For years, Australians have been losing millions to scammers and in have already lost almost $100 million so far this year. The numbers keep going up and all indications point to 2020 being the worst year on record in terms of financial loss. As Australia’s largest telco we’re acutely aware of the serious threats faced by our customers from scammers and cyber criminals. We block more than a million malicious spam calls on our network each month and a growing number of SMS messages. With a new pilot program announced today, we’re about to do even more to keep our customers safe.

We have been working closely with the Australian Cyber Security Centre (ACSC) and Services Australia to keep scammers out of the SMS channel by introducing a new security measure to block malicious text messages from reaching Telstra customers.

A new pilot program to make SMS safer

In simpler terms, when a text message is sent over our network, using information called “metadata”, we can identify and reject illegitimate phishing text messages impersonating a specified senderID before they reach Telstra customers.

Working with the ACSC and Services Australia, we have created an approved list of official sources associated with particular SenderIDs, like myGov or Centrelink. It means any message with a SenderID that doesn’t originate from an approved source will be stopped from making it through to Telstra customers.

We are currently rolling out Phase One of a much larger project that we hope to scale up in the coming months to protect more organisations and their customers from scammers.

This work also aligns with Australia’s 2020 Cyber Security Strategy and the recommendations from the Industry Advisory Panel, which we look forward to helping implement in conjunction with the Government, business, and the community.

Spotting SMS scams

While the methods and techniques of cybercriminals constantly change, cyber risk in reality is just like any other risk. Behind the complexity, cyber-crime is just crime, cyber espionage is just espionage and hacktivism is just activism all by another name.

The challenge is the increasing sophistication and the scale; the ACSC believes that one in three adults has been a victim of cybercrime. The unfortunate fact is anybody who owns a mobile phone, anyone who sends or receives text messages, is now at risk, and that risk has never been higher.

Those who rely on assistance from Australian Government agencies are at particular risk as scammers often impersonate official bodies and agencies to increase their chances at appearing legitimate.

Take this example of a fraudulent text message designed to trick the receiver into thinking it’s a legitimate message from myGov.

The goal is to convince you to click on a malicious link or attachment that the scammers can use to try to steal your money, your personal data, or both.

The point is we are all at risk – anybody with a connected device is a potential target and scammers think nothing about using almost every brand in Australia – including ours – to try and pull the wool over a customer’s eyes.

Helping to keep the internet cleaner

At a time when scammers are taking increasing advantage of Australians experiencing difficulties and hardship due to COVID-19, it’s important that we have their backs.

This new pilot is part of our Cleaner Pipes initiative which includes a range of existing work designed to help keep our users safe from malicious activity online. In May we dramatically scaled up our Domain Name System (DNS) filtering to ensure that we’re proactively blocking and filtering out the millions of malware communications that attempt to cross our infrastructure.

Connected technologies increasingly sit at the very heart of the lives of most Australians. But as we move more rapidly to a digital economy, we need to be more and more cognisant of the growing cyber risks and those who seek to do us harm online.
For more information on staying safe from SMS malware, check out our best practice guide. You can read more cyber security tips on our Telstra Exchange Cyber Security Hub.