The National Cyber Security Centre (NCSC) has just published new guidance to assist in the fight against scams, and all organisations can play their part as the number of dodgy text messages (SMS) and phone calls increase. Fraudsters are willing to exploit trusted brands, especially large organisations such as the NHS, for their own financial gain.
The NCSC guidance will help organisations ensure that the telephone and text messages that they send out are consistent and trustworthy and reach their recipient without being blocked or deleted as suspicious. The practices recommended make it harder for criminals to exploit telecoms channels and enable the authorities to be more efficient in detecting and preventing fraud on telecoms networks.
The technology and systems that underpin mass communications cannot reliably tell the recipient who it was that originated a SMS message, meaning cyber criminals are able to pose as legitimate organisations, mimicking their communications, and concealing them with a malicious link or a fraudulent request for information.
Spoofing a telephone number is also easy for criminals. They can make a call that originated overseas look like a local call from a number that you trust. The NCSC guidance provides comprehensive advice on creating trustworthy content for your SMS messages and the due diligence that should be conducted for both your SMS and telephone communications.
The full guidance can be found here: NCSC Guidance
NCSC has published the nine Top Tips to help your recipients identify legitimate
messages and help the authorities track and stop fraud on networks;
- Keep messages simple and consistent
- Use minimal phone numbers, SenderIDs and email addresses
- Publicise your contact details – the numbers and email addresses, websites
- Do not ask for personal details
- Use links sparingly and make them human readable
- Apply the NCSC guidance to your supply chain due-diligence
- Provide a way for your recipients to independently check your communications
- Provide a means for your recipients to contact you independently
- Provide guidance on how scams can be reported