Messaging security for evolving threats

Cybercriminals continue to target UK mobile users with smishing attempts… but reporting them just got easier!

Share with your network!

 Mobile fraud and abuse remain a serious issue in the UK as campaigns are becoming more targeted and sophisticated. Proofpoint research shows that 86% of UK organisations reported an attempted smishing attack in 2022, the highest of all global counterparts.

While our data shows that the levels of reported smishing attempts in the UK have in fact appeared to cool off compared to last year, we are seeing evolving trends in cybercriminals’ attempts to target mobile users.

For example, conversational scams were the fastest growing mobile threat of 2022. In the UK, Proofpoint researchers have seen a 196% increase in these types of attacks in the first half of 2023, compared to the first half of 2022.

Unlike conventional phishing or malware delivery, these attacks unfold over a series of seemingly benign interactions and prey on mobile user’s emotions, often posing as family members, until the victim’s trust has been won. The nature of these scams mean that they are more difficult to detect by filtering systems, as well as targeted customers/subscribers.

figure 1 - conversational

Figure 1. Example of a conversational smishing message

conversational smishing

 Figure 2. Example of a conversational smishing message

Our research shows that despite the rise in conversational-style scams, attackers are still favouring the use of delivery-themed lures in the UK, with lures relating to delivery brands representing 26% of all smishing abuse in the UK in the first half of 2023.

delivery smishing

Figure 3: Example of delivery-themed smishing attempt

simplified reporting 2

Figure 4: Example of simplified reporting

Reporting smishing just got easier in the UK

The news isn’t all bad, though. Proofpoint’s Cloudmark division enables customers of participating mobile network operators (MNOs) globally, including the UK, to report abuse, spam, smishing and unwanted text messaging. For over ten years, recipients have been able to report this abuse by forwarding messaging to the short code 7726, which spells “SPAM.” These reported messages help make the global mobile ecosystem safer for everyone.

Over the past few years, things have been even easier for owners of Android phones. These devices support simplified reporting that helps users keep their messaging inboxes clean while sending unwanted or malicious messages to their MNO and to Proofpoint.  

And now, with the recent release of Apple iOS version 17, UK-based Apple iPhone users on participating networks have access to similar simplified reporting capability enjoyed by Android users. With a UK-based iOS 17 device, users can simply report an abusive or unwanted message from an unfamiliar sender by pressing the “Report Junk” option, as shown in the example Figure 4. Reporting a message in this way will mark it as junk/spam and send the message to Apple and our Mobile Abuse Visibility Solution via the MNO’s messaging infrastructure.

“Reporting unwanted messaging empowers the mobile consumer to protect themselves and the wider mobile ecosystem.  UK-based operators have led the way here - offering mobile reporting through the #7726 service for over a decade.  The advent of simplified smishing reporting for both Android and iOS devices will make reporting of abuse more mainstream, and we welcome this rollout,” stated Hamish MacLeod, CEO UK Mobile.

Simplified reporting is a proven success

This feature was rolled out in the US in September 2022 and in Canada in June this year and has been met with great success. Since implementation of simplified reporting, we have seen overall reporting skyrocket by 15x in the U.S. and 9x in Canada.

us smishing data

Figure 5: Aggregate US smishing reports since January 2022

canada smishing

Figure 6: Aggregate Canada smishing reports since August 2022

Report, don’t ignore

Reporting abuse is important as it helps mobile network operators, phone manufacturers and their security partners to protect users and enables law enforcement to investigate. When a message is reported through the system, we create a digital “fingerprint” to improve response against current and future threats, all while maintaining strict user privacy controls. The fingerprint uses both message content and metadata related to the sender and network, and those classified as spam, abuse, or otherwise malicious, are propagated to Proofpoint’s Cloudmark global solutions within 30 seconds. Any smishing matching the fingerprint will then be proactively blocked, improving the ecosystem for over 1.6 billion mobile users worldwide.

See below for some top tips on what to do if you do think you’ve fallen victim to or are at risk of social engineering attacks whether it’s via email, SMS or phone call:

  • It’s important to remember that it isn’t difficult for scammers to obtain your number fraudulently. If you do get a request from your bank/another organisation via text message, phone call or email, do not interact instead, call your bank directly on the legitimate number. Never provide any personal details over the phone, by text message or email to an unsolicited caller.
  • Whenever you receive a text message, including some sort of warning from your bank or package delivery notification that contains a web link, do not use the web link provided in the text message. Instead, use your device’s browser to access the sender’s website directly, or use the brand’s app, if you already have it installed on your device. Do this as well for any offer codes you receive by entering them directly into the sender’s website from your browser.
  • Report SMS phishing (smishing) and spam to via the new simplified feature in iOS 17. If your mobile provider has not yet implemented the feature, continue to report to the Spam Reporting Service. Use the spam reporting feature in your messaging client if it has one, or forward spam text messages to 7726, which spells “SPAM” on the phone keypad.

Disclaimer: At the time of publishing, not all UK mobile providers currently offer the simplified reporting feature to customers. We highly anticipate that other providers will offer the service soon.