This is a widely used trick used by scammers to gain consumer trust
SMS-focused telco Modica has become the first company breached under new anti-SMS scam rules registered by the Australian Communications and Media Authority (ACMA) in mid-2022.
An ACMA investigation found Modica allowed customers to send SMS using text-based sender IDs (i.e., a name) without making sufficient checks to ensure they weren’t being used to perpetrate scams.
ACMA Chair Nerida O’Loughlin said the rules were in place to reduce scams that use sender IDs to pose as legitimate organisations such as government agencies, financial institutions, and road toll companies.
“This is a widely used trick used by scammers to gain consumer trust. Sender IDs generally display as a name on mobile phones and impersonating well-known brands allows the texts to slip into legitimate message streams from the brands,” Ms O’Loughlin said.
Modica did not have processes in place to ensure all its customers provided evidence to confirm they had a legitimate case to use the text-based sender IDs. Modica also failed to report to the ACMA the number of scam SMS it had blocked for the period between July and September 2022, as required by the rules.
“While we did not find evidence any scammers had used the vulnerability created by Modica, its failure to have adequate processes in place put people at risk of receiving SMS scams,” she said.
“It is vitally important that all Australian telcos have processes in place to ensure their customers sending this type of SMS are who they say they are. Uniform action is required across the sector as our experience has shown scammers will target the weakest link in telco systems to reach Australians.”
The ACMA has directed Modica Group Limited to comply with the new rules. If future breaches are found, the telco may face stronger enforcement action such as commencement of proceedings in the Federal Court.
The Reducing Scam Calls and Scam SMs industry code requires SMS service providers to identify, trace and block suspected SMS scams, and to conduct checks on organisations using text-based sender IDs.
Since July 2022, Australian telcos have reported blocking almost 90 million SMS under these new rules.
Combating SMS and identity theft phone scams is an ACMA compliance priority, and telcos may face penalties of up to $US250,000 for breaching ACMA directions to comply with the new code.