End to smishing and spoofing in Ireland and Singapore, says the other MEF

Dario Betti with background.jpg

Mobile operators in Ireland and Singapore are to introduce a registry that will aim to prevent fraudulent use of sender IDs in text messages.

The registry, which is already operating in the UK, significantly reduces the impact of so-called smishing and spoofing by SMS, helping to protect consumers and companies alike, said the Mobile Ecosystem Forum (MEF), which is behind the scheme.

MEF CEO Dario Betti (pictured) said: “There are millions of faked SMS sent by fraudsters trying to steal passwords every day. We need to help consumers and organisations fight back.”

The MEF that he leads is different from the former Metro Ethernet Forum, which also uses the same initials.

Betti added: “Thanks to the collective efforts of the British mobile industry MEF has managed to show a way: a registry for SMS short-code names. The fight against fraudsters is a relentless one, it will never stop. But we are happy to celebrate one successful tool created in the UK.”

MEF said that, in the UK, many major banks and government brands are protected, with 352 trusted sender IDs registered to date. It added: “Over 1500 unauthorised variants are being blocked on an ever-growing list, including 300 sender IDs relating to the government’s coronavirus campaign.”

In the UK the system has the backing of all four mobile operators, BT’s EE, O2, Three and Vodafone, along with message providers including BT’s Smart Messaging Business, Commify, Dynamic Mobile Billing, Firetext, Fonix Mobile, IMImobile, Infobip/OpenMarket, mGage, Reach-Interactive, Sinch, TeleSign, Twilio and Vonage.

Now MEF is helping to launch Ireland’s SMS SenderID Protection Registry, with the support of Eir, Three Ireland and Vodafone Ireland as well as nine merchants, three major government agencies, banks, retailers and utilities.

The service is also expanding to Singapore as the Singapore SMS SenderID Protection Registry. 

Other countries will follow. A spokeswoman for MEF said: “Yes, the plan is to expand, but as you need the governments/companies etc to sign up, it’s not as simple as just launching. So UK first, then Ireland and Singapore, more later.” The launch date for both Singapore and Ireland is this week, she added. 

MEF said that a “cross-stakeholder working group has seen a significant drop in fraudulent messages being sent to the UK consumers of the participating merchants”.

The SMS Protection Registry reduces the ability for fraudsters to send messages impersonating a brand in the message header, by checking whether the sender using that sender ID is authorised by the merchant or brand. If not, messages from this route are blocked as fraudulent, ensuring SMS remains a trusted communication channel for brands and consumers alike.

MEF added: “Sender IDs set up by fraudsters made up of misspellings and special characters aimed at impersonating a merchant or brand are also blocked via a ‘denied list’ circulated to messaging partners.”

Text messaging scams, which trick consumers into sending money or sharing their account details with fraudsters, are known as “smishing” (or phishing by SMS). Criminals send bogus texts which appear to come from a trusted sender.

MEF noted that, aside from using the wholesale messaging (aggregator) delivery channels operated by mobile network operators, scammers also send messages in bulk using SIM farms that use normal SIM cards as used in mobile phones.