Category: General

An SMS fraud adventure

A few of us began receiving SMS based fraud messages over the last few months. Covid-19 related fraud, HSBC overdraft fraud, Royal Mail related fraud amongst others. One in particular was very persistent and it seemed that everyone I spoke with was on the recipient list. Obviously the next step here is to forward the SMS to 7726 (which presented a few challenges, see *footnote below). However, I began wondering if I could to get the fraudulent website taken down myself… well… Challenge accepted!


Private Eye

After a little investigation it actually turned out to be incredibly easy.

Step 1. Identify the DNS provider for the domain.
I used https://mxtoolbox.com/Whois.aspx and I simply searched for the website mentioned in the fraud SMS.

That gave me the name of the DNS provider used by the fraudsters. The DNS provider manages domain names such as website addresses for innocent customers and inadvertently, criminal customers.

In the information returned, you’ll need to look for the “abuse” email address to contact if domains they host are being abused – e.g. used for crime.

Step 2. Email the DNS provider, advising them of the website and the issue and ask them to investigate and take the site down.

Example mail:

Hi,

This website DNS is hosted by you :
<insert website URL>
Your customer is sending fraudulent SMS messages to UK residents directing them to this website. The site is being used illegally by your customer to take money and information fraudulently from UK residents.
Please investigate and take the website down.

Thanks!

So.. I sent the mail off the their abuse team and waited..

POW!

By the end of the day the fraud site was inaccessible! (Very satisfying).

Next day I had another SMS with a new fraud URL (linking back to that same website), so took a minute out of my day to check the DNS provider and email them again.

BAM!
Site down again within a few hours!! (ok this is fun)

Later on they seemed annoyed and sent four more SMS one after another, with two new URLs, but same website again…

ZAP!

Got those taken down too!!! (‘k, this is worth a blog post)


Its four days down the line now and no more SMS messages have turned up but if I get any more I’ll still report them, but then try to get the site out of action as fast as possible by contacting their provider directly.


So the point of telling you this is really to show that we are not powerless. We don’t have to just accept fraud, phishing etc. through SMS and Email. Although we’ve received it, we need to push back and report it when we can, so that others don’t get affected.

So I make a request now to you all.

Check out the excellent NCSC guidance here and then help others understand how to spot the tell-tale signs and what to do next.

If you do get a fraud SMS, don’t just delete it, follow the official guidance above and report it, but once that’s done you can also have a go for yourself, and may get the same sense of satisfaction of seeing the site taken down a lot more quickly...

And if you don’t have the time, by all means name the site in the comments and we’ll give it a go for you.

*footnote.

After receiving the SMS I duly reported by forwarding to 7726, only to receive a response saying that the message was undeliverable! A quick search revealed it’s a common experience (and something to look into later).

Not one to be put off, I figured I’d assemble the details into an email, remembering to include the URL of the fraudulent website and sent that off to report@phishing.gov.uk

Ironically Google mail rejected my email, presumably because it contained the very phishing URL I was trying to report!! (hopefully Google completes this circle for us by reporting these blocked malicious URLs to NCSC – would be nice to see some public reassurance about that though). However the dodgy website was still up and I was continuing to receive the same SMS messages.

Eventually I sent a screen shot of the SMS to report@phishing.gov.uk and that successfully went through without setting off any Google alarms and had a nice confirmation email from NCSC.

Designing our digitally-optimised future services

Designing our digitally-optimised future services

It has been an intense but exciting six months since Hounslow’s new Digital Strategy, a central plank in how we will achieve our transformational ‘One Hounslow’ vision, was agreed by Cabinet.

We have designed and implemented an innovative, lean governance to support the implementation of the strategy and embed service design thinking into all digital projects.

In the first six months, five major projects have been shaped and agreed through our Design Authority covering a diversity of areas such as Children’s Safeguarding, Regulatory Services, Planning and Building Control, and Educational services.

This has all been achieved through remote working – something which none of us imagined when we were developing the strategy!

The Digital Design Authority is designed to give a rounded view and agreement from a wide range of disciplines that reflect the council’s broader needs. So, in addition to the core IT capabilities you’d expect in a Design Authority (such as technical architecture, security, information governance), we also have professionals from Communications, Procurement, Finance, HR and Organisation Design and two senior representatives from Services.

The power of commitment from a Service Owner

Our Design Authority works by inviting a ‘Service Owner’ to sponsor and lead the presentation of an outline business case on the proposed digital project to the group, supported by Digital and IT. Service Design works with the Service Owner and others to develop the business case – in a genuine collaborative, co-design effort.

Some other things that we believe also help are that we use concise PowerPoint slides rather than long word documents. Over time and with some internal coaching, our Business Relationship Managers will take on this role. Also, we have focused on ‘Futures’ priorities project where service design has the most potential benefits.

This approach has been very well received and has been instrumental in helping to build in service design thinking and moving forward at pace on a number of key projects.

“This (Design Authority) is a breath of fresh air and an absolutely sound approach”  Sarah Scannell, Assistant Director Planning

Where next?

Last month we held a retrospective on our first six months of Design Authority. We used a retro tool to do this online, asking the group what they liked, learnt or thought was lacking.

The feedback was brilliant – highlighting the positives that the group sees but also being very open about what could be improved or changed. For example, some members of the group felt we need to provide more detail on full costs and outputs, even if only estimates. We were challenged whether there was more we could do to quantify outcomes at the outset. And the need to identify efficiency savings (as well as user benefits) was reinforced – no prize for guessing which department that came from!

Service owner Martin Forshaw, Assistant Director Children’s Safeguarding led the case to our first Design Authority back in March. The proposal was strongly backed and some very useful steers and inputs given. He told us afterwards:

“The thought of being the first to do this was terrifying! But it went well judging from people’s response and comments in the meeting. We have a great opportunity to take a fresh look at how we design our services and I’m looking forward to seeing this as we work through it together.”

Following agreement on Children’s Safeguarding at the Design Authority, we brought in a partner to deliver a discovery phase, working with a ‘blended team’ drawn from the Service, Digital & IT and service design specialist skills. We are coming to the end of that discovery – and it has been done completely remotely. But that is a story for another week…

Keep in touch

If you would like to contribute to, or talk about any of the work, you can get in touch with Franco Degan, Andrew Connor or Barbara Munden in the Digital and IT Team

Hounslow Cabinet approves the Digital Strategy 2020-2025

At a meeting of Hounslow’s Cabinet on 17 March, Hounslow Council unanimously approved our Digital Strategy for 2020-2025.

This strategy outlines the council’s digital vision to create connected and inclusive communities across the borough.

“The Hounslow Digital Strategy harnesses the tremendous opportunity to deliver transformation across the council” 

Cllr Pritam Grewal, Cabinet Member for Customer Services and Corporate Performance

Draft Digital Strategy

We want to hear from you about our draft digital Strategy.  We have been working with colleagues across the council to develop this important document to set the vision and direction for the Council.  How we are going to change our services to make the most of data and technology through making sure that we put communities at the centre of what we do. 

The strategy is going to the March cabinet. 

Tell us what you think