Kevin Britt, Product Owner for A2P Messaging at BT, stated on Monday that the British network has succeeded in shrinking the number of smishing messages it carries.
Since March 2023, we’ve seen an 83% reduction in A2P SMS smishing on the BT network.
Britt praised fellow employees and partners for this amazing result. Specific credit went to:
- several law enforcement actions that were supported by a colleague who is dedicated to the task of investigating and mitigating smishing;
- the bespoke firewalls developed by BT’s Messaging Operations team; and
- the SMS aggregator and CPaaS partners who comply with the Code of Conduct that BT introduced in September 2023.
This is a strong message because it is so simple and direct. It consequently highlights how other telcos are going wrong. To begin with, big telcos need to put money into investigating crime because criminals will never give up if telcos only address the symptoms of crime. It was telling that Britt paid tribute to BT’s dedicated smishing investigator as well as the work done by the cops. It may then seem obvious, but firewalls have an essential role to play in filtering out bad traffic, and this needs to be reiterated. A lot of telcos still need to put more investment into improving their firewalls. Finally, the industry has been making progress with adopting codes of conduct that are respected by multiple players in the messaging ecosystem. The Mobile Ecosystem Forum’s Business SMS Code of Conduct has helped to shape this trend, which was later reinforced through guidance issued by the UK’s Cyber Security Centre.
Some of the key commitments in the anti-smishing code that BT introduced last year include:
- blocking messages where the Sender ID includes one of a series of words often exploited by scammers, such as ‘bank’, ‘caution’ and ‘package’;
- restricting who may use names associated with specific reputable organizations, such as ‘Mastercard’, ‘Student Loans Company’ or ‘Uber’;
- limiting the special characters permitted in a Sender ID to eliminate the risk of criminals using lookalike characters to mimic genuine organizations;
- blocking messages from numeric IDs that do not begin with a UK dial code;
- blocking short codes that do not follow permitted formats; and
- blocking suspected spam or fraudulent URLs included within the body of a message.
These common sense controls should be emulated by telcos everywhere. However, BT still feels more needs to be done to protect the public. As Britt explained:
…from the 10th July 2024, [BT] will block all banking and logistics-based SMS unless it’s submitted via a single dedicated A2P Trusted bind. ❌ The move will allow BT to implement more aggressive and robust blocking controls with the comfort of having no false positives.
As of today, British phone users will be even better protected from smishing. Bravo!
Britt shared the news via his personal LinkedIn account; you can see his post here.



