38.4k unique visitors in the last 3 days

BT Claims 83% Fall in A2P SMS Smishing

The leading British network is also going to impose tougher SMS blocks from today.

Kevin Britt, Product Owner for A2P Messaging at BT, stated on Monday that the British network has succeeded in shrinking the number of smishing messages it carries.

Since March 2023, we’ve seen an 83% reduction in A2P SMS smishing on the BT network.

Britt praised fellow employees and partners for this amazing result. Specific credit went to:

  • several law enforcement actions that were supported by a colleague who is dedicated to the task of investigating and mitigating smishing;
  • the bespoke firewalls developed by BT’s Messaging Operations team; and
  • the SMS aggregator and CPaaS partners who comply with the Code of Conduct that BT introduced in September 2023.

This is a strong message because it is so simple and direct. It consequently highlights how other telcos are going wrong. To begin with, big telcos need to put money into investigating crime because criminals will never give up if telcos only address the symptoms of crime. It was telling that Britt paid tribute to BT’s dedicated smishing investigator as well as the work done by the cops. It may then seem obvious, but firewalls have an essential role to play in filtering out bad traffic, and this needs to be reiterated. A lot of telcos still need to put more investment into improving their firewalls. Finally, the industry has been making progress with adopting codes of conduct that are respected by multiple players in the messaging ecosystem. The Mobile Ecosystem Forum’s Business SMS Code of Conduct has helped to shape this trend, which was later reinforced through guidance issued by the UK’s Cyber Security Centre.

Some of the key commitments in the anti-smishing code that BT introduced last year include:

  • blocking messages where the Sender ID includes one of a series of words often exploited by scammers, such as ‘bank’, ‘caution’ and ‘package’;
  • restricting who may use names associated with specific reputable organizations, such as ‘Mastercard’, ‘Student Loans Company’ or ‘Uber’;
  • limiting the special characters permitted in a Sender ID to eliminate the risk of criminals using lookalike characters to mimic genuine organizations;
  • blocking messages from numeric IDs that do not begin with a UK dial code;
  • blocking short codes that do not follow permitted formats; and
  • blocking suspected spam or fraudulent URLs included within the body of a message.

These common sense controls should be emulated by telcos everywhere. However, BT still feels more needs to be done to protect the public. As Britt explained:

…from the 10th July 2024, [BT] will block all banking and logistics-based SMS unless it’s submitted via a single dedicated A2P Trusted bind. ❌ The move will allow BT to implement more aggressive and robust blocking controls with the comfort of having no false positives.

As of today, British phone users will be even better protected from smishing. Bravo!

Britt shared the news via his personal LinkedIn account; you can see his post here.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email