Vodafone UK Reports 76% Drop in SMS Scams after Implementing Firewall

The fraud management team in Vodafone UK deserves great praise after sustained efforts saw them massively reduce the number of fraudulent SMS messages received by their customers over the course of 2021. They reported that 45 million smishing messages were blocked between August 2021 and the end of last year. This contributed to a 76 percent overall reduction in the number of scam SMS messages received by customers during December compared to May.

Per Vodafone’s announcement, a lot of the improvement followed the implementation of a sophisticated SMS firewall.

Vodafone’s SMS firewall works by assessing the sender and intended recipient of a text, as well as a number of other details, to identify and block fraudulent messages in real-time.

A previous announcement from Vodafone UK said that the new firewall had blocked 18 million fraudulent SMS messages during September, the first full month that the firewall was operational.

Some industry sources privately claim to have witnessed large reductions in the number of messages that fraudsters attempt to send when it becomes clear that filtering technology is effectively preventing the receipt of those messages by consumers. The figures publicly shared by Vodafone UK suggest they have also experienced a reduction in the number of attempted frauds on their network as a consequence of blocking so many messages automatically.

Vodafone’s fraud team keeps striving to do better, and they shared news of an enhancement to the 7726 service which allows customers to report any suspicious SMS messages they still receive. Users of Android phones are now able to report suspicious texts by simply pressing a button in Google’s Messages app. The benefits of simplifying the process to report scams were recently corroborated by a major research study which encouraged 14,773 employees of a large business to press a button on their email client whenever they received a suspected phishing email. The study found that users were accurate in identifying scam messages and would promptly report them using the button.

It is refreshing to hear a major telco openly discussing what they are doing to protect their customers from fraud. Not all of the frauds that telcos need to address are a cost to the telco. Smishing messages hurt the telco’s customers but do not reduce the telco’s profits, which is why it is a mistake to only measure fraud by evaluating the impact on the telco’s bottom line. Customers can be scared away from services if they feel threatened by criminals, but estimating that impact on the telco’s results is close to impossible.

Vodafone UK also deserves praise for openly talking about their success with tackling fraud. The tired old message that fraud is always getting worse is ultimately counterproductive. Investment in technology like firewalls will be improved if we also share success stories about the reduction of fraud. One great outcome from RAG’s global leakage survey was that professionals working for comms providers reported significantly lower totals of fraud for 2021 compared to 2020. This contrasted sharply with the figures reported last year by the CFCA, whose smaller US-oriented survey claimed yet another increase in fraud, with losses estimated to be 28 percent worse since their previous survey in 2019. If US telcos are not deploying effective filters like those used by Vodafone then it would explain why their survey keeps painting a gloomy picture of endless failure.

It is also worth observing that some telcos never want to say anything publicly about fraud, even if they have been successful in reducing it, because they believe any mention of the topic will frighten customers. This is an oversimplification that is ultimately damaging to telcos. Customers hear about fraud from many other sources too, so telcos need to get ahead of the problem and talk sensibly about how they are addressing fraud instead of pretending it does not exist. It is deeply unhealthy for professionals to tell each other that fraud is increasingly out of control whilst expecting customers to live by the maxim that ignorance is bliss. If we are acting with integrity then the information given to customers should be consistent with what professionals say to each other.

Fraudsters may adapt their methods, but telcos must show they can also adapt, and that when they adapt they can score a major success in reducing crime. Let us hope that Vodafone UK has set a precedent and that other telcos will soon report how much they have reduced the fraud suffered by their customers.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.