Telcos breached for allowing SMS scams
The Australian Communications and Media Authority (ACMA) has taken action against a number of telcos after compliance failures were used by scammers to send SMS road toll, Medicare and Australia Post impersonation scams to consumers.
ACMA investigations found Sinch Australia Pty Ltd (Sinch), Infobip Information Technology Pty Ltd (Infobip) and Phone Card Selector Pty Ltd (Phone Card) allowed SMS to be sent using text-based sender IDs without sufficient checks to ensure they were being used legitimately.
The ACMA found Infobip allowed 103,146 non-compliant SMS to be sent, which included scams impersonating well known Australian road toll companies. Sinch allowed 14,291 non-complaint SMS, which included Medicare and Australia Post impersonation scams.
Phone Card was also found to have inadequate systems in place to comply with the rules, however there is no evidence that scammers exploited the opportunities it created.
Text-based sender IDs can be used by scammers to pose as legitimate organisations such as government agencies, banks and road toll companies. Under the Reducing Scam Calls and Scam SMS Code, Australian telcos must obtain evidence from customers that they have a legitimate reason to use text-based sender IDs (such as business names) in SMS.
ACMA Chair Nerida O’Loughlin said the investigations showed scammers will readily take advantage of vulnerabilities created by telcos.
“While there is no suggestion the telcos were involved in scam activity themselves, scammers have used their failures to prey on Australians. This wouldn’t have happened if the companies had adequate processes in place and complied with the rules,” she said.
“Scams that impersonate reputable organisations can be particularly hard for consumers to recognise and there’s no telling how much damage could have been done as a result of these scam texts.”
The ACMA has given Sinch and Infobip formal directions to comply with the obligations, the strongest enforcement action available for code breaches. Phone Card has been given a formal warning.
Combating SMS and identity theft phone scams is an ACMA compliance priority and telcos may face penalties of up to $250,000 for breaching ACMA directions to comply with the code.
The ACMA has also welcomed the Federal Government’s announcement that the agency will develop an SMS sender ID register to help prevent offshore scammers impersonating trusted brands and government agencies.
“This initiative will help close a key vulnerability used by scammers. The ACMA looks forward to working with industry and trusted brands as we implement this new protection,” Ms O’Loughlin said.
For information on how to spot – and stop – phone scams, visit acma.gov.au/phone-scams.