IMDA explains why SMSes from some firms are still being flagged as ‘likely scam’

Some users have reported receiving SMSes from legitimate businesses that were flagged as "likely scam" since Jan 31, 2023. PHOTO ILLUSTRATION: ST FILE
Osmond Chia
Updated
Feb 08, 2023, 06:22 PM
Published
Feb 03, 2023, 03:25 PM

SINGAPORE - Consumers are still receiving SMSes from legitimate organisations flagged as “likely scam” on the fourth day of the launch of a scheme to alert users to possible scam messages.

But the Infocomm Media Development Authority (IMDA) said it could be due to firms not registering all the alphanumeric names in use or applying to be listed only very recently.

The messages flagged on Friday came from Singlife, IHH Healthcare and Tada – all of which said they have applied to have their alphanumeric SMS sender names listed on the Singapore SMS Sender ID Registry run by IMDA.

Replying to The Straits Times’ queries on why this is still happening, an IMDA spokesman said: “This could be due to unregistered IDs or new applications for sender IDs by companies very close to or after Jan 31. These IDs are now in the process of being verified.”

The registry, which is said to be able to detect and block spoofed SMSes upfront, labels SMSes that use alphanumeric sender names as “likely scam” if the senders have not listed on it. From July, SMSes from businesses not listed on the registry will be entirely blocked.

Explaining that even some registry-listed firms were flagged under the “likely scam” label, the spokesman said registered companies have used IDs that are unregistered by mistake. “IMDA is working with the companies to ensure their IDs are registered.”

Some SMS aggregators are also performing further verification of their customers before allowing these customers to send SMSes using the registered IDs, she said, adding that this is a transitional period for the industry.

Since the scheme’s roll-out on Tuesday, some users have reported being confused as SMSes have been flagged as “likely scam”, even though they came from legitimate businesses for genuine communications. SMSes from some organisations listed on the registry have also been flagged as “likely scam”.

A business owner, who wanted to be known only as Ms Chua, 49, said the one-time passwords (OTPs) she has been getting to log in to IHH Healthcare’s medical records app MyHealth360 have been flagged as “likely scam”.

She used the OTP to log in to the app confidently after she saw an advisory from the healthcare group notifying users of the mislabelling, as MyHealth360 has been registered with the Singapore SMS Sender ID Registry.

As at Friday, she was still getting her OTPs with a “likely scam” label. “The ‘likely scam’ messages I have received so far are not scams. How am I supposed to treat the warning seriously in future?” said Ms Chua, who owns a food and beverage business.

A notice from IHH Healthcare notifying users that its app MyHealth360 has been registered with the SMS Sender ID Registry. PHOTO: ST READER

SMSes from insurance company Singlife were still being flagged as “likely scam” as at Friday, even though the company said it had signed up to be on the registry early in January.

A Singlife spokesman said: “Singlife is registered for IMDA’s SMS Sender ID Registry and has been continuously working with our partnering identity provider, Okta, to ensure a smooth transition to this new system.

“We are aware of unexpected errors tagging Singlife SMS messages under the ‘likely scam’ category. These are due to an issue occurring outside of Singlife’s registration system.”

It is not known what went wrong. Okta, an access management provider that services many businesses here,  told ST on Friday that its sender IDs have since been approved in the registry, and that it is working with third-party network providers to resolve the issue of some SMSes that are still being mislabelled.

Civil servant Xin Ng, 28, who uses Singlife, said labelling genuine senders as “likely scam” is confusing. While doing so can prompt users to be more alert to scams, she hopes the issue can be quickly rectified.

An SMS from Singlife that was labelled as “likely scam”. The company said it signed up for the SMS registry early in January. PHOTO: ST READER

On Friday, SMSes from ride-hailing app Tada were also being flagged as “likely scam”, although the company said it had signed up to be registered on time.

An SMS from ride-hailing app Tada being flagged as “likely scam”. PHOTO: ST READER

In his letter to ST’s Forum page published on Friday, Mr Peh Chwee Hoe said he was alarmed unnecessarily after he received flagged SMSes from legitimate businesses he had transacted with – many of which are based overseas.

He wrote: “This strict measure from IMDA leads one to ask if all legitimate businesses outside of Singapore will be registered, and if users can be given the choice to opt in or out.”

Before Friday, SMSes from DBS Bank, Amazon and Great Eastern were also flagged as “likely scam”, even though they had signed up with the registry ahead of the Jan 31 deadline. It is understood that their sender names are now correctly displayed.

A DBS user, who declined to be named, had made a $12,000 bank transfer and said he was surprised by a verification message from DBS labelled “likely scam”. The communications executive, 41, said: “It was obvious to me that the SMS was legitimate because I received it right after I made a fund transfer.”

He added: “If the parties don’t resolve this soon, some consumers might get tricked into thinking ‘likely scam’ warnings accompanying actual scam messages are errors made by the registry.”

More On This Topic
Some users confused as SMSes from legitimate firms get flagged as ‘likely scam’
Almost 2,000 organisations registered with SMS registry that will roll out ‘likely scam’ alerts

A spokesman for insurance firm Great Eastern said on Friday: “We can confirm that the legitimate SMSes listed as ‘likely scam’ happened during the cut-over period and were since resolved. It did not impact any services or accessibility.”

An Amazon spokesman said on Thursday that the e-retailer was completing a few remaining registrations. Its SMSes were also flagged as “likely scam” despite Amazon being listed by IMDA as one of at least 2,100 companies that had signed up to be on the registry before the deadline.

The registry is a new measure by the authorities to crack down on spoofing messages sent by scammers using alphanumeric sender names nearly identical to the ones used by legitimate organisations. Registered firms must pay a one-time fee of $500 and an annual payment of $200 per registered sender ID for it to be seen by customers.

IMDA said on Friday that almost 2,400 organisations have already registered. These include the Bank of America, RHB Bank, State Bank of India, Barclays Bank, Lazada, Shopee, Grab, Foodpanda, Samsung, TikTok, Google, Meta, Apple and Amazon.

It added that some organisations could not complete registration before the deadline and urged them to have their sender IDs enrolled as soon as possible by contacting the registry at smsregistry@sgnic.sg

“It is important that we raise collective resilience in preventing scams. Combating scams is a whole-of-society effort, and it requires merchants to play their part, and the public to remain vigilant,” said IMDA.

More On This Topic
SMSes from organisations not registered with IMDA to be labelled ‘likely scam’
Telcos raise concerns over possible privacy violations, SMS disruptions with new anti-scam measures

Join ST's Telegram channel and get the latest breaking news delivered to you.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top