He Ministry for the Digital Transformation and the Civil Service has announced a plan of measures to combating identity theft scams which are made through telephone calls –CLI Spoofing– and SMS sending -Smishing-. These are variants of what is broadly known as phishing and are used by cybercriminals to present themselves to potential victims as an organisation, company or institution that they are not and to defraud them. The aim of the plan is to Increase consumer and business protection and to prevent a decrease in citizens’ confidence in the reliability and security of content transmitted via electronic communications.
The plan revolves around five measures similar to those that, according to the Government, have allowed Finland to reduce identity theft scams by almost 90%.
First of all, Operators will have to block calls that use numbers that have not been assigned to any service, assigned to any operator or awarded to any customer. They will also block calls and SMS with national numbers, but with international origin and which constitute one of the most common sources of fraud.
On the other hand, the National Commission on Markets and Competition will be responsible for managing a data base newly created with users who use alphanumeric characters in their messages, such as the name of a company. Thus, Messages from entities not included in this database will be blocked. by the operators and will not reach the recipient.
Finally, The use of mobile numbers for commercial calls will be prohibitedwhich will allow a citizen to identify that it is a fraud if they receive a call from a mobile number in the name of some entity. In addition, will generally allow the use of 800 and 900 numbers by those who have these numbers assigned for making commercial calls.
He CLI Spoofing It is a form of identity theft in which cyber scammers manipulate the CLI (Calling Line Identification) so that the number matches that of a company or public body. Smishing It consists of sending SMS, either with a numeric or alphanumeric identifier, pretending to be a legitimate entity and inviting the recipient to access a link to a fake website that replicates the real one and to steal personal information and financial keys.
This plan has been drawn up after launching a public consultation at the beginning of the year and now the ministry, through the State Secretariat for Telecommunications and Digital Infrastructurehas initiated the public hearing process for a Ministerial Order that includes the regulatory modifications necessary to implement these measures.