Several telcos have been given a slap on the wrist for their failure to stop scam texts being sent to customers.
Investigations by telecommunications watchdog ACMA found Sinch Australia Pty Ltd and Infobip Information Technology Pty Ltd allowed SMS to be sent using text-based sender IDs without sufficient checks to ensure they were being used legitimately.
ACMA found Infobip allowed 103,146 non-compliant SMS to be sent, which included scams impersonating well-known Australian road toll companies.
Sinch allowed 14,291 non-complaint SMS, which included Medicare and Australia Post impersonation scams.
Both companies have been given formal directions to comply with the obligations to safeguard consumers against scam text, which is presently the strongest enforcement action available for code breaches.
Telcos may face penalties of up to $250,000 if they do not comply with ACMA directions to comply with the code.
ACMA chair Nerida O’Loughlin said the investigations showed scammers will readily take advantage of vulnerabilities created by telcos.
“While there is no suggestion the telcos were involved in scam activity themselves, scammers have used their failures to prey on Australians,” she said on Friday.
“This wouldn’t have happened if the companies had adequate processes in place and complied with the rules.”
Another telco, Phone Card Selector Pty Ltd, was also found to have inadequate systems in place to comply with the rules, but there was no evidence scammers took advantage of the opportunities.
Text-based sender IDs can be used by scammers to pose as legitimate organisations such as
government agencies, banks and road toll companies.
Under the Reducing Scam Calls and Scam SMS Code, Australian telcos must obtain evidence from customers that they have a legitimate reason to use text-based sender IDs (such as business names) in SMS.
The federal government has announced that ACMA will develop an SMS sender ID register to help prevent offshore scammers impersonating trusted brands and government agencies.
“This initiative will help close a key vulnerability used by scammers,” Ms O’Loughlin said.
If you think you’ve been scammed, contact your bank and phone company immediately and report it to Scamwatch. Contact IDCARE if you’ve had personal details stolen.
For information on how to spot – and stop – phone scams, visit acma.gov.au/scams.