Enterprise messaging fraud costs the industry an estimated $2 billion per anum and is a persistent threat to consumer trust. Ultimately it undermines the long-term sustainability of all players within the enterprise messaging ecosystem.
MEF’s recently published Enterprise Mobile Messaging Fraud Framework 2.0, developed by MEF’s cross-sector Working Group and part of the Future of Messaging Programme, identifies the 13 types fraud types that are affecting the messaging ecosystem and the measures needed to tackle these sharp practices.
Over the coming weeks, MEF Minute will explain each fraud type in more detail. This week, we take a look at SMS Phishing.
Definition
SMS Phishing, also known as SMiShing, is a form of criminal activity combining Spam, SMS Originator Spoofing and social engineering techniques to pretend to be a trustworthy entity, in order to gain access to online systems, accounts or data such as credit card, banking information or passwords, for malicious reasons.
Cause
- The promise of financial gain, either directly or indirectly through data loss
- Increasing incidence in line with the growth of smartphone adoption and reliance of mobile applications
- The ease with which consumers can be fooled through the use of basic social engineering and masquerading techniques to engender trust – consumers respond automatically to familiar situations and messages and may not be aware of or looking for potential risks
- Senders can use a percentage-based approach and so do not need to know whether a consumer has a relationship with the enterprise they are pretending to be, although having that information will increase their likelihood of success
- An enterprise not effectively managing their relationship with their customer, including proactively reiterating what channels they use to communicate with their customers and stating explicitly what information they will not ask for under any circumstances
- Poor regulation of the providers of enterprise mobile messaging solutions
- Other contributing causes include:
- Use of Two Factor Authentication (2FA) codes creates a perceived layer of trust
- Network support for “dynamic” alpha originators
- Number harvesting tools which gather MSISDNs and associated personal information
An example of an SMS Phishing message. Note the use of an alpha
originator to masquerade as HMRC (UK Tax office).
Download the free Enterprise Messaging Framework 2.0 document now
Version 2.0 of the Fraud Framework offers insights into the impact of fraud on all parties within the ecosystem, as well as categorisation of the means available to parties to detect and protect against fraud through the implementation of commercial solutions, technical solutions and through processes, compliance and legality.
A total of 13 fraud types have been identified, defined and mapped providing recognisable, real life examples of how fraud can occur, sharing how the different communities within the ecosystem can detect and protect themselves and their customers against fraud.
