Telstra is currently blocking around 30,000 malicious domains a month as part of its
“Cleaner Pipes” program. The telco in 2020 first detailed its DNS filtering initiative after
a 12-month trial that sought to protect customers from malware.
Yesterday the telco’s chief information security officer Narelle Devine
revealed that a companion project targeting SMS phishing had notched
up a new milestone and was blocking more than 1500 malicious texts a
minute.
Since Telstra launched its SMS scam filter in April it has blocked
more than 185 million malicious text messages, the telco said.
“So Telstra is blocking scam text messages now at a network level before
they even reach your mobile device and after spending some time fine tuning the
technology we’ve now rolled that out to every customer on Telstra’s network which
means less scam texts reaching you,” Devine said.
The CISO added: “The actual capability is complex and it’s constantly evolving. But
in really simple terms, we’re applying knowledge of what the scam messages look like
to block them at a network level. So we have automatic machine scanning and it picks
out suspicious content such as malicious links and other characteristics like time,
sender and recipient. So if a message looks suspicious, we’ll block it before it reaches
you.”
Telstra said that it had also stopped more than 200 million scam calls from reaching
customers since the mid-2021 rollout of a new blocking feature.
The SMS phishing milestone followed the federal government in November 2021
changing rules to telecommunications interception regulations to effectively enable
telcos to scan texts for malicious contents.
The change, signed by former Home Affairs Minister Karen Andrews, allowed a
court to take into account the interception of a communication by a telco employee
“for the purposes of identifying and blocking malicious SMS messages” when determining
if the interception is reasonably necessary.
The update to the regulations defined a malicious SMS message as one that
“contains a link or a telephone number” and is meant to mislead the recipient into using
that link or number, with them “likely to suffer detriment as a result”.
For further details, follow the link below: