Telstra has piloted a new malicious text message blocking service on its network that stops impersonation attempts from reaching Services Australia customers.
Working with Services Australia and the Australian Cyber Security Centre, the telco has completed a technical proof-of-concept, which could be rolled out more broadly in the future.
The network-level blocking service automatically identifies and rejects phishing text messages that appear to be sent from myGov, the government’s online services portal, and Centrelink.
In a media briefing on Tuesday, Telstra CEO Andy Penn said the service works by “using metadata to identify illegitimate SMS traffic spoofing using Telstra SenderIDs on our network”.
He said that current SMS system specifications meant that malicious actors could spoof the sender field to trick people into thinking they had received a legitimate message and directing them to click on a link.
But Telstra has created a list of approved sources associated with particular SenderIDs to block messages not sent from designated Services Australia addresses.
“The proof-of-concept has been successfully trialled, rejecting messages … coming from unapproved sources from reaching our customers,” he said.
“We’re now at the point of scaling up this activity, and hope this is in full operation by the end of the year.”
While it will not completely eliminate risk, it will go a long way to reducing Services Australia SMS phishing scams, which are one of several methods used by scammers.
Responsible for the majority of the customer-facing services, Service Australia is one of the most impersonated agencies in the government.
The agency has seen a gradual increase in phishing scams sent by email, SMS and social media since 2018, with further rises since the coronavirus pandemic began.
Government services minister Stuart Robert said that between July 2019 and June 2020 reported scam losses from Services Australia customers hit record highs.
“In the 2019-20 financial year, almost 920 Services Australia customers reported scam losses totalling more than $6.4 million—an increase of $500,000 from the previous year,” he said.
The Australian Competition and Consumer Commission has also received 2708 reports of scams involving Services Australia or myGov impersonations in the first half of this year.
It put losses at more than $200,000 collectively, which was well below the $905,000 cost of 2389 scams that spoof the ATO – by far the highest of any agency.
Defence minister Linda Reynolds said the ACSC was a key contributor to the pilot, providing insights into the tradecraft and motivations of cyber criminals.
“This pilot program, which will eventually lead to industry-wide solutions, demonstrates how government and industry can work together to better protect Australians from cyber threats,” she said.
Penn said Telstra is now blocking around a million scam calls each month and 20 million suspicious emails every day, bolstered by the telco’s recently announced ‘cleaner pipes’ initiative.