The government is considering tackling SMS scammers by blocking brand-impersonating messages before they are sent.
The Sender ID Registry – which received a $10.9 million allocation in the 2023 federal budget – works by creating a list of registered brand names and allocating them approved phone numbers.
If a text message attempts to use one of those registered brand names, it gets checked to see if the originating number matches the approved number on its list – if it doesn’t match, the message is prevented from being sent.
In its announcement, the government noted more than 47 per cent of Australians reported exposure to fake or deceptive text messages in the last year, with an estimated $3.1 billion lost to scams in 2022 alone.
Some nine months after announcing the Sender ID Registry, the government has now opened consultation on whether the anti-scam scheme should be mandatory for Australian telcos.
If mandated, the new registry scheme could effectively block SMS scammers from impersonating legitimate brands such as Australia Post, banks, government services, toll providers and more.
“The Albanese Government’s innovative SMS Sender ID Registry is helping to stop criminals from ripping Australians off through sophisticated text message scams,” said Minister for Communications Michelle Rowland.
“We’re committed to a national rollout of the Registry that works for both Australians and the businesses that serve them.”
The scheme works largely off message headers (also known as sender IDs), which are the alphanumeric contact that identifies the sender of an SMS message.
While message headers help users recognise precisely which business has sent them an SMS, they’ve also been heavily exploited by scammers to impersonate legitimate brands such as Commonwealth Bank (CBA), National Australia Bank (NAB) and toll operator Linkt.
In December 2023, the government launched a pilot of the registry which saw both CBA and NAB sign up as participating brands, and also included telcos Telstra, Optus, TPG Telecom and Pivotal.
Last week, Australian Communications and Media Authority (ACMA) chair Neridah O'Loughlin told a senate hearing the Australian Taxation Office and Services Australia had also joined, and that the “second stage” of the pilot would see it expanded to “blanket coverage across the telco industry”.
Senator Ross Cadell asked if Linkt would appear on the list – stating “I think I owe them 14 grand from the number of texts I get” – though O’Loughlin said the oft-impersonated company would not be participating “quite yet”.
“We're certainly in conversations with organisations such as Linkt and Australia Post,” said O’Loughlin.
“They are very well aware that their brands are being undermined by these processes.
“Some of the brands we deal with are looking at alternative ways of communicating with their customers through things such as apps rather than sending SMS at all.”
The government is now seeking feedback from consumers, industry, charities, and government services to inform decision-making about next steps, including funding models for the scheme.
Consultation is open until 20 March.
Telcos allow “millions” of unsafe texts
The registry’s open consultation arrives only days after telco regulator ACMA announced it has taken action against five telcos for failing to comply with anti-scam and public safety rules.
Investigations by ACMA found Message4U Pty Ltd, SMS Broadcast Pty Ltd, DirectSMS Pty Ltd, Esendex Australia Pty Ltd and MessageBird Pty Ltd allowed “millions of SMS” to be sent using sender IDs without sufficient checks to ensure they weren’t scams.
The biggest offender of the bunch was Message4U, which allowed about 36.1 million SMS to be sent in breach of anti-scam rules between 12 July 2022 and 8 June 2023.
According to ACMA, the non-compliant action allowed scammers to impersonate well-known brands and government services, with SMS Broadcast’s and Message4U’s failures enabling over 1.2 million impersonation scam texts to be sent.
ACMA member Samantha Yorke noted Australians self-reported over $25 million in losses to SMS scammers last year, and described the telcos’ failures as “unacceptable”.
“Scammers will always look for cracks in systems and if even one telco fails to have its compliance in order, it can open the door for scammers to target Australians,” said Yorke.
“Telcos must have processes in place to ensure that customers sending bulk messages are verified.”
Each of the five telcos have been formally directed by ACMA to comply with relevant industry codes – which is the strongest enforcement outcome available to ACMA for initial breaches.
ACMA also noted telcos may face penalties of up to $250,000 for breaching ACMA directions to comply with industry codes.
"We will be closely monitoring for any scam activity coming via these telcos and will not hesitate to take action if we find evidence Australians are being placed in harm’s way again,” said Yorke.