19 February 2024

ACMA's strong message to five telcos: Comply with anti-spam rules or face fine

| Andrew McLaughlin
Start the conversation
spam texts

A sample of the many spam/scam texts received by Region staff. Image: Region Media.

We all get them, and we all hate them. Those annoying spammy texts are not only uninteresting, but they are often misleading or scams.

The Australian Communications and Media Authority (ACMA) is not only aware of the problem but appears to be taking a firmer stance on carriage service providers (CSP) that generate these texts, after it announced it had directed five companies to comply with anti-spam rules or face fines of up to $250,000.

The ACMA says the five companies – Message4U P/L, SMS Broadcast P/L, DirectSMS P/L, Esendex Australia P/L and MessageBird P/L – allowed millions of SMSes to be sent using text-based sender IDs without sufficient checks to ensure they weren’t scams.

The worst of the five by far was Message4U, which allowed 36.1 million SMSes to be sent in breach of anti-scam rules between 12 July, 2022, and 8 June, 2023. The next worst was Esendex Australia with 6.7 million, followed by SMS Broadcast with 4.5 million and DirectSMS with 1.6 million. MessageBird sent 1.1 million offending SMSes in early 2023.

READ ALSO Commonwealth Statutory Declarations go digital with myGov

The ACMA’s investigation found that the non-compliance allowed scam SMSes to be sent impersonating well-known brands and government services. SMS Broadcast and Message4U each allowed more than 1.2 million impersonation scam texts to be sent, while Esendex allowed at least 99,000 scam texts.

ACMA member Samantha Yorke said it was unacceptable that telcos had enabled these scams at a time when data showed more Australians were being targeted by scam SMSes.

“Australians reported losing over $25 million to SMS scammers last year, and the impact on individuals and families can be truly devastating,” she said.

“Scammers will always look for cracks in systems and, if even one telco fails to have its compliance in order, it can open the door for scammers to target Australians.

“Telcos must have processes in place to ensure that customers sending bulk messages are verified.”

The ACMA says these same companies had also failed to provide customer data to the Integrated Public Number Database, which is used by Triple Zero to help locate people in an emergency, sends emergency alerts to warn Australians of dangers such as flood or bushfire, and assists law-enforcement activities.

“While we are not aware anyone was harmed due to the breaches, it is deeply concerning so many telcos failed to comply with these critical obligations,” Ms Yorke said.

As a result of the breaches, each of the telcos has been formally directed by the ACMA to comply with the Integrated Public Number Database and the Reducing Scam Calls and Scam SM industry codes, the strongest enforcement outcome available to the ACMA for initial breaches of these codes.

If they fail to comply with the ACMA’s directions to follow the industry codes, they could face penalties of up to $250,000.

“We will be closely monitoring for any scam activity coming via these telcos and will not hesitate to take action if we find evidence Australians are being placed in harm’s way again,” Ms Yorke said.

Original Article published by Andrew McLaughlin on Riotact.

Start the conversation

Be among the first to get all the Public Sector and Defence news and views that matter.

Subscribe now and receive the latest news, delivered free to your inbox.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.