On Monday (September 25), the Act on Combating Abuse in Electronic Communications enters into force. With new regulations, the government wants to protect Poles against, including spoofing, smishing, generating artificial traffic and unauthorized changes to address information.
The government is cracking down on fraudsters. New regulations come into force
Thanks to the new law, we will receive fewer fake calls, text messages and Internet domains. The act is intended to make it more difficult for fraudsters to impersonate institutions of public trust. According to data from the National Police Information System, the estimated value of material losses caused by fraud related to e-banking and phishing in 2022 amounted to over PLN 124 million.
The new act will limit fraud committed using electronic communication services, and telecommunications entrepreneurs will have from 6 to 12 months to implement proportionate solutions to prevent abuse. The obligations imposed in this respect on the president of the Office of Electronic Communications and CSIRT NASK – Computer Security Incident Response Team were also specified:
- The CSIRT NASK team will monitor the occurrence of smishing and provide telecommunications undertakings with message templates that provide the signs of this;
- The President of UKE will maintain a list of numbers used only for receiving voice calls to prevent fraudsters from impersonating the hotlines of offices or other entities.
An application to enter a number in the list will be able to be submitted by public finance sector entities, other financial or insurance institutions, as well as telecommunications entrepreneurs, registering the telephone numbers they use for the customer service office or hotline. Thanks to this, a fraudster trying to impersonate a bank or municipal office included in the list will not make a false call at all.
The new act enters into force. It is intended to protect Poles against cyber fraudsters
Overrides, i.e. SMS message identifiers used instead of phone numbers, will also be protected. An example of an override is “e-US” used by the National Tax Administration. The list of overrides reserved for public entities will be maintained by CSIRT NASK. Telecommunications undertakings will block SMS messages with proprietary subtitles that do not come from a public entity.
Telecommunications undertakings will be obliged to counteract abuses using various organizational and technical measures. One of such actions is, for example, blocking text messages that contain content that constitutes smishing and voice calls that are intended to impersonate another person or institution.
The act also imposes new obligations on large e-mail providers (for at least 500,000 users or public entities), who will have to use SPF/DKIM/DMARC authentication mechanisms. This will limit the activities of fraudsters who try to impersonate trusted institutions and extort data from e-mail users. It will also reduce the number of “man in the middle” attacks, which involve eavesdropping and modifying messages sent between two parties without their knowledge.
Source: Gazeta
Mabel is a talented author and journalist with a passion for all things technology. As an experienced writer for the 247 News Agency, she has established a reputation for her in-depth reporting and expert analysis on the latest developments in the tech industry.
