SMS surveys, a powerful tool for collecting feedbackread the article Boost your workflows and customer engagement with SMSread the article Impulse sus workflows y la captación de clientes con SMSleer el artículo Aumentate i vostri workflows e il coinvolgimento dei clienti con gli SMSper saperne di più Boosten Sie Ihre Workflows und das Kundenengagement mit SMSmehr erfahren

THE smsmode© blog ©

smsmode© fights against smishing

October 13, 2022

Faced with an ever-increasing number of cases of smishing, the authorities, operators and telephone aggregators have decided to take action. New rules have been introduced to protect telephone subscribers from costly SMS scams. The most important: strict control of Sender IDs (custom transmitters). smsmode© has decided to go one step further in prevention, by filtering the common point of 95% of phishing attempts via SMS : The URL contained in SMS. Find out why smsmode© is committed to and what this means for you, our service users.

protect from Smishing

What is smishing?

Smshing, smishing or SMS phishing is a phishing technique via SMS. It's a scam that works like email phishing, but from a telephone number. A cybercriminal attempts to extract personal or banking information, or money directly, from the recipient of a SMS message, using the identity of a brand or government service (bank, parcel delivery service, CPAM, Ameli or any other well-known brand).

In 95% of cases, this fraudulent SMS contains a URL that redirects victims to a website that looks as similar as possible to that of the organization purporting to be the sender, in order to inspire confidence. Victims are then asked to enter their bank details in order to withdraw a sum of money, sometimes on a recurring basis.

In other phishing attempts by SMS, the fraud consists in offering to download an application "update", which is in fact a copy of a trusted application, acting as a spyware malware on the phone.

In some rare, but increasingly common, cases, scammers invite you to call a number so that an accomplice on the other end of the line can obtain your information.

Scammers work hard to get the victim to take action, the supposed sender of the fraud is always a very serious company or a critical service, and by creating a sense of urgency in the victim.

 

Examples of smishing:

HEALTH INSURANCE: Your new card is available.

Fill out this form to stay covered: http:gros.spam.c

Pole Emploi: Your CPF balance is available.

Protect it before XX or it will be lost: http:encoreduspam.c

Phishing by SMS is on the rise:

Since the beginning of the year, French mobile subscribers have been subjected to numerous smishing attacks. Operators and the AF2M (French Association for the Development of Multi-operator Multimedia Uses) have noticed an explosion of frauds. At the top of the list: CPF scams, social fraud, under the name of Ameli or CPAM, banks, Amazon or Chronospost delivery which would need a postage...

The trend has really taken off in recent months, to the point where French operators and aggregators, in consultation with AF2M, have decided to introduce new rules for sending SMS Push (A2P).

The new rules implemented by the operators :

All stakeholders (French operators, AF2M, A2C*, aggregators, etc.) have agreed to change the rules for sending SMS to protect the identity of "sensitive" brands likely to be used, and guarantee greater security for mobile users.

The main measure of this commission is the limitation of the use of OADC (Sender ID), otherwise known as personalized senders. All senders of so-called sensitive brands, or resembling a sensitive brand, are prohibited, a priori.

Similarly, overly generic Sender IDs such as " SMS Info" are prohibited.

To ensure the implementation of these measures, aggregators SMS, smsmode© in particular, have implemented a series of filters and an artificial intelligence system to whitelist or blacklist OADCs.

 

* Association of Independent CPaaS and CCaaS Actors

What about Sender Ids for real "sensitive" brands?

It is obvious that "sensitive" brands retain the right to use their name and its variations as a personalized transmitter. To ensure this in complete security, each aggregator is asked to provide operators with the list of permitted issuers, as they belong to the brands they represent. This authorization takes the form of a letter/form, addressed to the operators and signed by both parties, giving the subcontractor the authorization to use the Sender ID(s) of the brand concerned.

Once unlocked, the brand's outsourced platform can route messages without SMS being stopped by anti-spam filters.

sms grouped

smsmode© goes one step further in the fight against phishing:

To ensure maximum security for users, and to be proactive with regard to the real problem of phishing via SMS, smsmode© has decided to go one step further.

Our findings: the overwhelming majority of phishing attempts by SMS use a URL to redirect potential victims to a fraudulent site to capture information.

smsmodeFor this reason,© has implemented additional filters, specifically for URLs, to guarantee its customers a secure SMS experience.

What changes for you, our customers:

Sender ID changes:

Rest assured, personalized transmitters are still part of the smsmode© range.

To continue using your Sender ID, the first step is to have your account/organization validated by our services. You can then provide us with the list of Sender IDs you wish to use for your SMS campaigns.

If you have an organization (a parent account with multiple sub-accounts) and you pass the validation process, all your sub-accounts will be automatically validated.

Once your account is validated, you will be able to use the Sender IDs of your list. If however you send a message with an unknown sender, not included in your list of predefined senders, the message will not be sent and will be in error (visible on your space).

If your account is not validated, you will not be able to customize your Sender ID. If you attempt to do so, your sender will be overwritten and replaced by the default OADC (a shortcode in most cases).

This new mechanism has been added to all our services.

 

FOR A COMPLETE SUPPORT...
Our subscription packages
DOWNLOAD

Changes related to URLs:

In order to continue integrating URLS into your campaigns, we invite you to let us know which legitimate URLs you wish to send to France, by sending your list to support@smsmode.com.

All messages containing unverified URLs will be blocked by our platform.

Will these new rules be enough to stop smishing?

These protective measures are useful in protecting the A2P market, as they are able to guarantee that no fraud or scam will pass through a reputable aggregator as smsmode©.

On the other hand, most smsishing traffic is sent via gray or low-cost routes (via classic SIM cards), where SMS is sent by an 06 or 07 number, without Sender ID. This type of filtering is therefore not possible.

According to AF2M 98% of smishing attempts reported to 33 700 come from illegal routes (grey route or SIM farm).

On this subject, the ball is in the court of the operators, who must fight against these illegal routes that serve the market. Of course, smsmode© does not use any grey routes.

However, a solution to this problem has already been found by the operators. The dialogue between brands and customers will in the future only take place on numbers starting with 09. A radical solution that should make it possible to draw a definitive line on smishing.

Conclusion:

These measures may seem restrictive, but they are really necessary to (re)establish a climate of trust within SMS A2P. It is becoming increasingly important to choose a partner who is committed to combating fraud, has a direct connection with operators and uses no grey routes. The SMS Push market is also moving towards more and more controls on the URLs used to limit the performance of these fraudulent marketing campaigns, so it seems imperative to turn to a partner who allows you to control the senders and be in good standing.

l

Our team advises you

Interested in our services? Our account managers and technical team are at your disposal to answer any questions you may have about our SMS solutions, and to advise you on how to set up your campaign.

Contact us