Madrid, July 30, 2024.- The Ministry for Digital Transformation and the Civil Service will launch a plan of measures to combat identity theft scams that are committed through telephone calls or SMS messages. The objective of this plan is to increase the protection of consumers and companies against the growing number of frauds through this type of scams.
The Ministry, through the Secretary of State for Telecommunications and Digital Infrastructures, has initiated the public hearing of a Ministerial Order which includes the necessary regulatory changes to implement these measures. The plan of measures has been drawn up following the launch of a public consultation at the beginning of the year, with significant participation.
The measures that will be implemented are:
- Blocking by operators of calls using numbers that have not been attributed to any service, assigned to any operator or awarded to any customer.
- Blocking by operators of calls and SMS of national numbering, but with international origin, one of the most common sources of fraud.
- Creation of a database, to be managed by the National Commission of Markets and Competition, with users who use alphanumerics in their messages (for example, the name of the company). Aquellos mensajes procedentes de entidades no incluidas en esta base de datos quedarán bloqueados.
- Prohibition of mobile numbering for commercial calls, so that citizens can detect that it is a fraud if they receive a call from such a numbering. In addition, the use of 800 and 900 numbers by the entities that have assigned these numbers for commercial calls will be generally allowed, so that, if a user has an 800 or 900 number saved in his/her diary as the service of a company of which he/she is a customer, it appears as such when he/she calls him/her to make a commercial offer.
Identity impersonation scams usually start with a call. (CLI Spoofing) or a text message (SMS Smishing) in which the issuer impersonates the identity of a trusted organisation with the intention of defrauding, misleading the consumer into providing personal and/or financial information, providing their personal keys or taking fraudulent action:
- CLI Spoofing: Manipulation of the call identifier (CLI - Calling line identification), so that the number matches the number of a company or public body.
- SMS Smishing: sending SMS, either with numeric or alphanumeric identifier, pretending to be a legitimate entity and inviting the recipient to access through a link to a false website that simulates the true one.
This type of fraud has increased in recent years, according to reports from the Bank of Spain, the Ministry of the Interior or the National Cybersecurity Institute (INCIBE). These scams are relevant as they diminish the confidence of citizens in the reliability and security of content transmitted through electronic communications, harming those companies and bodies that make use of calls and text messages legitimately and, in addition, cause significant financial and economic damage to all sectors of society, including consumers, companies and public bodies.
Some European countries, such as Finland, have implemented measures similar to those included in this plan, with great effectiveness, since identity theft scams have been reduced by almost 90%.