The Australian Communications and Media Authority (ACMA) has found that three telecommunications companies, Sinch, Infobip, and Phone Card, allowed SMS to be sent using text-based sender IDs, without sufficient checks to ensure they were being used legitimately.
Infobip allowed 103,146 non-compliant SMS to be sent, which included scams impersonating well known Australian road toll companies.
Sinch allowed 14,291 non-compliant SMS, which included Medicare and Australia Post impersonation scams.
Phone Card was also found to have inadequate systems in place to comply with the rules, however there is no evidence that scammers exploited the opportunities it created.
Text-based sender IDs can be used by scammers to pose as legitimate organisations such as government agencies, banks, and road toll companies.
Under the Reducing Scam Calls and Scam SMS Code, Australian telcos must obtain evidence from customers that they have a legitimate reason to use text-based sender IDs (such as business names) in SMS.
The ACMA has given Sinch and Infobip formal directions to comply with the obligations, the strongest enforcement action available for code breaches.
Phone Card has been given a formal warning.
“While there is no suggestion the telcos were involved in scam activity themselves, scammers have used their failures to prey on Australians," Nerida O'Loughlin, ACMA chair, said.
This wouldn’t have happened if the companies had adequate processes in place and complied with the rules,” she added.
“Scams that impersonate reputable organisations can be particularly hard for consumers to recognise and there’s no telling how much damage could have been done as a result of these scam texts.”
Combating SMS and identity theft phone scams is an ACMA compliance priority and telcos may face penalties of up to $250,000 for breaching ACMA directions to comply with the code.
The watchdog has also welcomed the Federal Government’s announcement that the agency will develop an SMS sender ID register to help prevent offshore scammers impersonating trusted brands and government agencies.
“This initiative will help close a key vulnerability used by scammers."
"ACMA looks forward to working with industry and trusted brands as we implement this new protection,” O’Loughlin said.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
