Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels

/security

News and resources on cyber and physical threats to banks and fintechs worldwide.
News
See Security headlines »

Lead Channel

Security

Channels

Retail banking
Editorial | what does this mean?
This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.
Hong Kong banks take on SMS scammers

Hong Kong banks take on SMS scammers

Hong Kong banks are joining an SMS sender registration scheme designed to help customers avoid falling for scam texts.

The scheme will see participating banks use registered SMS sender IDs with the prefix "#" to send messages to local subscribers of mobile services. Texts with sender IDs containing "#" but not sent by registered senders will be screened out by telcos.

The scheme, backed by regulators and the police, was launched in December with telcos. Now 28 retail and virtual banks - including Ant Bank, DBS and Standard Chartered - are signing on.

Luanne Lim, chairman, Hong Kong Association of Banks, says: "The HKAB welcomes the SMS Sender Registration Scheme, which will help combat malicious spoof messages. By utilising the registered SMS sender IDs, participating banks can strengthen client protection against fraudulent SMS messages.

"In the face of ever-evolving scam tactics, the banking industry will continue to collaborate closely with relevant parties to combat frauds through technological advancements and customer education."

Lead Channel

Security

Channels

Retail banking
Editorial | what does this mean?
This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Sponsored: [New Report] The Future of UK Fintech: 2015 - 2035 - An IFGS Special Edition - UK Fintech Week 2024

Comments: (1)

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 24 January, 2024, 10:08Be the first to give this comment the thumbs up 0 likes

Great initiative. Hope they also create an open directory so recipients of SMS know the full name of the company behind cryptic SMS Headers.

In the blog post titled Variants Are Making Phishing Attacks More Lethal Than Ever in my company blog, I gave two examples of scams that worked by using misleading SMS Headers:

----------

... when you get a text, you need to look at the SMS Header and use your general knowledge / common sense to decipher who the sender of the message is e.g. “TM-HSBCIM? Ah it must be HSBC Bank”; “VK-GODDY must be Go Daddy”; and so on.

This works well – until it doesn’t.

BP-RTODPT is not RTO Department (DMV of India). This SMS Header belongs to a motor insurance company that uses the bait-and-switch dark pattern to sell you a policy that you don’t need.

Then there’s QP-ITDEPL, the header used by a scamster to send out texts about income tax refund. A poor sucker who got this SMS thought it was from the Income Tax Department, took the offer for refund to be genuine, clicked through the link, and lost INR 2.94 Lakhs ($3900) in the bargain.

----------

If only there was a directory, diligent users could have avoided falling victim to the scam by looking up the directory and realizing that the above two SMS Senders were not who they claimed to be.

I get the introduction of # symbol but, as far as I can make out, this feature would merely change the SMS Header from e.g. BP-RTODPT to #BP-RTODPT, which can still succeed at scamming the recipient of the SMS.

Report abuse
Join the discussion

Write a blog post about this story (membership required)

[Impact Study] Fraud and AML Case Management: How to Operate at the Speed of Risk[Impact Study] Fraud and AML Case Management: How to Operate at the Speed of Risk

Trending

Trending

  1. Visa unveils suite of new products for the digital age

  2. Banco Santander suffers data breach at third party supplier

  3. Australia passes Digital ID Bill

  4. Investing in Fintech: How Technology is Reshaping the Financial Services Landscape

  5. 'Neobank in a box' startup Fintech Farm raises $32 million

Research
See all reports »
Fraud and AML Case Management: How to Operate at the Speed of Risk

Fraud and AML Case Management: How to Operate at the Speed of Risk

The Future of UK Fintech - 2015-2035

The Future of UK Fintech - 2015-2035

Definitive Differentiators - Forging a future-proof payments model

Definitive Differentiators - Forging a future-proof payments model