Telcos get green light to crack down on SMS scams

Aussie telcos will soon have more power to shut down SMS scammers, thanks to new regulatory changes announced by the Federal Government.

Amendments to the Telecommunications (Interception and Access) Act will allow mobile providers to better identify and block scam text messages via the use of more sophisticated technology, including artificial intelligence engines and advanced algorithms. First announced by the Minster for Home Affairs Karen Andrews, the regulation tweaks have been praised by Australia’s two largest telcos, Telstra and Optus – particularly in light of the ‘Flubot’ malware scam currently targeting Aussie smartphone owners.

The new anti-scam tactics were developed by the Government in partnership with key voices in the telecommunications sector, after reports of SMS and phone scams doubled year-on-year from 2020 to 2021. Consumer advocacy site ScamWatch reports that Australians have lost more than $87 million to phone scams this year, despite efforts from the telco industry to block suspicious and unsolicited calls and texts.

Bulk text message scams are generally designed to defraud customers, or to infect devices with software that can steal and compromise your data. While the new amendments won’t eliminate scam calls and messages completely, they will give Aussie telcos the authority to block dodgy texts on a much wider scale.

“Scam SMS messages often impersonate well-known businesses or government agencies to ‘phish’ for personal information, or seek to install malware or ransomware on a device,” said Minister Andrews.

“The regulatory amendment we have enacted provides the telecommunications sector with the authority they need to block malicious SMS messages at scale, and protect the Australian public from scammers.”

Optus and Telstra welcome new safeguards

This year alone, Telstra received 11,100 SMS scam reports from customers – a dramatic increase from just 50 reports in 2020 – and blocked an average of 13 million scam voice calls each month. Similarly, Optus blocked more than 100 million scam calls in the first six months of 2021, along with nearly 30 million text messages related to the Flubot scam.

“Our services have never been more critical – but, unfortunately, they are also being used to prey on Australians, particularly the most vulnerable,” said Optus CEO Kelly Bayer Rosmarin.

“Optus is vigilant about protecting our customers, and these amendments provide us with even more options to safeguard our customers from scammers and fraudsters.”

Telstra is currently running a new cyber safety tool pilot internally, which utilises complex technology to recognise scam messages as they travel across the network. The scam-tracking platform can scan the content of each SMS sent to look for suspicious characteristics, and automatically block fraudulent messages before they hit your mobile phone.

The new scam-busting tech is part of Telstra’s ‘Cleaner Pipes’ initiative, which aims to protect retail and business customers against cybercrimes conducted via phone and internet.

“As we expand our proactive capability to detect and block scams in all their forms on our network, across phone and SMS and email, we will be able to keep Australians safer and reduce the amount of money irretrievably lost to scammers,” said Telstra CEO Andrew Penn.

“We’re proud to address this complex issue with the help of the Federal Government, which is providing the necessary guidance and regulatory amendment to support the development and use of this technical capability.”

Source: ACCC/ScamWatch

What is the Flubot scam?

The Flubot malware scam began targeting Aussies in August, with Android phone users being especially at risk. If you’ve received an unsolicited text message asking you to download an app, track a parcel, or listen to a voicemail, it’s likely you’ve been randomly targeted by Flubot scammers.

These messages will contain a link that, if clicked, will prompt you to to download an application that’s actually malware: software that can give scammers access to your accounts, passwords, and personal data. The link itself usually consists an address featuring 5-9 random numbers or letters, although it may attempt to ape a legitimate website.

Some of the ruses Flubot scammers use including advising about a forthcoming delivery, notifying you of a missed call or voicemail, or asking you to view new uploaded photos. Below is an example of a typical Flubot SMS.

Fortunately, in order for the malware to actually infect your device, you need to follow the link included in the text – simply opening the message won’t harm your phone. But if you believe you’ve downloaded Flubot (or any other malware), you should do the following:

  • Do not enter any passwords or log into any accounts, especially online banking or services such as Centrelink.
  • You’ll need to remove the malware from your phone; this can be done by installing anti-virus software, performing a factory reset, or contacting an IT professional.
  • A factory reset will erase all your phone’s data, but is the fastest way to completely remove Flubot from your phone. To reset your phone, head to the Settings app, and look for an option such as ‘Factory reset‘ or  ‘Erase all content and settings‘.
  • You can then restore backups to your phone, as long as they weren’t created after the Flubot malware was downloaded.
  • Change all passwords and login information for any accounts or apps on your device.
  • If financial information is kept on your device, contact your bank immediately.
  • You may also want to contact IDCare if your personal information has been compromised or you’re concerned about identity theft.

Overall, if you’ve received an SMS that doesn’t look right, your best bet is to delete it immediately – especially if it’s unsolicited, or asks you to follow a suspicious link. For more information on common telco and cyber scams targeting Australians, and the best ways to keep your data safe, check out the ACCC’s ScamWatch hub.

Share this article