SMS security and fraud prevention

From your perspective

Spam SMS's are unwanted text messages. They're usually someone promoting a product or service, or attempting to scam you into providing personal information for fraudulent reasons.

These may be seen as an annoyance but, in more serious cases, can result in financial loss.

The level of spam SMS sophistication has been steadily increasing as senders attempt to mimic potentially legitimate customer messages. Examples received by our customers include:

  • a message saying that their bank account is overdrawn
  • HMRC saying that the customer is owed a tax refund
  • a familiar business / company saying they've won a competition.

In some countries, spam SMS now represents 10% of all SMS traffic. And it's on the rise within the UK.

The control and management of SMS spam is an important way of improving security and the customer experience.

Man on bike using mobile phone

SMS spam - the basics

Smishing/phishing - the fraudulent attempt to obtain sensitive information (e.g. usernames, passwords and credit card details) by pretending to be a trustworthy entity in an electronic communication. These attacks may often use the same sender address as valid messages. They may be present in valid dialogues with banks, government departments or service providers. The attacks are intelligent, dangerous and well implemented. Smishing occurs in different forms and against nearly all subscriber brands.

SMS spam - any unwanted or unsolicited text message sent indiscriminately to your mobile phone, often for commercial purposes.

Potential sources of SMS-based spam and smishing and our response

  • From SMS messaging aggregators via network gateways - we have strict policies in relation to these interfaces and manage them closely.
  • From SIM farms using 1pMobile SIM cards - we have a policy of removing such farms.
  • From offnet national or international SMSCs or messaging hubs - these are harder to control, which is why our new network-based solution is needed.
An example of a SIM farm that could be used for SMS Spam

The solution

Man on bike

What are we doing about this?

We take the security of our customers very seriously. We're therefore taking a number of initiatives to help combat this security threat. One crucial element is the implementation of an SMS spam and smishing prevention function.

This function is a highly sophisticated network-based security element. It will analyse the attributes and content of SMS messages sent on our network. Based on existing criteria and active learning, it will decide the legitimacy of an SMS and whether or not it should be allowed to proceed.

The plan is to implement spam and smishing prevention for all 1pMobile customers.

The spam and fraud control solution is broken down into three layers:

  • Network layer
  • Policy inforcement layer
  • Content control layer

SMS spam detection techniques

Automatic and manual interventions are used in our techniques to detect spam campaigns by employing various detection methods. Here are a few examples.

  • Block and allow lists of specified values, senders, recipients, specified content or calls to action.
  • Social graphs (these review the quantity of messaging sent and received by a subscriber).
  • Sender analysis.
  • Fingerprint analysis.a
  • Phone number analysis.
  • URI expansion and analysis.
  • Pattern matching and volumetric analysis.
  • Unique recipient analysis and volumetric control. This is the ability to control the quantity of text messaging that can be submitted to a set number of unique recipients within a specified period. E.g. a subscriber can send messages to x unique recipients per y timeframe. If this condition is surpassed, the originating subscriber can be blocked permanently.

Click here for help