Security Agency Gives Tips on How to Create Trustworthy Messages

The UK’s National Cyber Security Centre has published advice to businesses on how to create trustworthy messages, after a rise in scams during the COVID pandemic.

The NCSC – the public-facing part of the UK’s signals intelligence agency, GCHQ – is advising companies to be aware of how cyber criminals and other malicious actors are using text messages and phone calls to defraud customers, and to ensure that genuine messages do not inadvertently resemble those distributed by fraudsters. The agency’s guidance includes nine tips organisations can follow to help them create more trustworthy messages.

“Most of us will have received a suspected dodgy text or call during the pandemic and we know these scams are getting more convincing,” said Dr Ian Levy, NCSC Technical Director. “To counter this, we need legitimate customer text and telephone messages to be secure with clear signposts of authenticity that give confidence to customers. I’d urge any organisations that contact their customers via SMS or telephone to consult our new guidance and ensure they’re doing all they can to protect their customers from cyber crime and fraud.”

The publication is part of the NCSC’s Active Cyber Defence programme, which sees the organisation taking “unprecedented action” to remove scams from public networks. In 2020, 700,595 phishing campaigns were taken down, 15 times as many as in the previous year.

In the guidance document, NCSC advises businesses never to ask for personal details; avoid including weblinks; avoid using language that “induces panic or implies urgency“; to publicise contact details for the organisation; and to provide a means by which customers can independently check whether a message is genuine.