Many of us are now refusing to answer phone calls from an unknown number for fear that it could be a scammer. We feel uneasy when receiving texts from numbers pretending to be our banks or the postal service because there are seemingly endless phone scams. This anxiety is felt amongst the population, and it is understandable why this is the case. From March 2020 to 2021, it was discovered that phone call and text message fraud rates have increased by 83% from the previous year across the UK.
The reason these scams have been so successful is because of the vulnerable position we have all been put in over lockdown, and because we were not leaving the house to make purchases therefore more individuals were getting items delivered during the epidemic, which resulted in a massive increase of bogus package delivery SMS alerts.
The act of “smishing” refers to the fraudulent practice of sending text messages purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords or credit card numbers. In these attacks, fraudsters send a message to a recipient claiming that a modest payment is required before a product can be delivered, ostensibly from a valid number.
They then try to steal your financial information when you click on the link. But how can fraudsters accomplish it, and why is it so difficult for telecom companies and government to combat the problem? It’s time to answer the question, Why do phone scams seem so difficult to combat?
Matthew Gribben, a Cyber Security expert, explains how these fraudsters can make their phone call or text coming from the legitimate telephone number of the bank or postal service, this is due to continued weaknesses in telephone network systems.
He goes on to explain how the current UK phone network cannot guarantee 100% that the number presented is the actual originating number, it must take your word for it, that it is valid. The issue is caused by the SS7 telephone identification system, which was developed in 1975, so it isn’t the most simple or efficient technology. The “presentation number,” as defined by SS7, informs the telephone network of the number from which a user is calling or texting. This is necessary for calls to be linked to one another. The issue is that scammers can take a presentation number and use it to link it to their phone number.
Because SS7 is still important to the 2G and 3G sections of mobile phone networks that continue to transmit our voice calls and text messages even if your headset device is equipped with 5G, this issue impacts both landlines and mobile phones.
According to one hypothesis, the weaknesses of SS7 cannot be rectified since telecom companies must grant national security agencies access to their networks, although Mr Gribben claims that GCHQ (Britain’s intelligence agency) can monitor conversations without exploiting SS7 flaws. The issue, he claims, is that SS7 is still in use in telecom networks across the world. And rather than patching it up, it must be replaced.
“SS7 was designed with the assumption that there will always be legal activity [and] goodwill surrounding its usage,” Katia Gonzalez, head of fraud prevention and security at BICS, a Brussels-based telecommunications company that links and secures mobile phone networks, says. “There’s too much legacy technology [reliant upon it] that we can’t move away from – we’re going to have these SS7 2G/3G networks for at least another 10 years.”
Jon France, the head of industry security at the GSMA, the trade association that represents mobile network operators across the world, believes that many of the issues with SS7 will be resolved once more 5G networks are deployed. When this occurs, the 2G and 3G networks will be fully replaced. “It took some time to grasp these movements, and how they were exploited,” Ms Gonzalez concurs. With 5G, security will be provided from the Centre of the network.”
Mr Gribben warns, however, that even if SS7 is replaced with something “really brand new and dazzling,” “additional weaknesses that fraudsters may exploit would still exist.”
Do you get worried when you see an unknown call on your mobile, or a fake text you’re your bank? To find out what Intouch can do to help keep you safe from scammers please get in contact with us.
In recent years, a scam known as ‘robocalling’ — artificial voice – has seen a significant surge in fraudulent telephone calls. There are call authentication technologies that can help block them, and the UK’s telecommunications regulator, Ofcom, is engaging with the industry to see what can be done and how quickly it can be done. These criminal scams are becoming more sophisticated and tackling them requires efforts from a lot of separate bodies.
To assist in combat the problem, Ofcom is allegedly working closely with the police, business, and organisations such as the NCSC (National Cyber Security Centre), which is responsible for cyber-security standards in the UK.
The Internet Engineering Task Force (IETF), a US-based worldwide standards group, has also created new protocols to combat robocalling.
The system is dubbed “Stir and Shaken” in a reference to James Bond. The protocols must be implemented by the end of 2021 in the United States, but Ofcom believes UK companies won’t be able to do so until their networks are properly updated by 2025.
Ms. Gonzalez goes on to say that the only way to avoid text message frauds is for telecom companies to employ artificial intelligence to check messages for links to bogus websites before they are delivered. However, privacy regulators are unlikely to agree. Instead, telecom providers are advocating for more coordination between telecoms corporations and governments, improved partnerships between nations, and increased effort by companies in sharing information on the most recent vulnerabilities. “There’s always more that telecoms providers could do,” Amanda Finch, chief executive of the professional organisation Chartered Institute of Information Security, says, noting that phone and text frauds aren’t going away anytime soon. “However, security is a shifting objective… “Basically, everyone needs to be on their guard,” she says. “I don’t think there’s a world anytime soon where we can teach people not to be deceived,” says Robert Blumofe, chief technology officer of cloud security firm Akamai. “So, the answer needs to include a means to prevent the response the text messages are attempting to elicit.”
