Smishing and spoofing are rampant and have been made worse by the pandemic. Smishing is the mobile equivalent of phishing, posing as a trusted brand to fool people into giving away information, login details and money.
The classic smishing and spoofing attacks are from bad guys claiming to be your bank, insurance company or even your own company. Because you trust the brands, you are less likely to smell a rat.
The MEF (Mobile Ecosystem Forum) has adopted a similar approach to the successful one that has been adopted by other tech and telecoms sectors. A Registry for short-code names.
The idea of the Registry that will combat both smishing and spoofing was put together in the UK and will soon be launched in Singapore. The service compares the sender ID to IDs from actual brands and blocks any that are not genuine.
The initiative by the MEF has the immediate support of UK operators and other interested parties such as utilities, banks and government and the CEO of the MEF believes that the idea will catch on, globally.
There have been some success stories in the smishing and spoofing battles – but not many. In Australia, at the end of 2020, a gang was arrested and police found nine SIM boxes, hundreds of SIM cards, $50,000 in cash and a whole bunch of drugs and drug ‘gear’. Nice work if you can get it – until the police come visiting.
The MEF initiative seems a good one, and one that will stop or slow down this modern-day scourge.
Black lists and pro-active information sharing has proved successful in the past and while it may mean that an attack works, it probably only works once or twice. It stops the replication of malicious strategies and, at least, makes the bad guys work harder for their dinner.
Sharing information is the most effective defence against smishing and spoofing, in fact, against any of the Dark Arts.