Skip to content

Banking and mobile industries look to tackle COVID-19 text scams

The mobile industry, banking and finance sector and the National Cyber Security Centre (NCSC) have joined forces to prevent criminals from sending scam text messages exploiting the current situation.

The ongoing industry initiative by the Mobile Ecosystem Forum (MEF), Mobile UK and UK Finance, supported by the NCSC, is helping to identify and block fraudulent SMS texts and safeguard messages from legitimate businesses and organisations.

Katy Worobec, managing director of economic crime at UK Finance, said: “Banks are joining forces with other industries and law enforcement to protect the public from cruel coronavirus scams.

“We would urge consumers to be on their guard against criminals exploiting the COVID-19 outbreak to commit fraud. Always follow the advice of the Take Five to Stop Fraud campaign and avoid clicking on links in any unsolicited text messages in case it’s a scam.

“Remember you can report suspicious texts by forwarding the original message to 7726, which spells SPAM on your keypad.”

Sometimes fraudsters will change the sender ID that appears at the top of a text message to mimic a genuine brand or organisation and trick the recipient into believing it is legitimate.

For example, scam texts exploiting the government’s response to Covid-19 have been sent using +Gov_UK instead of the genuine UK_Gov.

Criminals can alsoo copy genuine sender IDs, making a fraudulent message appear in a chain of texts alongside previous genuine messages from that organisation.

As part of a cross-industry initiative, MEF has developed a “white list” which allows organisations to register and protect the sender IDs used when sending out legitimate text messages.

The registry limits the ability of criminals to send messages using the same sender ID as a particular brand or government department, by checking first whether the sender is the genuine registered party.

50 bank and government brands are currently being protected through the initiative with 172 trusted sender IDs registered to date.

A blacklist has been established to block messages from sender IDs that have been used to send scam texts, or from unauthorised variations that could be used to impersonate trusted brands and organisations in future.

Over 400 sender IDs have been identified so far on the ever-growing blacklist, including 70 related to COVID-19.

Dr Ian Levy, technical director at the National Cyber Security Centre (NCSC), said: “We are pleased to be supporting this experiment which is yielding promising results.

“The UK government’s recent mass-text campaign on COVID-19 has demonstrated the need for such industry collaboration in order to protect consumers from these kind of scams.”