Telcos get new powers to block malicious SMS scams at scale – Telco/ISP

Australian telcos have been handed new powers to prevent malicious SMS messages from being sent, by automatically detecting and blocking them at a network level.

The federal government has amended regulations associated with the Telecommunications (Interception and Access) Act to tackle the growing number of SMS scams.

The changes, which come into effect on Tuesday, will allow telcos to identify and block malicious SMS messages at their source as part of the normal operation of the service.

A text message is considered malicious if it contains a link or telephone number and its purpose, or apparent purpose… is to mislead or deceive a recipient… into using the link or telephone number”.

Home Affairs secretary Mike Pezzullo foreshadowed the powers during senate estimates last month, though at that time the government was still ironing out the proposed changes.

Minister for Home Affairs Karen Andrews on Monday said the change gives telcos the “authority they need to block malicious SMS messages at scale and protect the Australian public”.

Communications Minister Paul Fletcher said the measure builds on several existing efforts by the government to block scam messages.

He pointed to a recent Telstra pilot that blocked more than 2500 phishing scam texts that appeared to come from legitimate government sender IDs, including Centrelink and myGov.

The malicious text blocking service used metadata to identity SMS traffic spoofing using Telstra SenderIDs.

At the same time the changes were annouced, Telstra CEO Andy Penn revealed the existence of a new cyber safety capability that the telco is developing to “automatically detect and block scam SMS messages as they travel across our network”.

Penn said the tool scans the “content of messages to find suspicious patterns and characteristics, along with other data including time, sender, number of messages sent, and recipient”.

“We are currently running a pilot of this capability inside Telstra, so that any scam SMS messages sent to our people help ‘train’ the systems to spot the difference between a legitimate and a malicious SMS. The more scams it sees the smarter it will get,” he said.

Penn said a small team will be given access to the tool during the pilot to “review suspected scam messages where the sender and recipient data are removed and not identifiable to protect privacy”.

“Once the system reaches the point where it can accurately and effectively block the majority of scam SMS we plan to enable it across our mobile network, probably early next year,” he added.