Scam texts bombard Australians after telco breaches
Australians received over a hundred thousand scam text messages, including fake toll road and Medicare notices, after three telcos failed to adequately protect against impersonation threats.
Sim card providers Sinch, Infobip and Phone Card Selector will face disciplinary action from the communications regulator for allowing messages to be sent using text-based sender IDs without checking if they were legitimate.
Scammers exploited the breaches to change the ID of messages so that it appeared they were coming from legitimate sources, such as government agencies or toll providers.
Australian Communications and Media Authority chair Nerida O'Loughlin said by failing to comply with the rules, the companies enabled opportunistic scammers to prey on Australians.
"Scams that impersonate reputable organisations can be particularly hard for consumers to recognise and there's no telling how much damage could have been done as a result of these scam texts," she said.
ACMA found Infobip allowed more than 100,000 non-compliant SMS's to be sent, including scams impersonating toll road notices, while Sinch let through 14,000 texts, including fake Medicare and Australia Post messages.
Sinch and Infobip were given formal directions to comply with their obligations, the strongest enforcement action available for code breaches.
Phone Card Selector was given a formal warning after its compliance systems were found to be inadequate, although there was no evidence they were exploited by scammers.
The telcos will face fines of up to $250,000 if they breach ACMA directions to comply with the code.
Ms O'Loughlin praised the federal government for setting aside almost $11 million in its budget on Tuesday to establish a sender ID registry.
The initiative will help prevent scammers from impersonating trusted brands in message headers, she said.