Beware vishing and smishing: regulator vows to fight scam calls

Malta’s communications regulator is exploring ways of filtering out scam calls and SMS spoofing with tech providers in Malta who operate international network interfaces.

The Malta Communications Authority is seeking industry input on caller scams in Malta, in a bid to collect insights on potential preventative measures to mitigate such scams.

The MCA believes that an eventual outcome will targeting specific calls, purporting to be from national numbers, that are received in Malta over such international network interfaces.

Scams which involve the spoofing of Calling Line Identification (CLI) for calls or Sender ID for SMS, are on the rise globally, facilitated in their spread and evolution by advancements in online communications solutions.

The MCA said scammers increasingly spoof locally known numbers for voice calls, called ‘vishing’, or familiar SMS Sender IDs, ‘smishing’, to abuse of potential victims’ knowledge of, and trust in, such numbers and identifiers.

These social engineering frauds exploit people’s trust to obtain money directly or obtain confidential information to enable a subsequent crime.

The majority of scam calls are transited from a foreign country via international network operators, which makes the fight against such scams complex because it is hard to distinguish between certain illegitimate and legitimate calls. “Accurately determining legitimacy of incoming calls is thus key to the success or failure of any intervention,” the MCA said, however added that distinguishing between the two is challenging, “particularly given that malicious actors use the same, or very similar, tools that facilitate legitimate calls.”

The MCA said the global effort against call spoofing includes solutions such as blocking calls by filtering specific number ranges, or real-time checks that detect possible spoofing of mobile numbers.

Artificial Intelligence could also analyse traffic patterns for unusual activity which could be indicative of potentially fraudulent behaviour.

Over the last years, Maltese phone users have been targeted by various phone scams. In 2022, scammers were impersonating police and Identity Malta officials to access people’s personal information.

The scam targeted eID account holders, with the caller asking for login details while alleging that the account of the receiver has been hacked. It used a pre-recorded message to ask people for their ID information, postcode or card details. Some of the calls allege that the potential victim is linked to financial crime.

In 2017, a series of scam calls to Maltese numbers emanated from such countries like Liberia, the Comoros, or Belize, or Morocco, in what are dubbed as Wangiri scams: Japanese for ‘one and cut’ or ‘one ring’ scam: the fraud lies in the hope that these missed calls are returned, whereupon the unassuming called will then be routed to a premium rate overseas number, and billed a large sum of cash to listen to a pre-recorded message.

The scam is done with autodialling for maximum spread. However, the dialler hangs up after the first ring, so the number is recorded as a missed call on the prospective victim’s phone. If he or she notices the call and assumes that it was a legitimate call, he or she may well dial the ‘missed’ number in order to find out what the call was about.

The scam artists also use phone numbers bought on the dark web, where a healthy trade in illegal goods goes on. This, in fact, confirms the experience of couples at home who receive the scam phone calls within minutes of each other, suggesting that their data has been sold off.