vital role of messaging not least in times of emergency and crisis.

For more information please contact:

UK Finance press office ? 020 7416 6750 or email press@ukfinance.org.uk

UK Finance is the collective voice for the banking and finance industry. Representing more than 250 firms across the industry, we act to enhance competitiveness, support customers and facilitate innovation. For more information please call the UK Finance press office on 020 7416 6750 or email press@ukfinance.org.uk

Mobile Ecosystem Forum (MEF) ? Steve Green, GiantPR, +44 07775 677101; steve@giantpr.co.uk

The Mobile Ecosystem Forum (MEF) is a global trade body established in 2000 and headquartered in the UK, MEF has members across Africa, Asia, Europe, North and Latin America. As the voice of the mobile ecosystem MEF drives cross-industry best practices focused on anti-fraud and monetisation.

Mobile UK press office  - Gareth Elliott, Head of Policy and Communications, Tel: 07887 911 076 or email press@mobileuk.org

Mobile UK is the trade association for the UK's mobile network operators - BT/EE, O2, Three and Vodafone. Our goal is to realise the power of mobile to improve the lives of our customers and the prosperity of the UK as a whole.

Area of expertise:

Notes to editor

<ol><li>In a technique known as ?<strong>smishing?</strong> (phishing by text), criminals will send out bogus text messages impersonating a trusted organisation such as a government department or a bank. Often these messages will contain links to fake websites designed to trick people into giving away their money or their personal and financial information. A number of these scams have been sent in recent weeks exploiting Covid-19, offering payments related to the coronavirus outbreak or claiming to be issuing fines. Images of recent Covid-19 text message scams are available on request.</li>
<li value="2">A <strong>Sender ID</strong> is a unique name or standard mobile number that shows in the ?from? field of a text messages on someone?s phone.</li>
<li value="3">The <strong>SMS SenderID Protection Registry</strong> is part of an industry working group <a href="https://mobileecosystemforum.com/2018/11/27/sms-senderid-protection-reg… in late 2018</a> that developed the Registry which the banks and Government agencies have been trialling since July 2019. 14 banks and Government agencies including HMRC and DVLA are participating in the ongoing initiative which is supported by BT/EE, o2, Three and Vodafone. It also has the support of the UK?s leading messaging providers including BT?s Smart Messaging Business, Commify, Dynamic Mobile Billing, Firetext, Fonix Mobile, HGC Global Communications Limited, IMImobile, mGage, OpenMarket, SAP Digital Interconnect a division of SAP, Sinch, TeleSign, Twilio and Vonage. In the last six months, the cross-stakeholder working group has seen a significant drop in fraudulent messages being sent to the UK consumers of the participating merchants.</li>
<li value="4">Advice on how the public can protect themselves from Covid-19 related fraud and scams is available from the <a href="https://takefive-stopfraud.org.uk/">Take Five to Stop Fraud</a> campaign. Customers can report suspected scam texts to their mobile network provider by forwarding them to 7726.  Criminals are experts at impersonating people, organisations and the police, and so customers are reminded to:</li>
</ol><ul><li><strong>Stop</strong>: Taking a moment to stop and think before parting with your money or information could keep you safe.</li>
<li><strong>Challenge</strong>: Could it be fake? It?s ok to reject, refuse, or ignore any requests. Only criminals will try to rush or panic you.</li>
<li><strong>Protect</strong>: Contact your bank immediately if you think you?ve fallen for a scam and report it to Action Fraud.</li>
</ul><p style="margin-left:72.0pt;"> </p>