New rules for telcos to help combat SMS phishing

ACMA plans pilots to address SMS spam, ‘one ring and drop’ calls

Smishing, an SMS phishing attack / Vishing, a voice phishing attack by phone
Jane Kelly / Roshi11 / Egor Suvorov / Getty Images

The Australian Communications and Media Authority (ACMA) has unveiled a range of initiatives as part of its Scams Technology Project, including pushing for telcos to implement SMS filtering to combat text-message-based phishing.

The regulator today issued a summary version of the project’s report, with the ACMA indicating it had withheld some details that it was concerned could be exploited by malicious actors.

The ACMA said it would develop a range of enforceable obligations for telco providers, including implementing SMS filtering measures.

“Technology companies that provide fraud protection solutions to the telco industry have demonstrated comprehensive solutions at a network level that automatically detect and block scam messaging and emails,” the summary report states.

One Australian telco had demonstrated “impressive ability to monitor, analyse track and disrupt spam/scam SMS traffic on its network by implementing filtering technology supplied by a fraud protection provider,” the ACMA report adds. When combined with human analysis the volume of spam/scam SMSes on the telco’s network declined rapidly.

The ACMA is pushing for industry-wide approaches to combat scams such as ‘Wangiri’ calls, which involve a brief incoming call that is terminated before it’s answered. When a victim phones the number back, the call is routed through a network that charges premium rates.

The ACMA is also wants telcos to begin blocking off-shore networks that carry a high volume of scam traffic: “High-volumes of scam calls enter Australian from off-shore locations via a complex web of call routing/IP based traffic and supporting commercial interconnect arrangements,” the report notes.

“In general, a carrier or CSP [carriage service provider] is only able to determine the previous provider that carried a call, whereas it may have travelled through many transit points from origin to termination.”

Two other key initiatives involve promoting the sharing of scam data across the industry and preventing spoofing of calling line identification (CLI).

“Overseas scammers use readily available and cheap technology to present calls with maliciously spoofed CLI to display a number more familiar or recognisable to the person receiving the call,” the report states.

“This makes it more likely that the call will be answered. This can lead to consumers no longer trusting the number displayed on their phone when it rings.”

“We will be trialling a Do Not Originate list, which compiles a list of safe numbers from organisations like banks and the tax office and prevents them being used for scams,” project chair Fiona Cameron said.

“Further trials will target the Wangiri ‘one ring and drop’ scam, which has been identified as one the industry can potentially bust by working together.”

“I want to thank the ACMA for this report and I look forward to working in partnership with industry to run these pilot trials as soon as possible,” communications and cyber safety minister Paul Fletcher said.

“For too long, scammers have been targeting Australians. At the very least, they have been creating a major inconvenience, by harassing us over the phone, email and internet. At worst, they have caused victims significant emotional and financial hardship.”

Shadow communications minister Michelle Rowland accused the government of “industrial scale laziness” when it came to addressing phone scams.

“Australians expect strong and timely action to keep them safe – yet the rudimentary steps and trials outlined today could have been commenced years ago,” the Labor MP said.

Related:

Copyright © 2019 IDG Communications, Inc.

Download: EMM vendor comparison chart 2019
  
Shop Tech Products at Amazon