The fight against COVID-19 spam and smishing attacks

Best practice advice – and how the mobile industry can help.

OpenMarket – April 16, 2020

SMS has become an essential channel for brands and public bodies that need to stay in touch with people during this COVID-19 crisis.

Mobile operators are working hard – alongside messaging solutions providers like OpenMarket – to ensure COVID-19 messages get through and get read.

Part of this job is to ensure that COVID-related spam and smishing attacks stay off the network.

It’s a big challenge: spammers and online criminals the world over are currently preying on people’s COVID-19 anxieties for financial gain.

If you’re an OpenMarket customer or partner, you can help us by making sure we know that your COVID-19 messaging use cases are genuine so we can get them whitelisted.

By whitelisting your programs, we ensure your important messages don’t get caught up in any spam or smishing (the SMS version of phishing) filters. Get in touch with your account manager if you have any relevant programs.

What does COVID-19 SMS spam look like?

Spammers use alerts in order to collect contact details of people who show themselves to be susceptible to these types of messages. For example:

“COVID-19 cases are mounting in your region. Text “YES” for updates about your specific area.”

Anyone who replies could find themselves inundated with similar types of spam messages. Inevitably, spammers are also trying to lure people with the promise of virus treatments and testing kits.

What do COVD-19 SMS smishing attacks look like?

Smishing is when criminals use mobile messages to impersonate organizations.

These COVID-19 scam texts might claim to be from government departments or other trusted organizations. They tend to include a link to a fake website designed to trick people into giving away their financial and personal information such as bank details, passwords and credit card numbers.

Misinformation from foreign actors

SMS networks and mobile messaging apps are being targeted by state-backed groups seeking to spread false information, according to reports.

US citizens recently received targeted text messages that falsely warned of an impending “mandatory quarantine”. Many of these messages were shared between individuals. Some US officials were quoted as suggesting that Russia or China may be behind the false alerts.

Help us help you

These examples hopefully illustrate why COVID-19 related terms and sender IDs are currently being blocked to protect end users.

Sender IDs that have been blacklisted in the UK include those either related to COVID-19 or referencing the UK government. Similar targeting is taking place in the US, Europe and other parts of the world.

What we’re doing to help

The OpenMarket security team is focusing on blocking Sender IDs and suspect URLs within the message in order to prevent COVID-19 spam, misinformation and smishing attempts reaching end users.

We look for phone numbers used in more than one campaign – for example, the same number being used in communications for multiple banks. And we react to traffic that has been reported as suspect.

In general, we’re looking for suspect sender/content patterns across the globe and adding and adjusting existing policy rules as needed to block fraudulent traffic.

There is little-to-no risk of our filters blocking genuine Covid-19 related traffic from enterprises. But we do need help from partners sending on behalf of other businesses. As mentioned above, these partners should contact us if they’re sending Covid-19 traffic. We can then whitelist it.

We also need your help to spread awareness about the need to think carefully before clicking on any COVID-19-related links. Let employees and customers know that anyone who receives a suspected spam or smishing message should forward it to the number 7726 (the digits spell SPAM on a traditional phone keypad).

This number alerts mobile operators in the UK and US (and mobile messaging solution providers like us) about spam and smashing attacks. It’s one of our best opportunities to combat them.

Working together

Mobile messaging becomes a crucial channel in times of crisis.

The combined coverage of 2G, 3G and 4G networks means SMS can reach the vast majority of people in the world. It’s also a simple way to access information for non-digital savvy users – those that are often the most at risk at isolation.

Fortunately, SMS is still largely a spam and fraud-free channel. But we all have to double down on efforts to protect it, and the public, during this crisis.

See all blogs

Related Content