With Spam Texts on the Rise Consumers Must do their Due Diligence
By Reinhard Seidel, Director Products at Clickatell
How to Avoid Spam Texts and Protect Personal Information in the Digital Age
There have been many advantages to the accelerated digital revolution we are experiencing, but a negative impact is the increased risk for cyber threats. In 2020, spam and phishing text messages were up 146% in the US, subjecting consumers to dangerous cybercriminals attempting to steal valuable personal information. While the FCC says they plan to crack down on these messages, it’s still more important than ever that consumers are aware of the tell-tale signs of spam texts and phishing messages, and how message content, encryption security and identity are handled by SMS providers and business chat technology vendors to protect themselves and their information.
Know your customer
As spam and phishing messages are on the rise messaging service providers need to ensure more than ever that its business customers are complying to rules and regulations. This includes communicating compliance rules to brands, ensuring the legitimacy of businesses, understanding the use cases and go through proper approval processes for new service offerings.
These compliance efforts have been underway for several years now in the US when it comes to Short Code services (5-or 6-digit numbers that are used for sending messages). This year mobile operators have launched additional compliance requirements for message traffic that is sent on long numbers (standard 10-digit phone numbers). Those type of message traffic has been flowing largely unregulated in the US for the last 10 years and has been subjected to spamming and phishing attacks by bad actors. Not anymore, as now every entity who seeks to send SMS text traffic in the US is required to register its brand and campaign before being able to obtain a long number and send message traffic. The new regulatory regime is called 10DLC (10 Digit long code). It is the responsibility of SMS providers like Clickatell to enforce those rules and make sure its customers are fully compliant.
Similar to how compliance is managed in the SMS world messaging service providers as well as the large chat app providers such as WhatsApp or Apple are also enforcing strict registration and verification rules. Messaging service provider are required to help qualify and register campaigns and services for its business customers on channels such as WhatsApp or Apple. In addition, they provide end to end service security via message encryption and manage authentication, verification and other security related services for its business customers.
Spotting a Fraudulent Text Message
The first step in identifying a fraudulent message is understanding the different types of phone numbers used to deploy messages. Most legitimate text messages are sent via short code numbers that contain 5-6 digits and are primarily used only by large enterprise companies due to high costs. As mentioned, short code numbers have been strictly regulated for many years making it extremely rare to receive a spam text or phishing attack from a short code number.
On the other hand, if you receive a message from a normal 10-digit phone number claiming to be your bank, network provider, or retailer you’ve engaged with, you need to be cautious. The message could still come from a non-compliant long number that was obtained before the introduction of stringent registration requirements allowing only established brands to send messages via 10DLC regulation. If the message is coming from an 1800 number, it will have also have gone through a verification process and can be considered relatively safe.
What to do if you receive a message from a 10-digit number
If a suspicious text message received on a 10-digit number requires action and includes a shortened URL, consumers should avoid the link provided and contact the brand directly to validate the claim. Chances are the message is fraudulent and the sender is attempting to steal valuable information, so ensure you are calling the company directly and not replying to the sender. Often the fraudster will impersonate a large brand asking for personal information, claiming an account reset, information update, missed shipment, failed payment or even a prize to be claimed.
What can businesses do to mitigate fraud?
Digitalization has transformed businesses, and business owners are increasingly realizing that using chat platforms to manage and mitigate fraud offers them immediate and significant gains. While retailers, banks, financial services providers have traditionally conducted the majority of transactions within a native branded application, there is an increasing shift to use SMS text for brief notifications and complete transactions in rich chat applications such as WhatsApp, Messenger, etc. Likewise, there is a shift to mitigate fraud in the chat channel.
When someone is using a chat application, the identity of the user can be ascertained with a high level of certainty through various means. For example, biometric information such as fingerprint could be used in addition to a standard login and password or the mobile user can be asked to submit a picture of their ID in the rich chat for critical transactions. It is also possible to have additional security questions captured through a chat engagement. All of this means that the fraud department can flag suspicious behavior with a high level of confidence.
In today’s business environment, forward-thinking businesses absolutely must ensure sensitive commercial and customer data remains secure. Incorporating chat commerce platforms with fraud alert programs allows customers to transact via secure chat apps with end-to-end encryption, multi-factor authentication, and privacy.
Next time you receive a skeptical message from a brand, be sure to reference these tips to ensure your data is secure. Happy shopping!
About the Author
Reinhard Seidel is Product Director at Clickatell responsible for Clickatell’s communication platform including messaging APIs and channels such as WhatsApp, SMS, and more. He manages overall communication channel vision and strategy, collecting market input, and defining product roadmap and requirements. For more information, visit https://www.clickatell.com/.