The Ministry for Digital Transformation and Public Service launches a plan of measures to combat telephone and SMS scams

30/07/2024

● The public hearing procedure begins to implement five initiatives with which to improve the protection of consumers and companies against fraud by impersonation of identity, which have grown considerably in recent times ● Among the measures to be adopted are the blocking of numbers that have not been assigned, attributed or awarded and the blocking of calls and SMS with national numbering and international origin ● In addition, the use of mobile numbering for commercial calls will be prevented, so that it is easier for citizens to detect possible fraud

Madrid, July 30, 2024.- The Ministry for Digital Transformation and Public Service will implement a plan of measures to combat phishing scams that are committed through telephone calls or SMS messages. The objective of this plan is to increase the protection of consumers and companies against the growing number of frauds through this type of scams.

The Ministry, through the Secretary of State for Telecommunications and Digital Infrastructures, has begun the public hearing of a Ministerial Order which includes the necessary regulatory changes to implement these measures. The action plan was drawn up following the launch of a public consultation at the beginning of the year, which was significantly involved.

The measures to be implemented are:

  • Blocking by the operators of calls using numbers that have not been attributed to any service, assigned to any operator or awarded to any customer.
  • Blocking by the operators of calls and SMS of national numbering, but with international origin, one of the most common sources of fraud.
  • Creation of a database, to be managed by the National Markets and Competition Commission, with users using alphanumerics in their messages (e.g. the company name). Aquellos mensajes procedentes de entidades no incluidas en esta base de datos quedarán bloqueados.
  • Prohibition of mobile numbering for commercial calls, so that citizens can detect that it is a fraud if they receive a call from such a numbering. In addition, the use of 800 and 900 numbers by entities that have these numbers assigned to make commercial calls will be generally allowed, so that, if a user has an 800 or 900 number saved in his agenda as the service of a company of which he is a customer, he appears as such when he calls him to make a commercial offer.

Phishing scams usually start with a call (CLI Spoofing) or a text message (SMS Smishing) in which the issuer impersonates the identity of a trusted organisation with the intention of defrauding, misleading the consumer to provide personal and/or financial information, provide his personal keys or take fraudulent action:

  • CLI Spoofing: Manipulation of the call identifier (CLI - Calling line identification), so that the number matches the number of a company or public body.
  • SMS Smishing: sending SMS, either with numeric or alphanumeric identifier, pretending to be a legitimate entity and inviting the recipient to access through a link to a false web that simulates the true one.

This type of fraud has increased in recent years, according to reports from the Bank of Spain, the Ministry of the Interior or the National Institute of Cybersecurity (INCIBE). These scams are relevant because they diminish the confidence of citizens in the reliability and security of content transmitted through electronic communications, harming those companies and bodies that use calls and text messages legitimately and, in addition, cause significant financial and economic damage to all sectors of society, including consumers, companies and public bodies.

Some European countries, such as Finland, have implemented measures similar to those included in this plan, with great effectiveness, since phishing scams have been reduced by almost 90%.

Link to press release (171 KB)