As part of the multi-pronged fight against scams, the Infocomm Media Development Authority (IMDA) has been working with the Singapore Police Force, Government agencies, and Private Sector partners. There needs to be more than one line of defence, and IMDA is coming up with new ways to protect SMS communication.
In August 2021, a pilot SMS Sender ID Registry was launched. However, due to the increase in SMS frauds, IMDA accelerated the establishment of the Singapore SMS Sender ID Registry (SSIR) in March of this year. SMS that spoof or use registered SSIR IDs were thus prevented upfront, lowering the danger of scams.
Over 120 public and commercial sector organisations have joined the SSIR since its inception. Thus, the number of reported SMS scam cases has decreased threefold as compared to the prior three months.
While the SSIR has had an impact, it is still a voluntary system, in that it is only for organisations that choose to register and safeguard their Sender IDs. However, the public may still be exposed to faked SMS utilising non-registered Sender IDs such as from organisations that choose not to register, or IDs that do not belong to any organisation.
Moreover, IMDA wants to make SSIR registration mandatory for organisations that use Sender IDs to strengthen the scam protection capabilities like the full registration regime. As a result, only registered Sender IDs will be permitted. As a default, all other non-registered Sender IDs will be prohibited. This protects SMS as a communication channel even more.
The agency proposes the following: Using their Unique Identifier, merchants or organisations that employ SMS Sender IDs must register with the SSIR (UEN); and aggregators who desire to process SMS with Sender IDs must participate in the SSIR and authenticate merchant or organisation registrations using their UENs.
These will enable clear identification of the merchants behind the Sender IDs. It increases the guarantee that only legitimate merchants use Sender IDs. As organisations may need time to adjust, a transition period beginning in October 2022 is recommended before the complete SSIR registration requirement goes into effect at the end of 2022.
In addition, machine reading technology has made it feasible to recognise and filter probable fraudulent messages upstream in the telecoms network.
The proposed methods can initially detect malicious links within the SMS that lead to scam websites; telcos can then develop ways to recognise suspicious scam message trends and filter them accordingly. IMDA is soliciting feedback from the public on these suggested initiatives.
The suggested changes are part of an ongoing, multi-layered strategy to enhance security against scammers. This has been done by the telecommunications companies to limit the number of fraudulent calls and text messages entering the communication networks.
Likewise, IMDA advises the public in terms of dealing with scam SMS and calls. Some of these are:
- Blocking harmful URLs and fraudulent websites after being alerted;
- In the future, consider giving customers the choice to stop receiving international SMS;
- SMS aggregators use spoof IDs to block upfront scam communications;
- Filtering and highlighting international calls;
- Block international fixed-line and mobile spoofing numbers;
- Giving customers the choice to not receive international calls.
The IMDA stated that the public should remain vigilant. However, scammers will continue to modify their deceptive methods and strategies. Additional steps to protect telecoms channels are insufficient on their own.
The best defence is a discerning public, in which all consumers are individually vigilant and raise collective awareness by sharing ideas for avoiding scams with their friends.