New Guidance to Fight against Smishing (SMS Phishing) is published by UK’s Cyber Security

New Guidance to Fight against Smishing (SMS Phishing) is published by UK’s Cyber Security

UK’s National Cyber Security Center (NCSC) has posted new guidance for organizations to pursue when communicating with customers through SMS or phone calls. The goal of the new guidelines is to make it harder for scammers to trick the public and lead users to phishing sites. This action comes in revert to an alarming rise in scams that prank well-known brands, with fake parcel deliveries being the dominant theme.

The NCSC compiles businesses to do their part in protecting consumers and fighting the rising threat to scams, and the main way to get this is by making appropriate and fraudulent communications easier to anticipate.

What are SMS Guidelines?

When institutions utilize the SMS to communicate with an audience, the NCSC suggests that they utilize the following guidelines to ensure the receivers that a text is appropriate:

  • Use a five-digit number instead of a regular phone number.
  • Use a Sender ID that comes in place of the sending number, indicating that the sender is trustworthy.
  • Use the same Sender ID consistently across all communications and register it with the MEF.
  • Try not to include web links in SMS, but if it’s necessary, do not use URL shortening services that obscure the domain.
  • Use as few SMS distribution providers as possible, and audit all messages to validate the content.
New-Guidance-to-Fight-against-Smishing-SMS-Phishing-is-published-by-UK’s-Cyber-Security-image1

What are Phone call Guidelines?  

Impersonating the phone number of relevant entities is now fairly easy for attacks, so the calling number itself does not constitute an assurance of safety in communications. To help resolve this problem, businesses are suggested to follow these guidelines when calling customers:

  • Urge customers to call you instead and provide information on how to do it on the official site.
  • Ensure that the service providers aren’t routing calls to overseas infrastructure.
  • Ensure that the service providers have enabled anti-porting measures.
  • Ensure that the service providers are following the ‘General Conditions of Entitlement’.
  • Maintain consistency by using the same numbers to call people.
  • Numbers used only for call reception should be added to the ‘Do Not Originate’ list.
  • Provide a way and guidance for customers to report scams.

What are consumers’ perspectives?  

Even though the above measures will help in tackling scams, smishing (SMS phishing), and fraudulent phone calls, the consumers need to do their part too by keeping the following in mind: Legitimate messages are typically consistent and straightforward.

  • The phone number and email address used are minimal.
  • Valid Sender IDs don’t usually feature special characters.
  • The validity of the sending address and number should be easy to verify on the entity’s official website.
  • Honest communications never ask for personal details.
  • Shortened URLs are a red flag.

In general, if something handles wrong when articulating to someone, ask for their name and hang up. Then, independently call the organization using the number you’ll find on their website and request to speak with the agent who contacted you. Do not, under any possibility, give away sensitive personal knowledge on calls that you didn’t initiate.

Leave a Reply