NCSC launches new guidance for organisations on securely communicating with customers via SMS and phone calls
- National Cyber Security Centre guidance issued to help businesses produce communications their customers can trust
- Follows rise in scams spoofing popular brands with fake deliveries becoming the most popular text scam
- Anyone who receives a suspect text should forward it to the 7726 scam text reporting service
BRITAIN’S cyber security experts have published new advice for businesses on creating trustworthy customer messages following a rise in text and call-based scams such as those involving fake parcel deliveries.
The guidance published today by the National Cyber Security Centre (NCSC), a part of GCHQ, sets out how businesses can contact customers via telephone and SMS in a way that is more secure and distinguishable from increasingly convincing scams. It includes nine tips for organisations to follow to create messages their customers can trust.
Fraudsters commonly impersonate well known and trusted brands to trick people with scams that capitalise on current trends.
The NCSC is now urging businesses to do their bit in the fight against scammers by issuing communications that are more easily distinguishable to the public from scams.
NCSC Technical Director Dr Ian Levy said:
“Most of us will have received a suspected dodgy text or call during the pandemic and we know these scams are getting more convincing.
“To counter this, we need legitimate customer text and telephone messages to be secure with clear signposts of authenticity that give confidence to customers.
“I’d urge any organisations that contact their customers via SMS or telephone to consult our new guidance and ensure they’re doing all they can to protect their customers from cyber crime and fraud.”
The Chancellor of the Duchy of Lancaster Steve Barclay said:
“Scammers are getting creative: copying messages and calls from major companies, faking parcel delivery texts or pretending to be our bank. It’s very easy to fall prey to these criminals.
“The Government is determined to make the UK the safest place to live and work online and, through our National Cyber Strategy are strengthening laws and working across society to fight malicious online activity.
“But businesses must also play their part to stop these criminals from destroying their reputations and stealing customers' money. I urge them to work with the National Cyber Security Centre to ensure the public can trust when they are being contacted.”
The new NCSC guidance covers various aspects of secure customer communications including issuing consistent and trustworthy SMS and telephone messages, measures to make it harder for criminals to exploit telecoms channels, providing a route for customers to independently verify communications and more.
Opportunistic scammers have tried to entice people over the past year by spoofing popular brands intrinsically linked to the pandemic, from Amazon to Netflix to the NHS.
The boom in online shopping has resulted in many scammers impersonating legitimate texts from delivery companies to entice the public while illegally abusing established brands. People who receive what they suspect is a scam text should forward them to 7726.
UK Finance has published data showing that delivery scams are the most prevalent type of ‘smishing’ text messages in 2021, and the NCSC has published guidance on avoiding scams sent via ‘missed parcel’ texts.
The NCSC is supportive of businesses own efforts to prevent their brand being abused by scammers and the measures telecoms operators take to reduce the amount of smishing on their networks.
Jenny Hall, Director of Corporate Affairs at Royal Mail, said:
“Royal Mail is committed to preventing and detecting fraud and we welcome this new guidance from the NCSC. We work with UK law enforcement agencies, Trading Standards and other organisations to share information and support robust proactive action against scams to protect our customers.
“We have strengthened our ability to detect, monitor and takedown any malicious sites that claim to be from Royal Mail and report any offending sites and suspicious numbers to the appropriate authorities as soon as we are made aware of them.
“If customers are concerned about a message, they’ve received from us and want to make sure it’s genuine, they can check for status updates on their item by using the Royal Mail app or visiting royalmail.com.”
BT Security Managing Director Kevin Brown said:
“We’ve seen a massive increase in scam activity as cyber criminals looked to exploit people’s needs and anxieties over the last couple of years.
“These scams continue to have a huge impact on individuals and businesses, and organisations across the telecoms and security industries are constantly working to make it more difficult for them to happen.
“However, one of the most simple and effective steps all businesses can take to tackle scams is to ensure that we follow these best practices, so that our customers can more easily identify and verify genuine communications.”
The NCSC is taking unprecedented action to remove malicious scams from the internet as part of its Active Cyber Defence programme. 700,595 phishing campaigns were taken down in 2020: a fifteen-fold year-on-year increase.
People can visit the government’s Cyber Aware website to find out more about the six steps they can take to protect accounts and devices from the majority of cyber crime.