News | 28 Apr 2020

Beware COVID-19 ‘smishing’ text message scams

The UK mobile, banking and finance industries, along with the National Cyber Security Centre (NCSC), have joined forces to prevent fraudsters sending Covid-19-related scam text messages.

The text message scam, that involves fraudsters trying to trick consumers into sending money or sharing their account details, is known as ‘smishing’ (phishing by SMS).

Bogus texts usually encourage recipients to click on a link to a fake website, or to ring a dodgy number, in the hope of gleaning valuable personal data or cash payments.

There was a big spike in smishing texts immediately after the Government’s mass UK_Gov text campaign in March that asked people to self-isolate and stay indoors.

People received texts purporting to come from the Government but the address would be slightly changed – the underscore would be a hyphen, for example, lower case letters changed to upper case, or the letter “o” changed to the number zero, says Ali Khamis, Vodafone UK’s senior manager for Converged Core Operations.

“These scammers are very clever. Typically a scam text will tell you you’re entitled to benefits, a tax rebate, or that you have to pay a fine for breaking the Government’s social isolation rules,” he tells Vodafone UK News.

“But within 24 hours we were spotting and blocking the bad messages.”

Protecting brands

The Mobile Ecosystem Forum, Mobile UK and UK Finance, supported by the NCSC, have developed an SMS SenderID Protection Registry that enables organisations to register and protect the message headers used when sending text messages to their customers.

The Registry limits the ability of fraudsters to send messages impersonating a brand by checking whether the sender is the genuine registered party.

So far…

  • 50 bank and Government brands are being protected through the trial
  • 172 trusted SenderIDs have been registered to date
  • more than 400 unauthorised variants have been blocked (70 relating to the Government’s Coronavirus campaign)
  • 14 banks and Government agencies participating in the trial
  • supported by BT/EE, O2, Three and Vodafone, as well as UK’s leading messaging providers.

“Mobile companies work hard to protect their customers from fraud and the contribution from the industry to the Registry will help reduce the number of scam texts pretending to be from trusted brands,” said Gareth Elliott, Head of Policy & Communications for Mobile UK, the trade association for the UK’s mobile network operators.

“This gives much-needed protection against fraud, including for the most vulnerable customers.”

If you think you’ve been targeted by a fraudulent text message, forward it to 7726. And for advice on how to spot and prevent fraud, visit the Take Five to Stop Fraud website.