The Government can also develop a platform that complements the existing ScamShield app, allowing organisations like banks to share phone numbers and malicious URLs that they have detected. I would definitely be supportive of this being made mandatory by the Government,” Mr Hall said, adding that he does not see other regulations “that could help without being overbearing”. “Pre-registration would prevent attackers from being able to spoof organisations' SMS Sender IDs. Such pre-registration is already required in many countries, experts said. This means that hackers will effectively be unable to spoof the sender names of SMS,” he explained.Īs of Thursday (Jan 20) afternoon, nearly 2,200 people had signed the petition on. Instead, require companies to register for certain sender names before they can be used to send SMS. “Restrict and block all sender names from being changed by a third party. Mr Lee the entrepreneur has started an online petition calling for authorities to enforce such pre-registration and adopt "a whitelist approach". The programme, however, is not mandatory. After registering, messages will be blocked when there is unauthorised use of the registered Sender IDs. In Singapore, a pilot programme allowing organisations to do so was launched by the Infocomm Media Development Authority (IMDA) in August last year. MANDATE REGISTRATION OF SMS SENDER IDS?Įxperts said making users pre-register their SMS Sender IDs, or the names that appear on their messages, with authorities is one way to thwart illegal attempts by swindlers. “I’m astounded and extremely worried by how easy it is for anyone to use them to spoof the sender’s name in an SMS,” he told CNA. These third-party services are easily found online with the code written up “in mere minutes”, said Mr Lee, who is also a data science instructor. Mr Lee, founder of coding school Upcode Academy, said he became concerned after reading about recent phishing scams and decided to find out for himself how an SMS could be spoofed.īy using a third-party tool he found online, he managed to send a message to himself under the name of “DBS Bank”. The ease at which a fake SMS can be sent has also been documented by Mr ZP Lee, who goes by "Captain Sinkie" on his blog. “Today, the sender information embedded into an SMS is not verified by telcos before being relayed to the recipient … Without any authentication process in place to ensure that SMS spoofs are done only by legitimate senders, phishing attacks via SMS have become easy to launch,” said Mr Lee. The problem lies in the lack of verification by telcos that operate the current SMS system, experts said. These tools are also widely used by legitimate companies for their SMS marketing campaigns, so that customers receive messages from a familiar name instead of an unknown number. There are many SMS spoofing tools currently available online for free, said Mr James Lee, a security solution architect for Asia Pacific, China and Japan at US network security provider F5. “This is actually incredibly easy to spoof since it is just an additional field in an SMS and can be added by attackers using simple API (application programming interface) calls to any SMS service providers,” Mr Hall said. This happened because malicious actors were able to make use of a hidden field within SMS – called the Sender ID – to mask their actual phone numbers and use an alphanumeric identifier instead, said Mr Ian Hall, head of client services for Asia-Pacific at Synopsys Software Integrity Group.īy taking on the name of a bank or any legitimate company, a fake SMS would then be grouped together with those using the same name in the mobile phones of recipients. Nearly 470 people have lost at least S$8.5 million since last December. The message, which contained a link to a fraudulent website mimicking OCBC’s, appeared in the same SMS thread as genuine ones previously sent by the bank. In the recent phishing scam involving OCBC, victims received an SMS from scammers posing as the bank and claiming there were issues with their accounts or credit cards.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |