SMS Fraud Report 2024 & storytime: How I fell For a Scam

Welcome to the Message Received newsletter.

In the next five minutes, you will delve into our official 2024 SMS Fraud Report findings.?

My goal today is to arm you with knowledge and actionable steps to safeguard your company and industry as a whole.

So, get yourself a nice cup of coffee, tea, wine, or something stronger and dive into the report. Or, listen to the podcast - I recorded a short overview of the report just for you.?

P.S. I fell for a scam myself and lost around a hundred euros. To hear the full story, head over to the podcast.?

The scammers got their game levelled up.?

Everyone’s after communication that’s both instant and without borders. But anything that gains popularity can also be easily manipulated.?

The landscape of SMS fraud has undergone a significant transformation, heightened by technological advancements and shifting consumer habits. The scammers have transitioned from poorly worded texts with clear suspicious links to well-crafted messages with URLs that closely mimic genuine ones.

The surge in AI is blurring the lines between legitimacy and fraud. AI has definitely equipped scammers with the tools to create messages of unsettling authenticity, leading to a click-through rate for scam messages reaching up to 1% to 4% mark.

This, coupled with the natural urgency and trust associated with SMS, has made fraud rates climb. Most concerning is the average financial damage per successful scam, now standing as high as €800.

I fell for the scam via a Facebook ad that looked exactly like any other pre-cycling season offer, leading to a legitimate-looking website and social accounts. The devil was in the details that aren't obvious, especially when you interact via your phone on the go.

New consumer habits naturally bring new opportunities for scammers.

The digital dependency deepened by the pandemic has left consumers more vulnerable, with 58% of UK adults aged 25-34 reported experiencing phishing attempts, based on The Office for National Statistics.?

Who's responsible for sending scam messages - the scammers, of course, who, in most cases, are organised and highly effective.?You can see the organisation become apparent via the same form of campaign hit multiple markets at the same time in the respecive local languages.

Who is responsible for letting it grow out of control? Well, multiple actors: the brands for not educating their customers, the MNOs for not setting up better filters and investing in security, the governments for not mandating stricter security measures to push other entities to do more, and of course, us.

Us for not being more careful, us for not demanding for better protection, us for not educating ourselves and us for using easier, faster and less secure ways in the name of convenience.

GDPR: A hero and a hurdle.

Now, fighting the scams and fraudsters is our bread and butter.

Here’s the catch. We are doing it with one hand tied behind our back.?

While GDPR aims to protect consumer data, it also restricts what can be done with that data, including the scanning or filtering of messages for fraudulent content. You can do a few things, but you start getting into trouble when you try to build complicated models that require multiple data points and cross-processing.

Since the amount of data points you can analyse as a middle-man is restricted, the information you get to make a decision on is also limited. The number, perhaps the URL and some keywords at most, but not details on subscribers, their habits and the legitimacy of the interaction, nor information about the brand outside of the obvious.

This creates a loophole that even some operators exploit, citing GDPR compliance as a reason for their inaction against SMS scams.

Meanwhile, the industry grapples with the adoption of Rich Communication Services (RCS), set against a backdrop of a projected 6.8% dip in SMS usage.

FYI, P2P scam is already on RCS, Whatsapp, Viber and other channels as well. The scammers are ahead of the adoption curve as per usual.

These challenges bring up the necessity for a balanced, collaborative approach involving all stakeholders – from regulatory bodies to telecom providers and, of course, financial services. Initiatives like the MEF’s SMS SenderID Protection Registry are and example of some collective efforts in combating fraud.

Here are five recommendations to consider:

• Champion Consumer Education: Implement educational campaigns addressing the latest fraud tactics and safe communication protocols.
• Leverage Emerging Technologies: Invest in advanced detection methods such as AI and blockchain to identify and prevent fraudulent activities effectively.
• Strengthen Industry Partnerships: Engage in collaborative efforts with regulators, technology providers, and other financial institutions to share knowledge and resources.
• Monitor Regulations: Stay ahead of changes in data protection and consumer privacy regulations to ensure compliance and optimal fraud prevention strategies.
• Promote Secure Communication Channels: Encourage the use of secure alternatives to SMS for sensitive communications, aligning with advancements in messaging technology and consumer preferences, such as Passkey.

Navigating the challenges of fraud is becoming increasingly difficult. Luckily, we are not too far behind. After all, we have outlived many types of scams, and the industry will continue to do so, no doubt of that.??

If you want to read the whole report, you can access it here.

Thanks for reading the “Message Received” newsletter.

What are your thoughts about fraud? Should we be even more alarmed than today?