KUALA LUMPUR – The Malaysian Communications and Multimedia Commission’s (MCMC) move to ban prohibited content in short message services (SMS) is a timely and much-needed decision which could hamper scammers’ efforts, said cybersecurity experts.
According to cybersecurity firm Novem CS Sdn Bhd chief executive officer Murugason R. Thangaratnam, the landmark enforcement displays the nation’s dedication to prioritising the protection of phone users and sets Malaysia apart from “posturers”.
In giving MCMC’s move his nod of approval, Murugason asserted that various other governments and regulators globally are merely “talking tough” about online fraud, “smishing” (social engineering), and robotexting (spam messages) while taking little effective action.
Smishing refers to a social engineering attack which uses fake mobile text messages to trick people into downloading malware, sharing sensitive information or sending money to cybercriminals.
Robotexting, meanwhile, refers to junk messages sent by a spammer attempting to con users into tapping a link, opening an attachment, calling a number, or installing malware.
“Some (governments and regulators) are currently searching for expensive technologies that will supposedly discriminate between good types of communication and bad (types),” he told Scoop.
“This is a standard operating procedure (for) businesses and government agencies which are reluctant to give up the convenience of sending messages with links in them.
“However, their convenience is of trivial importance compared to the harm being done to ordinary people – especially to senior citizens – by fraudsters.”
He added that the “zero-trust philosophy” adopted by MCMC is the correct approach as it delivers immediate comprehensive protection which could protect users today, instead of at some uncertain point in the future.
Noting that the ban on prohibited content in SMS could be rolled back if artificial intelligence and digital signature-based technologies are perfected, Murugason cautioned that a lack of political will to make “tough decisions” will allow online crime to remain rampant.
Previously, MCMC announced that the banned content in SMS includes hyperlinks, requests for personal information, and phone numbers for callbacks – with the directive being enforced since September 1.
Murugason said MCMC is not alone in clamping down on the sharing of URLs or hyperlinks via electronic communications, pointing to similar rules implemented by members of the Thai Bankers’ Association and the Australian Taxation Office.
“Cybercriminals often use hyperlinks in targeted smishing scams where the hyperlinks take individuals to highly sophisticated fraudulent websites, such as fake ‘.gov.my’ sign-in pages designed to steal your personal information or install malware into your device.
“There is no silver bullet when it comes to security, but this crucial move by MCMC is certainly going to give the fraudsters a tougher time,” he added.
Meanwhile, MCMC’s online harms and information security committee chairman Derek Fernandez said that from 2022 until July this year, the commission had blocked more than 1.2 billion unsolicited SMS.
Within the same time frame, more than 1.4 billion suspicious calls were flagged as potentially fraudulent or harmful and prevented from reaching the users’ phones, while 118,184 mobile and fixed phone lines were terminated for sending suspicious SMS.
While MCMC’s ban on prohibited content in SMS weakens cybercriminals’ options for delivery of a weaponised package, Derek said that the initiative would also have to be extended to other internet messaging systems as cybercriminals are likely to alter their modus operandi to entice victims.
“As a precaution, the public should not click links on any online messaging platform, unless they could confidently and independently verify the web address (in the link) using credible search engine tools,” he said when contacted by Scoop.
He added that while advertisers are still allowed to promote their wares through SMS, they will have to provide the name of a website which can be searched using a search engine and verified by means other than the SMS itself.
Those who continue to receive suspicious SMS are encouraged to file complaints via the MCMC complaint portal at aduan.mcmc.gov.my.
Complainants should include details such as the sender’s phone number or short code, the recipient’s phone number, and screenshots of the received SMS. – September 4, 2024