It is easy to tell who is really prioritizing the protection of phone users from crime and who is merely posturing. Malaysia demonstrated the difference last week when multiple telcos simultaneously imposed blocks on the sending and receiving of any person-to-person SMS message that includes a link to a website. It is still possible for businesses to send application-to-person SMS messages that contain URLs but these will also be banned soon. The blocks mean Malaysians will be protected from smishing, the use of SMS messages to direct the unwary towards phishing websites that steal logon credentials or other personal data by appearing to belong to a government agency or legitimate business.
The new blocks went live on May 2 and were implemented by four Malaysian telcos: Celcom, Digi, Maxis and U-Mobile. The telcos were obeying a directive from the country’s comms regulator, the Malaysian Communications and Multimedia Commission (MCMC), that was announced on April 1. Deputy Minister of Communications and Digital, Teo Nie Ching, explained that the purpose of the filters was to protect consumers from fraud.
Malaysia is not alone in clamping down on the sending of URLs via electronic communications. The Nation reports that members of the Thai Bankers’ Association (TBA) will no longer provide links in messages sent by SMS or email. 16 Thai banks have committed to the new anti-fraud protocol.
Various governments and regulators around the world are talking tough about online fraud, smishing and robotexting. But the operative word is that they are talking tough whilst taking little effective action. Some are currently searching for wonder technologies that will supposedly discriminate between good communications and bad communications. This is a sop to businesses and government agencies who are reluctant to give up the convenience of sending messages with links in them. But their convenience is of trivial importance compared to the harm being done to ordinary people by fraudsters.
Instead of wasting time on the hunt for wonder technologies we should be acting decisively to stop the hemorrhaging of cash to organized crime. The zero trust philosophy adopted by Malaysia is the correct approach because it delivers comprehensive protection today, not at some uncertain point in the future. Developers of wonder technologies want to allow crime to remain rampant so they can treat the real world like a laboratory, much as technology companies always have. This allows them to collate vast amounts of data and learn from their mistakes. The problem is that real people will suffer in the meantime, and the stress and suffering caused by crime is no mere data point to them. If wonder technologies based on AI and digital signatures can be perfected then we can always roll back the blocks later on. In the meantime, I hope other countries follow the example set by Malaysia.