While the SSIR has had an impact, it currently remains a voluntary system
The Infocomm Media Development Authority (IMDA) has been working with the Singapore Police Force, Government agencies, and Private Sector partners as part of the multi-pronged fight against scams. There is a need to build multiple layers of defence and IMDA is proposing new measures to further safeguard SMS as a communications channel.
Full SMS Sender ID Registration
A pilot SMS Sender ID Registry was first initiated in Aug 2021. However, with the surge in scams using SMS, IMDA accelerated the setting up of the Singapore SMS Sender ID Registry (SSIR) in March this year. SMS that spoofed/made use of registered IDs on the SSIR, were therefore blocked upfront, reducing the risk of scams.
Since its launch, over 120 public and private sector organisations have joined the SSIR. Compared to the three months before, the number of SMS scam cases reported has since declined threefold since the SSIR’s launch.
While the SSIR has had an impact, it currently remains a voluntary system i.e., for organisations who choose to register and protect their Sender IDs. The public however may still be subject to spoofed SMS, using non-registered Sender IDs (e.g., from organisations that choose not to register, or IDs that do not belong to any organisation).
To build stronger scam prevention capabilities, we intend to make SSIR registration a requirement for organisations that use Sender IDs (i.e., a full registration regime). Therefore, only registered Sender IDs will be allowed. All other non-registered Sender IDs will be blocked as a default. This further safeguards SMS as a communication channel.
In a full registration regime, we are proposing the following:
- Merchants/organisations that use SMS Sender IDs must register with the SSIR using their Unique Identity Number (UEN)
- Aggregators who wish to handle SMS with Sender IDs must participate in the SSIR and verify merchants/organisations sign-ups through their UENs
The above requirements will allow merchants behind the Sender IDs to be clearly identified. It provides better assurance that only bona-fide merchants are using Sender IDs.
As organisations may need time to adjust, a transition period is proposed starting from October 2022, before the full SSIR registration requirement commences in end-2022.
Exploring Anti-Scam SMS Filtering Solutions
In addition, technology has made it possible to identify and filter potential scam messages, upstream within the telecoms network, using machine reading technology. As a start, the proposed solutions can detect malicious links within the SMS that lead to scam websites; and telcos can then develop solutions to identify patterns of suspicious scam messages and filter them accordingly.
Measures are part of the ongoing multi-layered approach
The proposed measures are part of an ongoing multi-layered approach to strengthen protection against scams. This has been done with the telcos, to systemically reduce scam calls and SMS coming through the communication networks.
In dealing with scam SMS:
- Blocking scam SMS and malicious URLs/Scam websites once notified
- Since 2019, telcos block scam SMS that came through networks
- The malicious URLs embedded within a scam SMS are also blocked once notified
- SSIR (as above)
- Since 2021, SMS aggregators block upfront scam messages using spoof IDs
- Going forward, exploring providing consumers the option not to receive international SMS
In addressing scam calls;
- Block known/specific spoof call numbers:
- Since 2019, commonly spoofed local numbers, (typically numbers impersonating local government agencies and emergency services e.g., 995) have been blocked
- Filtering and flagging overseas calls:
- Since 2020, robocalls (automated scam calls) were blocked using pattern recognition technology
- Overseas calls were labelled with a “+” sign to alert the public to be vigilant
- Block spoofed fixed-line and mobile numbers coming from overseas:
- This is done in-network as a default, without affecting users. This will be completed by year-end
- Going forward, exploring providing consumers the option not to receive international calls
Public should continue to remain vigilant
However, scammers will continue to change their methods and tactics to deceive the public. Additional measures to safeguard the telecoms channels by itself, is insufficient. The best defence is a discerning public, where all consumers are individually alert and raise collective awareness by sharing scam prevention tips with friends and family. Everyone should also download Scamshield, to help filter out scam messages and block scam calls. Combatting scams is a whole of society effort, and the public should continue to remain vigilant.
Tags: CybersecurityIMDA