Malaysian Telcos Block All SMS Texts Containing URLs

It is easy to tell who is really prioritizing the protection of phone users from crime and who is merely posturing. Malaysia demonstrated the difference last week when multiple telcos simultaneously imposed blocks on the sending and receiving of any person-to-person SMS message that includes a link to a website. It is still possible for businesses to send application-to-person SMS messages that contain URLs but these will also be banned soon. The blocks mean Malaysians will be protected from smishing, the use of SMS messages to direct the unwary towards phishing websites that steal logon credentials or other personal data by appearing to belong to a government agency or legitimate business.

The new blocks went live on May 2 and were implemented by four Malaysian telcos: Celcom, Digi, Maxis and U-Mobile. The telcos were obeying a directive from the country’s comms regulator, the Malaysian Communications and Multimedia Commission (MCMC), that was announced on April 1. Deputy Minister of Communications and Digital, Teo Nie Ching, explained that the purpose of the filters was to protect consumers from fraud.

Malaysia is not alone in clamping down on the sending of URLs via electronic communications. The Nation reports that members of the Thai Bankers’ Association (TBA) will no longer provide links in messages sent by SMS or email. 16 Thai banks have committed to the new anti-fraud protocol.

Various governments and regulators around the world are talking tough about online fraud, smishing and robotexting. But the operative word is that they are talking tough whilst taking little effective action. Some are currently searching for wonder technologies that will supposedly discriminate between good communications and bad communications. This is a sop to businesses and government agencies who are reluctant to give up the convenience of sending messages with links in them. But their convenience is of trivial importance compared to the harm being done to ordinary people by fraudsters.

Instead of wasting time on the hunt for wonder technologies we should be acting decisively to stop the hemorrhaging of cash to organized crime. The zero trust philosophy adopted by Malaysia is the correct approach because it delivers comprehensive protection today, not at some uncertain point in the future. Developers of wonder technologies want to allow crime to remain rampant so they can treat the real world like a laboratory, much as technology companies always have. This allows them to collate vast amounts of data and learn from their mistakes. The problem is that real people will suffer in the meantime, and the stress and suffering caused by crime is no mere data point to them. If wonder technologies based on AI and digital signatures can be perfected then we can always roll back the blocks later on. In the meantime, I hope other countries follow the example set by Malaysia.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.