Scammers used the services of Vonage Business to send 3387 text messages, mostly impersonating ‘CommBank’, an investigation by the Australian Communications and Media Authority (ACMA) found.
The ACMA said that for almost 7900 more short messages that originated on its network, Vonage also did not check if the sender had a valid reason for the way they identified themselves.
However, the authority said there was “nothing … to indicate” these messages were scams.
Of the messages that were scam-related, in addition to impacting CBA (2230 of the 3387 messages), 949 messages were labelled ‘info’ and 707 as ‘ApplePay’. [pdf]
Vonage Business was directed to make better compliance checks.
The ACMA also made directions to another service provider Twilio, which it said had “inadequate systems in place to comply with the rules”, though there was “no evidence that scammers exploited its vulnerabilities.”
The SMS anti-scam rules were put in place in July 2022.
“As the rules have been in place for over a year now it’s unacceptable that we continue to find telcos allowing scammers to send SMS impersonating businesses domestically,” ACMA chair Nerida O’Loughlin said in a statement.
“We know these types of SMS impersonation scams are hard for people to spot and can be particularly devastating for victims.”
Vonage was also breached for failing to report to the ACMA for three consecutive quarters the number of scam SMS it had blocked.