Fighting unwanted SMS messages
The Council of Ministers has adopted a draft law on combating abuses in electronic communication, which aims to reduce the number of abuses in this area. The new regulations require telecommunications entrepreneurs to combat abuses such as generating artificial traffic, smishing, CLI spoofing, or unauthorized change of address information. In turn, email service providers will have to use an email authentication mechanism if the services are provided to at least 500,000 users or public entities.
Criminals are increasingly using telecommunications services for fraud, such as impersonating trusted institutions and calling from a supposedly genuine number. Phenomena such as CLI spoofing or smishing are becoming increasingly common.
CLI spoofing, short for Caller ID spoofing, is a practice in which the caller pretends to be calling from a different phone number that appears on the recipient’s device. This means that if the caller wants their number to appear different from the actual one, they can use various tools or internet services that enable changing the displayed number. Unfortunately, this practice is often used by individuals who operate illegally, such as scammers who impersonate trusted institutions (e.g. banks, police) and call people to extract information, passwords, or money from them. In this way, the callers can deceive their victims and scam them more easily. That’s why CLI spoofing is often considered a threat to security and privacy.
Smishing is a method of fraud involving sending fake SMS messages that also impersonate trusted sources, such as banks or shopping services. For example, a scammer may send an SMS to a person impersonating their bank, with a message stating that their account has been blocked and verification is required. The message includes a link that supposedly leads to the bank’s website, where verification can be done. However, in reality, the link leads to a fake website, where the person entering their information is passing it on to the scammers.
Similarly, scammers may try to obtain information from users about their credit card, account passwords, or other personal information. That is why it is important to always be cautious and check if the received message is actually from a trusted source, and if the links contained in the messages lead to real websites.
What does the draft law provide for?
The draft law introduces a number of solutions aimed at combating abuses in electronic communications. Among the most important solutions are the obligation of telecommunications entrepreneurs to combat abuses and the requirement for providers of postal services to use an email authentication mechanism. The new provisions aim to increase consumer safety and reduce the number of telecommunications frauds.