TRAI’s Masterstroke on Phishing Scams

On 20th August, TRAI has released a new guideline directing telecom service providers to plug loopholes exploited by cybercriminals. Some of the problem and solution that guidelines will fix are as follows:

1. Problem Statement: Phishing SMS

Malicious Android files (APKs), WhatsApp / Telegram channel links (OTT Links) and Phishing websites constitute of one of major vectors of cybercrimes. Following direction will ensure the menace is controlled.

Phishing Message impersonating Indus Ind Bank

Solution:

(b) Effective from 1st September 2024, all Access Service Providers will be prohibited from transmitting messages containing URLs, APKs, OTT links, or callback numbers which are not whitelisted by the Senders.

2. Problem Statement : Unauthorized SMS transmission from header

SMS header mis-use owing to suspected leak in header ID, template ID and entity ID led to sophisticated cybercrimes. Fraud messages from legit SMS headers were difficult to identity and led to economic loss to citizens.

SMS propogating stock trading group from header of St. Joseph Boys School Jalandhar

Solution:

To enhance message traceability, TRAI has mandated that the trail of all messages from Senders to recipients must be traceable from November 1, 2024. Any message with an undefined or mismatched telemarketer chain will be rejected.

3. Problem Statement: Promotional templates registered under Transactional

In General, numeric series SMS header (Ex. AD-391104) are used for promotional purpose. However if the promotional messages are sent from headers which are meant for transactional purpose, it would not be distinguished by citizens and may bypass DND.

Solution:

(d) To deter the misuse of templates for promotional content, TRAI has introduced punitive measures for non-compliance. Content Templates registered under the wrong category will be blacklisted, and repeated offenses will lead to a one month suspension of the Sender’s services

4. Problem: SMS Header Misuse and Tele-Marketer

Unauthorized use of SMS header needs to be notified timely by delivery telemarketers. Also if one header / template is compromised, there are chances others may also be compromised.

Solution:

In case misuse of headers or content templates of any Sender comes to the notice, TRAI has directed immediate suspension of traffic from all the Headers and Content Templates of that Sender for their verification. Revocation of traffic from the Sender shall be done only after legal action is taken by the Sender against such misuse. Further, Delivery-Telemarketers must identify and report entities responsible for such misuse within two business days, failing which they will face similar consequences.

If experts who understand intricacies of technical aspects and business are in regulatory position, Government machineries / regulations will be strong and effective.​

Follow The420.in on

 Telegram, Facebook, Twitter, LinkedIn, Instagram and YouTube