The reason why this issue is still around is because it is just so difficult to tackle. In fact, these types of issues have only gotten worse. With increased online purchases throughout the pandemic, phone scammers have started to send messages from seemingly legitimate phone numbers with fake messages about deliveries in hopes of duping unsuspecting customers.
Cyber security expert Matthew Gribben says that these scammers have gotten good at making these texts look real, mimicking delivery services and even banks, due to vulnerabilities in phone network systems.
According to Gribben, “There’s no way for the current UK phone network to guarantee 100% that the presentation number it is being told is the actual originating number – it has to take your word for it.”
The main problem is that telephone identification protocol, called SS7, is a tech that dates back to 1975. SS7 lets the phone network know what number a user is calling or messaging from, which is called the “presentation number.” That makes it possible for calls to connect to one another. Scammers can steal a presentation number and link it to their numbers instead of the real one.
This impacts both cell phones and landlines, as SS7 is still integral to 2G and 3G cell phone networks that carry our text messages and phone calls. The same goes even uf you have a 5G enabled device.
Some say that SS7 vulnerabilities are still around because telecom companies need to provide access to national security agencies, but Gribben says that this does not have to be the case. He says that SS7 needs to be updated all around the globe. It can’t simply be patched, but needs to be totally replaced.
Katia Gonzalez, who is the head of fraud prevention and security at BICS, a telecoms company based in Brussels that connects cell phone networks, says: “SS7 was developed assuming there would always be legitimate activity [and] goodwill around the use of it.”
She continues: “There’s too much legacy technology [reliant upon it] that we can’t move away from – we’re going to have these SS7 2G/3G networks for at least another 10 years.”
As it doesn’t look like we’re going to have a solution for this problem anytime soon, so your best course of action is to continue to act cautiously. Be suspicious of any number you don’t recognize, and make sure that any messages from banks or companies are legitimate before clicking on any links or sharing any information.