SMS scam registry launches in Ireland to fight smishing and spoofing

7 Sep 2021

Image: © Wayhome Studio/Stock.adobe.com

The Mobile Ecosystem Forum’s SMS registry has been fighting smishing and spoofing scams in the UK with the help of major telecom providers.

In an effort to curb the spread of SMS scams affecting consumers and businesses, a new registry has been launched in Ireland.

The SMS SenderID Protection Registry from the Mobile Ecosystem Forum (MEF), which was developed and piloted in the UK, aims to reduce the impact of fraudulent SMS messages using unique sender IDs for trusted organisations.

By checking whether a user is authorised to use a certain sender ID, the registry can filter out fraudsters from genuine sources and block unauthorised users. This is to ensure SMS remains a trusted and safe channel, as many companies and government organisations still rely on the medium for communication.

The UK government’s revenue services and driver and vehicle licensing agency, among others, use the registry’s services, which are supported by major telecom providers such as BT, O2, Three and Vodafone.

In Ireland, the MEF said that its SMS protection registry will be supported by three mobile network operators, nine merchants, three government agencies, and banks, retailers and utilities. Its services are also being launched in Singapore and the organisation said that other countries are now showing interest.

“There are millions of faked SMS sent by fraudsters trying to steal passwords every day. We need to help consumers and organisations fight back,” said MEF CEO Dario Betti.

“Thanks to the collective efforts of the British mobile industry MEF has managed to show a way: a registry for SMS short-code names. The fight against fraudsters is a relentless one, it will never stop. But we are happy to celebrate one successful tool created in the UK.”

Smishing and spoofing

Smishing, or phishing by SMS, is when a fraudster purports to be a trusted sender of an SMS and attempts to extract valuable and sensitive information from a consumer in order to gain access to their data or money.

Similarly, spoofing is the process of pretending to be someone else by falsifying information on caller IDs such as display names or phone numbers.

In the UK, fraudsters pretending to represent the Royal Mail have been sending users SMS messages with requests for small payments in exchange for parcels.

The SMS is usually accompanied with a link to a fake Royal Mail website where users are asked to pay, falling prey to the smishing trap. These links can also contain harmful malware that can give the criminals access to sensitive information stored on phones.

In Ireland, similar messages about missed deliveries have been making rounds in the FluBot scam. The National Cyber Security Centre issued an alert earlier this year after receiving reports that malware which could allow criminals to steal personal data from mobile phones was affecting Android users in Ireland.

Vish Gain is a journalist with Silicon Republic

editorial@siliconrepublic.com