So, if there are messages being sent by “ANZ” from a number that ANZ hasn’t registered, or through an A2P provider ANZ hasn’t nominated, the telecom provider could then flag these as scams.Īn SMS sender ID registry would be a positive step, but arguably long overdue and sluggishly taken. It’s not yet decided what identification details an Australia registry would collect, but these could include sender numbers associated with an organisation, and/or a list of A2P providers they use. This way, telecom providers could refer to the registry and block suspicious messages at the network level – allowing an extra defence in case A2P providers don’t do their due diligence (or become compromised). ![]() This would essentially be a whitelist of all alphanumeric sender IDs that can be legitimately used in Australia (such as “ANZ”, “T20WorldCup” or “Uber”).Īny company wanting to use a sender ID would have to provide identification and register it. In February, the government instructed ACMA to explore establishing an SMS sender ID registry. ACMA found Modica didn’t have proper procedures to verify the legitimacy of text-based SMS sender IDs, which allowed scammers to reach many mobile users in Australia.Īlthough ACMA’s code is useful, it’s challenging to identify all A2P providers who aren’t following it. In January, A2P texting solutions company Modica received a warning for failing to comply with the rules. The Reducing Scam Calls and Scam Short Messages Industry Code required providers to share threat intelligence about scams and report them to authorities. Last year the Australian Communications and Media Authority introduced new rules for the telecom industry to combat SMS scams by tracing and blocking them. Moreover, telecom providers generally can’t block scam SMS messages due to how difficult it is to distinguish them from genuine messages. ![]() There are also no requirements for telecom companies to verify this. ![]() Web portals and apps offering A2P services generally don’t do their due diligence and check whether a sender is the actual owner of the sender ID they’re using. And, of course, they could still impersonate ANZ even if no previous legitimate thread existed, in which case it would show up in a new thread. In the example above, the scammer would have simply needed to write “ANZ” in the sender ID field for their fraudulent message to show up in the real message thread with ANZ. The problem with A2P messaging is that applications can be used to enter any text or number (or combination) in the sender ID field – and the recipient’s phone uses this sender ID to group messages into threads. Peer-to-peer (P2P) is what most people use to send messages to friends and familyĪpplication-to-person (A2P) is a way for companies to send messages in bulk through the use of a web portal or application. An example of a scam SMS message ending up in a legitimate message thread.
0 Comments
Leave a Reply. |