A new artificial intelligence-enabled security system designed to detect text scams hopes to save New Zealanders from losing more money to fraudsters.
SMS phishing, or smishing, is a growing issue, with provisional data from the government’s Computer Emergency Response Team (Cert NZ) showing in the first six months of the year Kiwis lost $263,499 to this form of scam.
The new AI system, launched by peer-to-peer payment app Dolla, is able to assess texts and place suspect messages into a spam folder, just as an email system might operate.
Dolla chief executive Ben Lynch said during beta testing, approximately 4% of all SMS messages received by users from unknown senders were scams, with 98% captured and filtered out by the technology.
The app had been tested for about five weeks with a small number of existing users, Lynch said.
The latest Crime and Victimisation Survey compiled for the Ministry of Justice found the annual number of fraud and deception crimes had risen to 510,000 from 288,000 the previous year, with more than 90% of those crimes not reported to police.
Text scams currently circulating involve scammers pretending to be from a range of government organisations, companies, and banks, and sending users a link that could take them to a site holding malicious software, or attempt to gather their banking details.
Lynch described the new app capability as providing a new, automated front-line of defence.
“By utilising a growing database of known scams, machine learning and leveraging emerging technologies like AI, the filtering and detection will continue to grow in accuracy and detect more and more sophisticated SMS scams,” Lynch said.
“Over the past few years, Kiwis have been forced to rely on their intuition alone to detect SMS scams and the numbers show that fraudsters have become smarter and made their texts look more reputable.
“As a financial services provider, we know that this is hitting Kiwis in the pocket, and feel we have a duty to utilise the latest technologies in order to help our users protect themselves and their loved ones from these scams.”
Users did not have to use Dolla in order to gain access to the tech, although they did have to download the app.
Sam Leggett, who is a senior threat analyst at Cert NZ, said users should be wary of allowing a third-party app to have access to their messages.
He said the safety and privacy features of apps were often only dictated by the requirements of the app or Play Store they were hosted on.
Dolla said the app cohered to Apple’s SMS and MMS message filtering rules, and Apple only sent messages received from unknown contacts, or those not interacted with frequently.
“Once it is filtered, in the first instance, we try to detect a message’s authenticity directly from the device, meaning that no data is shared,” Lynch said.
“If we can’t determine a message’s authenticity at the device layer, Apple then sends us the message which we process on our servers.
“If it is determined at this final stage that the message is personal, we delete it.”
Cert NZ received 399 reports from victims who had fallen for text scams in the first six months of the year.
Among the text scams are some purporting to be from NZTA relating to overdue toll payments, the police relating to deposit refunds, and New Zealand Post relating to refunds on damaged parcels.
Other scams have mimicked New Zealand’s main banks, including ASB and BNZ, claiming users’ accounts have been placed on hold.
Other scam texts purport to be from phone companies, claiming issues with phones, computers, or internet connections.
Leggett said phishing scams had traditionally been conducted via email.
However, a variety of more effective email spam filters and new technology now meant most phishing schemes were being conducted via text.
Leggett said scammers were using a device called a sim box, which could hold multiple sims at once, and sent out mass text messages.
With pay-as-you-go sims freely available to anyone and cheap, scammers were able to buy 50 sims at a time without raising much suspicion, and setting up this form of phishing operation would not be difficult.
Leggett said people treated texts differently to emails, and would be more likely to open them immediately, and react.
© 2023 Stuff Limited