The American people are fed up with scam texts, and we need to use every tool we have to do something about it.
This is what Jessica Rosenworcel, Chairwoman of the US Federal Communications Commission (FCC) said after releasing a plan that will require mobile carriers to block "robotext" text messages. Just last month, the FCC warned of a steep rise in phishing over SMS (also known as smishing or robotexts). Rosenworcel:
Recently, scam text messaging has become a growing threat to consumers' wallets and privacy. More can be done to address this growing problem and today we are formally starting an effort to take a serious, comprehensive, and fresh look at our policies for fighting unwanted robotexts.
The plan, known as a Notice of Proposed Rulemaking (NPRM), wants mobile wireless providers to "block texts, at the network level, that purport to be from invalid, unallocated, or unused numbers, and numbers on a Do-Not-Originate (DNO) list". Such texts are deemed "highly likely to be illegal".
The FCC is seeking comment on the proposed rules and, more generally, on the problem of robotexts: "We also seek comment on the extent to which spoofing is a problem with regard to text messaging today and whether there are measures the commission can take to encourage providers to identify and block texts that appear to come from spoofed numbers."
The NPRM isn't a new proposition. In fact, Rosenworcel circulated this to commissioners in October 2021, but to outside observers it seems to have sat idle for almost a year. The problem of robotexts is huge, so the lack of urgency is a concern.
When Ars Technica questioned commissioners about when they voted, FCC member Brendan Carr said in an email: "This is a good item, and I'm hoping the FCC moves quickly to an order on it. I can tell you that I was not dragging [my] feet on it."
Robotexts can be anything from annoying to outright harmful, creating opportunities for threat actors to steal data from victims and even infect them with malware. Here is how the FCC describes the risks of robotexts:
Texts can include links to well-designed phishing websites that appear identical to the website of a legitimate company and fool a victim into providing personal or financial information. Texted links can also load unwanted software, including malware that steals passwords and other credentials, onto a device. Scam texts, like scam calls, may involve illegal caller ID spoofing, i.e., falsifying the caller ID information that appears on the called party's phone with the intent to defraud, cause harm, or wrongfully obtain something of value. In 2020, scammers stole over $86 million through spam texting fraud schemes. The median amount stolen from consumers in such scams was $800.
Be on the lookout for scam or spam text red flags. Ask yourself:
- Does it come from an unknown number?
- Does the message give you misleading or incomplete information?
- Does the message contain grammar or spelling errors, mysterious links, or sales pitches?
If your SMS tick any of these boxes, the FCC advises you:
- Don't respond, even if it tells you to text back "STOP" to stop the messages
- Don't click links
- Don't give senders any information they ask for
- Forward it to SPAM (7726)
- File a complaint
- Delete the SMS
The FCC further adds the following to keep yourself, your data, and your mobile devices secure.
- Install reliable security software on your Android or iOS devices.
- Keep all your software updated.
- Consider opting into SMS blocking features your mobile carrier is offering.