All government agencies to be on anti-SMS spoofing registry after spate of scams

Unauthorised parties that try to send SMS messages using the registered names will be blocked on mobile operators' networks. ST PHOTO: LIM YAOHUI

SINGAPORE - All government agencies will register with a new anti-SMS spoofing registry to protect the names they use to send text messages to the public, in the wake of a spate of SMS phishing scams targeting OCBC Bank customers.

"This will make it more difficult for attackers to send spoofed messages disguised as government agencies, and facilitate tracing efforts by the Ministry of Home Affairs to catch scammers," said the Smart Nation Digital Government Group on Friday (Jan 21).

The group added that it will also explore using other channels, such as the inbox feature in the Singpass app, for the Government to send messages to the public.

All 16 ministries and the more than 60 statutory boards here will progressively sign up with the registry.

The move comes after the Infocomm Media Development Authority (IMDA) on Monday urged more businesses to sign up for the Singapore SMS SenderID Protection Registry, which allows organisations to register SMS sender names they wish to protect.

Unauthorised parties that try to send SMS messages using the registered names will be blocked on mobile operators' networks.

Set up together by IMDA and the Monetary Authority of Singapore, the registry launched as a pilot scheme in August last year and currently has six organisations registered with it.

Last month, nearly 470 OCBC customers lost at least $8.5 million in SMS phishing scams.

The fraudsters had spoofed the OCBC name to send fake SMSes with links to bogus bank websites that tried to phish for customers' bank credentials.

The bogus SMSes were grouped together with real texts from the bank, which duped many victims into falling for the scam.

The Smart Nation Digital Government Group said on Friday that the Government is also reviewing its use of SMSes and clickable links in its communications.

Although smartphone access is high, it said that SMS communications has provided widespread access to citizens who either do not own smartphones or use apps.

So removing clickable links from low-risk transactions can reduce people’s ability to access services and exclude them, said the group.

But there are other implications.

“Scammers will redirect their efforts through other means, such as e-mails, to trick the public into visiting spoofed websites,” warned the group.

Currently, government agencies must send links that end with “.gov.sg” to help members of the public easily identify them as trusted links.

The Smart Nation Digital Government Group said it will ensure all agencies adhere to this rule and that it will ramp up efforts to raise public awareness on how to verify that a link is a valid government link before people click on it.

The group will also work with agencies to strengthen systems for detecting fraudulent login attempts from different locations and devices.

Additional authentication steps are being looked into as well, such as requiring biometric verification, like scanning a user’s face, for high-risk transactions.

Another tool currently available to prevent scammers from sending SMSes and making calls to mobile phone users is the Government’s ScamShield app.

The app identifies and filters out scam messages by identifying key words using artificial intelligence. It can also block scam messages and calls from phone numbers used in other scams or which have been reported by other ScamShield app users.

For now, the app is available only for iOS devices but the Smart Nation Digital Government Group is working on a version for Android devices.

Join ST's Telegram channel and get the latest breaking news delivered to you.