The Australian Communications and Media Authority (ACMA) has taken action against three telecommunications companies linked to SMS scam texts.
The investigation has found that compliance failures at these telcos resulted in scammers being allowed to send SMS road toll, Medicare and Australia Post impersonation scams to consumers.
According to ACMA, the three telcos – Sinch Australia Pty Ltd, Infobip Information Technology Pty Ltd, and Phone Card Selector Pty Ltd – were responsible for allowing SMSs to be sent using text-based sender IDs (such as ‘AusPost’) without sufficient checks.
Text-based sender IDs can be used by scammers to pose as legitimate organisations, such as government agencies, banks, and road toll companies. Under the Reducing Scam Calls and Scam SMS Code, Australian telcos must obtain evidence from customers that they have a legitimate reason to use text-based sender IDs (such as business names) in an SMS.
ACMA said Infobip alone allowed 103,146 non-compliant SMSs to be sent, including scams impersonating well-known Australian road toll companies. Following this, Sinch allowed 14,291 non-complaint SMSs to slip through its filters, among which included Medicare and Australia Post impersonation scams.
ACMA Chair Nerida O’Loughlin stressed that while there was no suggestion that telcos were involved in scam activity themselves, the investigations proved that scammers were ready to take advantage of any vulnerabilities.
“Scams that impersonate reputable organisations can be particularly hard for consumers to recognise and there’s no telling how much damage could have been done as a result of these scam texts,” she said.
Following the investigation, Sinch and Infobip were given formal directions to comply with the obligations – the strongest enforcement action available for code breaches. Phone Card has been handed a formal warning.
Phone Card was also identified to have inadequate systems in place to comply with the rules; however, there was no evidence that scammers exploited the opportunities.
Telcos may face penalties of up to $250,000 for breaching the ACMA codes. ACMA states that combatting SMS and identity theft phone scams are among its top compliance priorities.