PETALING JAYA: The Malaysia Mobile Technology Association (MMTA), which represents a majority of SMS service providers, is spearheading a critical awareness campaign on potential disruption of SMS services from Sept 1, and to address concerns over the growing menace of scams in the country.
The deceptive schemes are carried out through many channels; including SMS and instant messaging platforms such as WhatsApp, Facebook Messenger, iMessage on Apple devices, and Rich Communication Services (RCS) on Google devices, including 5G Messaging and Advanced Messaging.
In recent years, scams have predominantly been transmitted via SIM cards in the form of person-to-person (P2P) messages. However, the Malaysian Communications and Multimedia Commission (MCMC) took decisive action by directing service providers to filter and block “Prohibited Contents” in P2P SMS messages starting May 2023.
The prohibition includes harmful Uniform Resource Locators (URL), call-back numbers, and requests for sensitive information – common tactics used in fraudulent schemes.
Previously, an exemption allowed Enterprise SMS (application-to-peer or A2P) messages from legitimate entities like government agencies, financial institutions, and corporations to bypass these restrictions, subject to their brand name and short code being approved by MCMC.
However, the commisssion recently announced that as of Sept 1, this exemption will be revoked. Service providers will now be required to block Prohibited Content in all Enterprise SMS messages entirely.
MMTA has expressed concerns about the upcoming content prohibition by MCMC, which will prohibit URL, call-back numbers and requests for information would drastically disrupt legitimate business communication to the public.
MMTA argues that while consumer protection is crucial, these sweeping restrictions could severely disrupt legitimate business communication and indirectly leading to economic uncertainty.
Many organisations, including government agencies, financial institutions and mobile operators, rely heavily on URL within SMS to provide essential services and information. Examples of commonly URL in SMS messages are delivery of e-statements and e-invoices; mission critical/monitoring system status and alerts; confirmation of client appointments/registration/changes; real-time logistic tracking for deliveries; survey for after-sales and service review; password reset link/authentications.
Alex Guidice from Apple Inc shared that Apple uses URL within SMS globally; including Malaysia, and are essential for delivering a superior customer experience, providing clear and concise information, and ensuring timely support.
Guidice has personally written and appealed to MCMC to reconsider the prohibition, which will block all SMS containing URL links (regardless whether or not it is legitimate).
He stressed that the prohibition will create massive disruption in the existing SMS ecosystem, affecting businesses and the general public.
Recent data shows that controls have significantly reduced SMS scams, with complaints dropping from 4,121 in 2019 to 498 in 2023, a 63% decrease. Complaints about SMS scams fell sharply from 58 in Q1 2023 to just nine in Q4 2023.
However, scammers are now moving to instant messaging platforms such as WhatsApp, iMessage, voice calls and social media. These platforms are being used for phishing and malware attacks, causing considerable financial losses to members of the public. Scammers are also using fake base transceiver stations (BTS), which are able to send SMS illegally by “hacking” legitimate mobile operator networks. The fake BTS are able to target handsets nearby and send scam messages containing malicious URL to solicit personal/banking information.
The MMTA said its proactive stance aims to enhance the security and integrity of SMS communications across Malaysia, reinforcing its commitment to combating the evolving threat of digital scams, but strongly believes that blocking “prohibited contents” within SMS is unlikely to impair scammers who are now using other digital channels such as fake BTS, instant messaging, emails, social media and fake QR codes