UK’s National Cyber Security Center (NCSC) has published new guidance for organizations for combatting telephone and SMS fraud. This guide aims at protecting their customers from fraudulent activities, while also ensuring that their SMS and telephone messages are consistent and trustworthy.
The adoption of such practices will make it harder for criminals to exploit telecoms channels to targets their customers.
“The goal is to help you protect your customers from fraud, while also ensuring that your SMS and telephone messages are consistent and trustworthy, reaching your target audience without being blocked or deleted as suspicious.” reads the guidance published by the NCSC. “The practices we recommend also make it harder for criminals to exploit telecoms channels and, by minimising the complexity of any given service, enable the authorities to be more focussed and efficient in detecting and preventing fraud on telecoms networks.”
The NCSC has already published advice on email security and anti-spoofing, however, this guide only covers SMS and telephone messaging.
The UK agency recommends creating trustworthy content that meets the standards expected for communications. Poor formatting, spelling mistakes and other inconsistencies lead the receivers into thinking that they are facing fake messaging.
Below are some recommendations provided by the agency when creating content:
When communication via SMS, the NCSC recommends:
When dealing with phone calls, the UK agency recommends to follow these guidelines:
Additional tips are included in the guidance.
(SecurityAffairs – hacking, SMS)