KLANG: Any short messaging service (SMS) content that includes hyperlinks, callback numbers or requests for personal information is likely to be from scammers rather than legitimate sources.
According to a source involved in network security, the Malaysian Communication and Multimedia Commission (MCMC) issued a statement last year regarding this matter.
He noted that the MCMC had announced that, as of September 2024, the sending of hyperlinks, callback numbers and requests for personal information via SMS would be prohibited.
This directive had been communicated to all telecommunication companies, he added.
However, the source, who wished to remain anonymous, noted that the MCMC faced several additional challenges, especially regarding Internet messaging services such as Google’s Rich Communication Services (RCS) and Apple’s iMessage.
Both of these services are integrated within the SMS application. Consequently, if there is a message icon displayed on the phone, it allows users to receive RCS and iMessage as well.
“I believe both Google and Apple have not ‘ingested’ the rules issued by the MCMC,” he said.
He said the MCMC seems determined to enforce the prohibition ruling on both platforms, given that many had become victims of scams after receiving bogus messages, including those allegedly from the government.
In addition to these, there were other conduits that facilitated scams, including fake base stations, commonly referred to as rogue base stations or Stingrays.
“Phones try to connect to the strongest signals available, and hence, if there is a fake base station with a strong signal, phones will try connecting to it.
“Once connected to the fake base station, scammers operating these bogus transmission stations can send out SMSes that contain hyperlinks and other banned content.
“They can also craft the messages into whatever they want them to be,’’ he explained.
The expert noted that the MCMC is collaborating with telecommunications companies to combat these issues as part of their efforts to eliminate scamming platforms.
To make matters worse, conmen were also spoofing the numbers of telecommunications account holders and using them to perpetrate scams by generating what is referred to as “boomerang traffic”.
“International calls come in and connect to the telcos here through local numbers.
“To curb this, a repository must be created to ensure that when calls from local numbers come from overseas, the caller is indeed overseas and the calls are not coming from spoofed local numbers,” he added.
He explained that when mobile phone users travel overseas, their numbers must go into the repository, as they would be expected to call home from wherever they are.
“But if the account holders are in Malaysia and not overseas, and if calls are being made from their numbers but originating from overseas, the repository should reject those calls,” he said, noting that he is aware the MCMC is also pushing for this aspect.
He said the onus must also be on members of the public to be cautious and immediately delete SMSes that come with hyperlinks seeking personal information as well as with callback numbers.
“They are from scammers and not from any legitimate source,” he added.
