Fraudsters will no longer impersonate the bank’s hotline. They found a way to outsmart them

In 2021, the Office of Electronic Communications signed an agreement with the four largest Polish telecoms (Orange, Play, Plus and T-Mobile) regarding closer cooperation in the field of IT security. It concerned primarily the fight against smishing and spoofing.

When it comes to smishing (i.e. extorting data and money via SMS), from March 25 this year, telecoms will block SMS messages with proprietary subtitles that do not come from a public entity.

Within a few weeks, the CSIRT team operating at NASK launched an IT system that will be used to exchange information on fake news between telecommunications entrepreneurs and CSIRT NASK, the Police and the President of UKE.

Thanks to this solution, public entities will be able to reserve overrides used by them for sending SMS. Subtitles are the sender’s name, i.e. information that is displayed instead of the phone number. An example of an override is an abbreviation in SMS titles, e.g. “e-US” used by the National Tax Administration.

I am convinced that thanks to the launch of the system for exchanging patterns of fraudulent messages, to which telecommunications undertakings, the Office of Electronic Communications and the Central Office for Combating Cybercrime can connect from today, the fight against telecommunications abuses and limiting the number of fraudulent SMSes that we all receive every day will be achieved. to the next level. The ability to reserve overrides also has this purpose. We will feel the effects in just 3 months

–

UKE in the war against spoofing. Will implement a unique solution

The second phenomenon that UKE and the operators want to combat is telephone spoofing. It involves impersonating other numbers and then calling victims and pretending to be someone else. Fraudsters use VoIP (Voice over Internet Protocol) technology and the so-called telephone gateways, thanks to which they impersonate, for example, the hotline of a bank, cable television or electricity supplier.

According to UKE, telecommunications operators “will implement effective solutions to counteract spoofing of telephone numbers.” One of the elements of the agreement is the DNO (Do-Not-Originate) database. Phone number owners such as, but not limited to: banks, will soon be able to report their numbers to UKE, which are only used to receive calls and not to initiate calls.

So far, criminals have often taken advantage of the fact that we have our bank’s hotline number saved in our phones, and incoming calls from a given number are immediately associated on the phone display with the name assigned to it in our phone book, thus authenticating themselves. If the operator notices that his network receives a call with a number from the DNO database, he will immediately block it. The DNO database is maintained by UKE, applications for entering a number in this database can be submitted from March 25, and operators will have to implement this solution by September.

–

However, this is not the only blow to fraudsters using telephone spoofing. On February 20, the Office of Electronic Communications and operators signed an agreement that assumes the creation of a unique “safe bay” on a global scale. This will allow you to verify whether the incoming call is identified by a real number or a modified one

If the verification shows that there is a case of CLI spoofing, the call will be either rejected or connected, but without presenting the caller’s number (i.e. the text “Unknown number” will be displayed on the recipient’s screen).

– emphasizes the president of UKE.

Operators will implement this solution by September. – I hope that in this way we will effectively limit the possibility of using CLI spoofing, which in the hands of criminals is an authenticating tool in the practice of impersonation and extortion, which could be read about many times in the media – adds Jacek Oko.