Author: Andrew Connor

I'm Andrew Connor and I lead the Digital Strategy team. I've been at Hounslow for many years now and always found it interesting because it never stands still. The constant changes and challenges are what I love, it'd just be boring if it was the same all the time wouldn't it! So what do we do? We oversee and develop the architectural cloud and on-premises vehicle through which Digital services are delivered, such as our communications, compute and storage and a myriad of other technologies. We manage Cyber security (which always feels like walking a tightrope where staying on it delivers the happy buzz of usability and productivity versus falling off into the fiery volcano of a major security breach). We're building a new Service design team too which incorporates business analysis, user experience design and service design. It's something very new for me so excited to see where that's going to take us in the future. We also manage the commercial aspects of the organisation's digital services and ensure that the contracts are effectively managed. I guess the thing I'm most proud of was leading us through the IT aspects of constructing our fantastic new building and moving us in. It was a massive challenge and something we could never have done if it wasn't for the amazing efforts of the team at Hounslow. If I was to (try and) be poetic and sum it up in terms of my favourite pastime (which is Diving and Snorkelling) I suppose it involves 'helping us navigate a forever changing ocean of technology looking for those spectacular reefs of opportunity whilst avoiding the dangerous rocks of cyber threats. Does that make any sense? I'll get my coat...!

An SMS fraud adventure

Posted on by in General, Services and Customers

A few of us began receiving SMS based fraud messages over the last few months. Covid-19 related fraud, HSBC overdraft fraud, Royal Mail related fraud amongst others. One in particular was very persistent and it seemed that everyone I spoke with was on the recipient list. Obviously the next step here is to forward the SMS to 7726 (which presented a few challenges, see *footnote below). However, I began wondering if I could to get the fraudulent website taken down myself… well… Challenge accepted!


Private Eye

After a little investigation it actually turned out to be incredibly easy.

Step 1. Identify the DNS provider for the domain.
I used https://mxtoolbox.com/Whois.aspx and I simply searched for the website mentioned in the fraud SMS.

That gave me the name of the DNS provider used by the fraudsters. The DNS provider manages domain names such as website addresses for innocent customers and inadvertently, criminal customers.

In the information returned, you’ll need to look for the “abuse” email address to contact if domains they host are being abused – e.g. used for crime.

Step 2. Email the DNS provider, advising them of the website and the issue and ask them to investigate and take the site down.

Example mail:

Hi,

This website DNS is hosted by you : <insert website URL>
Your customer is sending fraudulent SMS messages to UK residents directing them to this website. The site is being used illegally by your customer to take money and information fraudulently from UK residents.
Please investigate and take the website down.

Thanks!

So.. I sent the mail off the their abuse team and waited..

POW!

By the end of the day the fraud site was inaccessible! (Very satisfying).

Next day I had another SMS with a new fraud URL (linking back to that same website), so took a minute out of my day to check the DNS provider and email them again.

BAM!
Site down again within a few hours!! (ok this is fun)

Later on they seemed annoyed and sent four more SMS one after another, with two new URLs, but same website again…

ZAP!

Got those taken down too!!! (‘k, this is worth a blog post)


Its four days down the line now and no more SMS messages have turned up but if I get any more I’ll still report them, but then try to get the site out of action as fast as possible by contacting their provider directly.


So the point of telling you this is really to show that we are not powerless. We don’t have to just accept fraud, phishing etc. through SMS and Email. Although we’ve received it, we need to push back and report it when we can, so that others don’t get affected.

So I make a request now to you all.

Check out the excellent NCSC guidance here and then help others understand how to spot the tell-tale signs and what to do next.

If you do get a fraud SMS, don’t just delete it, follow the official guidance above and report it, but once that’s done you can also have a go for yourself, and may get the same sense of satisfaction of seeing the site taken down a lot more quickly...

And if you don’t have the time, by all means name the site in the comments and we’ll give it a go for you.

*footnote.

After receiving the SMS I duly reported by forwarding to 7726, only to receive a response saying that the message was undeliverable! A quick search revealed it’s a common experience (and something to look into later).

Not one to be put off, I figured I’d assemble the details into an email, remembering to include the URL of the fraudulent website and sent that off to report@phishing.gov.uk

Ironically Google mail rejected my email, presumably because it contained the very phishing URL I was trying to report!! (hopefully Google completes this circle for us by reporting these blocked malicious URLs to NCSC – would be nice to see some public reassurance about that though). However the dodgy website was still up and I was continuing to receive the same SMS messages.

Eventually I sent a screen shot of the SMS to report@phishing.gov.uk and that successfully went through without setting off any Google alarms and had a nice confirmation email from NCSC.