NCSC urges big brands to "scam-proof" public messages

Following a rise in text and call-based scams impersonating well-known and trusted brands, the National Cyber Security Centre (NCSC), in collaboration with UK’s cybersecurity experts, has published a guide setting out how businesses can create trustworthy customer messages.

The NCSC has also urged companies to do their part in combating fraudsters by issuing communications that were “more secure and easily distinguishable to the public” from the “increasingly convincing” scams.

“Most of us will have received a suspected dodgy text or call during the pandemic and we know these scams are getting more convincing,” said Ian Levy, technical director of NCSC. “To counter this, we need legitimate customer text and telephone messages to be secure with clear signposts of authenticity that give confidence to customers.”

Read more: UK businesses expect surge in COVID-themed phishing attacks

The new NCSC guidance covers various aspects of secure customer communications, including issuing consistent and trustworthy SMS and telephone messages, measures to make it harder for criminals to exploit telecoms channels, and providing a route for customers to independently verify communications.

“Scammers are getting creative: copying messages and calls from major companies, faking parcel delivery texts or pretending to be our bank. It’s very easy to fall prey to these criminals,” said Steve Barclay, chancellor of the Duchy of Lancaster. “The government is determined to make the UK the safest place to live and work online… but businesses must also play their part to stop these criminals from destroying their reputations and stealing customers’ money.”

Read more: How to prevent phishing emails from turning into a catastrophe

Opportunistic scammers have tried to entice people over the past year by spoofing popular brands intrinsically linked to the pandemic, from Amazon to Netflix to the NHS, according to the NCSC.

The agency added that the boom in online shopping has resulted in many fraudsters impersonating legitimate texts from delivery companies to entice the public while “illegally abusing” established brands. Data from UK Finance obtained by the department showed that delivery scams were the most prevalent type of “smishing” text messages in 2021.

As part of the guide, the NCSC is encouraging businesses to make nine critical considerations when communicating with customers. These are:

• Keeping messages simple and consistent
• Using minimal phone numbers, SenderIDs, and email addresses
• Publicising contact details, including phone numbers, email addresses, websites, and SenderIDs
• Not asking for personal details
• Using links sparingly and making them human readable
• Applying the guidance to your supply chain due diligence
• Providing a way for customers to independently check your communications
• Providing a means for customers to contact you independently
• Providing guidance on how customers can report scams

Read more: 14% of insurance workers fail global phishing test

“I’d urge any organisations that contact their customers via SMS or telephone to consult our new guidance and ensure they’re doing all they can to protect their customers from cybercrime and fraud,” Levy said.