The Australian Communications and Media Authority (ACMA) has taken action against five telcos who send bulk SMS for failing to comply with multiple anti-scam and public safety rules.
Investigations by the ACMA found Message4U Pty Ltd (trading under the brand name Sinch MessageMedia), SMS Broadcast Pty Ltd, DirectSMS Pty Ltd, Esendex Australia Pty Ltd and MessageBird Pty Ltd allowed millions of SMS to be sent using text-based sender IDs (i.e. shortened business names) without sufficient checks to ensure they weren’t scams.
The ACMA found Message4U allowed around 36.1 million SMS to be sent in breach of anti-scam rules, SMS Broadcast 4.5 million, DirectSMS 1.6 million and Esendex Australia 6.7 million in the period from 12 July 2022 to 8 June 2023. MessageBird sent 1.1 million in early 2023.
The investigation found that this non-compliance allowed scam SMS to be sent impersonating well-known brands and government services. SMS Broadcast and Message4U’s failures each allowed over 1.2 million impersonation scam texts to be sent, while Esendex allowed the sending at least 99,000 scam texts.
ACMA member Samantha Yorke said it was unacceptable that telcos had enabled these scams at a time when data shows more Australians are being targeted by scam SMS.
“Australians reported losing over $25 million to SMS scammers last year, and the impact on individuals and families can be truly devastating,” Ms Yorke said.“Scammers will always look for cracks in systems and if even one telco fails to have its compliance in order, it can open the door for scammers to target Australians. Telcos must have processes in place to ensure that customers sending bulk messages are verified.”
The same telcos were also found to have failed to provide customer data to the Integrated Public Number Database. The database is used by Triple Zero to help locate people in an emergency, emergency alerts to warn Australians of dangers like flood or bushfire, and to assist law enforcement activities.
“While we are not aware anyone was harmed due to the breaches, it is deeply concerning so many telcos failed to comply with these critical obligations,” Ms Yorke said.
As a result of the breaches each of the telcos have been formally directed by the ACMA to comply with the Integrated Public Number Database and the Reducing Scam Calls and Scam SMs industry codes. This is the strongest enforcement outcome available to the ACMA for initial breaches of these codes.
Combating SMS scams is an ACMA compliance priority and telcos may face penalties of up to $250,000 for breaching ACMA directions to comply with industry codes.
“We will be closely monitoring for any scam activity coming via these telcos and will not hesitate to take action if we find evidence Australians are being placed in harm’s way again,” Ms Yorke said.
If you think you’ve been scammed, contact your bank and phone company immediately and report it to Scamwatch. Contact IDCARE if you’ve had personal details stolen.
For information on how to spot – and stop – phone scams, visit acma.gov.au/scams.
About Author
