While many of you will be muttering under your breath that you’d never fall for such an obvious scam, my own experience proves that it can in fact be remarkably easy to be fooled. As I waited for a parcel from Royal Mail several months ago, I quickly scanned my incoming messages having exited a meeting and (being on automatic pilot) clicked a link in an SMS purporting to be from Royal Mail without thinking. Timing was as much to play here as anything else, but it does illustrate how Smishing is a successful tactic by fraudsters in duping unsuspecting mobile subscribers. I hasten to add I didn’t suffer any losses other than my own embarrassment in having been fooled.
Smishing has been around for many years, but recently it’s seen a stratospheric rise driven in part to the global pandemic. You only need to do a quick Google News search to get an idea of the scale of a global problem that results in huge financial losses, invasions of privacy, and increasingly damages to businesses. So, despite the coverage these scams are getting in the media, and the losses incurred by them, why have Telco’s largely failed to address this kind of fraud?
Smishing is of course a variation on spam ‘phishing’ emails, simply deployed over SMS to mobile subscribers. It’s fair to say that while we’ve become more adept at identifying scam email’s we haven’t applied this skill quite in the same way to messages on our mobile phones. What’s more is that in comparison the email industry has worked pretty hard to curb the scourge of spam email.
Over twenty years email service providers have developed efficient systems to combat unsolicited spam and phishing emails from the early days of filtering by IP’s of bad senders, which coincidentally was pretty dreadful considering that most spammers where simply using the same internet service providers as the rest of us, to today’s highly sophisticated machine learning algorithms that power the spam filters of Google’s Gmail, Yahoo, Outlook and others.
It has to be said that in general today’s free email providers are excellent at filtering spam and phishing emails. According to Google, its Gmail service blocks more than 100 million phishing emails every single day, and that spam filtering for their 1.5 billion or so customers is 99.9% accurate. Further to the efforts by the email service providers is a mature market for email security gateways, from the likes of Symantec, Microsoft, Cisco and Barracuda to name a few, all providing an extra layer of security including dedicated phishing protection for enterprises.
When you consider the efforts made by the email industry you begin to appreciate how the telecoms industry underperforms when it comes to combatting Smishing fraud.
It’s often been argued the lack of focussed effort by Telco’s to tackle the variety of network frauds the industry experiences, from IRSF, SIMbox and SIM Swap fraud, to CLI Spoofing, Wangiri fraud and now Smishing, has been down to the amount these frauds have wiped off balance sheets. The reality for many years has been that subscribers have stood to lose a lot more from being targeted by fraudsters than their network operators. However, as margins have diminished, fraud levels dramatically increased and regulation concerning privacy and data loss hardened, pressure is firmly on mobile operators to minimise how much their subscribers experience fraudulent activity.
As far back as 2008 global telecom operators were signing up to anti-spam registers with UK operators EE, O2, Three and Vodafone signing up to a ‘Spam Reporting Service’ in 2014 – a GSMA initiative that enabled mobile users to report nuisance messages. While these services are positive, they’ve by no means slowed the attempts by scammers to defraud mobile subscribers, with a 328% rise in Smishing attacks recorded during 2020 alone.
As with most successful anti-fraud efforts a multi-pronged approach is the best, one that evolves to keep up with the threat landscape. While the Spam Reporting Services are useful initiative’s they are dependent upon subscribers being aware of them, which on the whole they’re not.
Adding another string to their fraud prevention bow Squire Technologies provide a much more proactive approach that helps mobile subscribers identify Smishing messages as they receive them, and therefore avoids them being duped into clicking on the fraudulent links in the first instance.
The Smishing solution developed from within Squire Technologies MavenShield Fraud Prevention platform can be configured to combat a variety of network frauds, providing mobile operators with a targeted real-time Smishing solution that positively identifies SMS messages that contain fraudulent URL’s, and alerts mobile subscribers of the threat.
The solution demonstrates how operators can add real value to their subscribers, protecting them from fraud and financial loss. As technology consumers there’s nothing better than feeling that your service providers are watching your back in terms of your cyber security.
As the telecoms industry continues to evolve and competition hots up with 5G fervour, ensuring that your customers experience of such a ubiquitous service as SMS is nothing short of excellent, helps to cultivate a loyal following, and therefore the potential for additional revenue.
Tim has worked for Squire Technologies for over four years supporting the sales, marketing and business development teams with the delivery of products, services and marketing material.