Menu
Reply
deanchapman
  • 26
  • 0
  • 2
Tuning in
576 Views
Message 1 of 12
Flag for a moderator

Phishing sms text messages, an increasing problem

Over the last month or two, I have seen a significant increase is SMS phishing containing a URL impersonating a voicemail message, there are also many other variations of SMS scams that are a real problem. 

When are Virgin Mobile going to implement some central controls for this. It currently seems to be a free-for-all for the scammers to spoof numbers and include URLs which could easily be trapped by the carrier (ie Virgin Mobile)

If we wind the clock back a few years, then email had a similar problem where we all experienced an explosion of spam/phishing.  However the ISPs and email providers have implemented, over the years, highly advanced technical controls to block such messages and the global email systems.

Please can someone from VM comment on when some basic controls will be implemented to
- validate the identity of sender (ie avoid spoofing/impersonation)  
- validate and check URL reputation
- analysis of text content for spam 

Mobile providers should take lessons from the email providers, they should understand that the problem, the impact and the solution are conceptually, very similar

Unless some better controls of SMS are implemented, then SMS will remain a highly attractive vector for criminal activity.  It must be incumbent on the mobile providers to get their act together here and Offcom should start regulating and enforcing.

 

0 Kudos
Reply
BenMcr
  • 22.72K
  • 2.5K
  • 4.79K
Very Insightful Person
Very Insightful Person
562 Views
Message 2 of 12
Flag for a moderator

Re: Phishing sms text messages, an increasing problem


@deanchapman wrote:

Please can someone from VM comment on when some basic controls will be implemented to
- validate the identity of sender (ie avoid spoofing/impersonation)  
- validate and check URL reputation
- analysis of text content for spam 

SMS doesn't work that way. There is no 'inbox' or server for those sorts of controls to be implemented on, unlike email.

All that a mobile provider runs is a message relay which stores a message addressed to a mobile number and then forwards it. These relays are not designed to be able or capable of doing anything more than that.

Any updates to SMS to include such features would require wholesale updates to technology and standards across the world, which won't happen. 

RCS was designed to be an industry replacement for SMS to include some newer features, but has never taken off as it came too long after other services like iMessage and WhatsApp, and Apple have no plans to support it. Android devices do but mostly only via direct Google support. Even then it doesn't include the security features mentioned as far as I can see.

Instead any of the features you suggest have to be part of your messaging client. For instance Google Messages on Android does check for known Spam and verified SMS senders - https://blog.google/products/messages/safer-conversations-messages-verified-sms-and-spam-protection/

**********************************
I work for Virgin Media - but all opinions posted here are my own
0 Kudos
Reply
enlli
  • 9.32K
  • 1.4K
  • 2.68K
Very Insightful Person
Very Insightful Person
555 Views
Message 3 of 12
Flag for a moderator

Re: Phishing sms text messages, an increasing problem

@BenMcr 

Has posted useful information as to why this would be a nightmare to implement.

In truth SMS is an aincent technology, the concept being laid down in 1984. The first SMS was 1992.

At first it was never intended as a public messaging system but as a method of engineers and technicians communicating with each other. When it was opened up there was no roaming across networks let alone countries. I remember taking part in SMS trials with Orange before they fully opened up their network.

What you require is better served by the networks and manufacturers getting together and replacing SMS with new technology That won't happen in a hurry.

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
deanchapman
  • 26
  • 0
  • 2
Tuning in
540 Views
Message 4 of 12
Flag for a moderator

Re: Phishing sms text messages, an increasing problem

Hi enlii, what you say is correct, but not dissimilar to the technical challenges that email faces because of the lack of controls and design flaws that failed to foresee some of the obvious vulnerabilities. 

It's odd that with all the other messaging mechanisms out there, SMS remains so well used; I guess because of it's low-level simplicity.  What is required is some joined-up thinking from the Network providers across the globe on how to solve this, and pressure from the likes of VM can help here. 

 

0 Kudos
Reply
enlli
  • 9.32K
  • 1.4K
  • 2.68K
Very Insightful Person
Very Insightful Person
534 Views
Message 5 of 12
Flag for a moderator

Re: Phishing sms text messages, an increasing problem


@deanchapman wrote:

 

 What is required is some joined-up thinking from the Network providers across the globe on how to solve this, and pressure from the likes of VM can help here. 

 


What clout Virgin mobile will have as a Virtual network with just 3.5 million users is questionable. They will be better off when fully integrated into O2 who have 10 times as many, but as now they are a minnow.

Personally, most SPAM SMS messages I receive are sorted into my Spam inbox and any that aren't are easily reported. 

The only text messages I send these days are replies to the likes of my bank, doctor and NHS.

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
BenMcr
  • 22.72K
  • 2.5K
  • 4.79K
Very Insightful Person
Very Insightful Person
533 Views
Message 6 of 12
Flag for a moderator

Re: Phishing sms text messages, an increasing problem


@deanchapman wrote:

Hi enlii, what you say is correct, but not dissimilar to the technical challenges that email faces because of the lack of controls and design flaws that failed to foresee some of the obvious vulnerabilities. 

It's odd that with all the other messaging mechanisms out there, SMS remains so well used; I guess because of it's low-level simplicity.  What is required is some joined-up thinking from the Network providers across the globe on how to solve this, and pressure from the likes of VM can help here. 


Again, the model between email and SMS technology is completely different. SMS is reliant on legacy ways of devices talking to each other compared with modern IP based messaging services.

No-one wants to develop SMS any further as far as I understand it. It only still works because it's pretty much 'baked in' to the way current mobile networks work i.e. it costs very little to keep enabled.

**********************************
I work for Virgin Media - but all opinions posted here are my own
0 Kudos
Reply
BenMcr
  • 22.72K
  • 2.5K
  • 4.79K
Very Insightful Person
Very Insightful Person
526 Views
Message 7 of 12
Flag for a moderator

Re: Phishing sms text messages, an increasing problem

I guess it is worth adding that mobile providers in the UK do run a reporting number where you can forward spoof messages

https://www.virginmedia.com/help/what-is-smishing

You can forward the message to shortcode 7726, you will then receive a response asking for the shortcode or long number that the spam message came from and Virgin Media will then investigate for you.

However my understanding is the way that these are resolved is working to find out where they're coming from in the first place and get that shut down, rather than any direct changes that Virgin Mobile do on their SMS relay.

**********************************
I work for Virgin Media - but all opinions posted here are my own
Serena_C
  • 2.19K
  • 91
  • 214
Forum Team (Retired)
Forum Team (Retired)
474 Views
Message 8 of 12
Flag for a moderator

Re: Phishing sms text messages, an increasing problem

Hi @deanchapman

 

Thank you for making the post regarding the SMS phishing texts you have been receiving. I understand how concerning it is to receive fraudulent messages on your phone. We appreciate your feedback regarding the basic controls you would like to see implemented - I will pass this on to the relevant team now.

 

We do what we can to help reduce fraudulent texts, but unfortunately scammers keep coming up with better and more complex scams. We have a dedicated page where we try and keep it updated with any known spam or phishing attempts we know of, please do check our Security Matters page if you are ever concerned about a text you have received.

 

Kind regards,

Serena

 

 

 

0 Kudos
Reply
deanchapman
  • 26
  • 0
  • 2
Tuning in
457 Views
Message 9 of 12
Flag for a moderator

Re: Phishing sms text messages, an increasing problem

Thanks Serena, BenMcr and Enlli for taking the time to reply.  I do always report the spams to 7726 as I know this helps with the central intel.

I also understand that fraudsters are ever-more inventive about finding new attack vectors, it is an arms race that I deal with every day as I work in Cyber Security Management.  The case is similar to the email problem, where one can check headers and IPs for reputation and content for patterns or URL reputation.  So whether a solution it is app-based or via a central gateway, there is more that can and should be done.

For me, it is more an annoyance that a threat, but there are so many people out there with less Cyber awareness that need protection.  I believe in many cases, CLID spoofing is being used and surely it is possible for providers to track and report the originations of these.
I get that there are longer term solutions that can be implemented globally, however at this point we need tactical, usable mitigations.  Maybe VM could look at producing a free SMS app which includes evolving features which can help remove this threat/annoyance of spoofed CLID, SMS spam & smishing.

0 Kudos
Reply
Serena_C
  • 2.19K
  • 91
  • 214
Forum Team (Retired)
Forum Team (Retired)
448 Views
Message 10 of 12
Flag for a moderator

Re: Phishing sms text messages, an increasing problem

Hi @deanchapman

 

Thank you for expanding on the issue for me, security is our number one priority and I understand your concerns regarding the impact that phishing text messages may have on those with less cyber awareness.

 

I have raised your feedback and suggestions with the team. Thanks again for taking the time to highlight the issue with us.

 

Kind regards,

Serena

0 Kudos
Reply