Poland’s government has set out its initial plans for countering telephone and internet fraud. They include requiring phone and email operators to flag suspicious calls and messages to recipients.
The ideas were presented on Wednesday by Janusz Cieszyński, secretary of state for digital affairs in the prime minister’s chancellery and government plenipotentiary for cybersecurity, who said that the number of malicious attacks, also targeting public figures, has recently increased.
He noted that on Monday two MPs reported receiving threats over the phone from impersonators. “Cybercriminals are trying to use spoofing to fuel political disputes,” he said on Twitter earlier.
“At the moment there are no legal and organisational possibilities to stop spoofing and phishing,” Cieszyński noted at the conference, reports CyberDefence24.pl, a specialist news site. He said, however, that there are certain technical markers of suspicious calls which can be detected by telecommunications companies.
Sprawa zgłoszona jest już do odpowiednich służb i policji. https://t.co/NDZWBYrtCc
— Paulina Matysiak 😷💉👌🏻 (@PolaMatysiak) January 17, 2022
One solution involves operators filtering out calls that enter the phone network from the internet or come from untrusted foreign operators.
“We want to propose a simple marking…which will allow for clear identification that something isn’t right,” said Cieszyński. To the recipient of the call, the caller ID would show up preceded with an asterisk, such as “*Daniel”.
“The goal is for us to know that the person calling us is not the person whose number appears on our phone screen,” he said. He explained that spoofing meant that the callers could be foreign criminal groups, including extorters.
❗Bądźmy ostrożni i uczulajmy rodzinę i przyjaciół❗ https://t.co/pYu9njEAM9
— CYFRYZACJA KPRM (@CyfryzacjaKPRM) January 20, 2022
Phishing will also be a target of the government’s strategy, Cieszyński added. This involves someone masquerading as a trusted entity to trick an online user to reveal their data, such as login credentials or payment card details.
Here email and phone operators would be expected to verify and flag where messages have been generated with a false sender name, for example, one pretending to be an e-commerce site or delivery company. “We want certain protocols, which are already an international standard, to be included on a mandatory basis,” said the official.
The government also plans to make it possible for people to block their personal ID number (PESEL) in banks and telecommunications companies in the event of a suspected attack.
Cieszyński added that the Office of Electronic Communications is currently working with telecoms companies on developing more detailed solutions. “We hope to receive a report from these works very soon and will be seeking to urgently implement these solutions into the Polish legal system,” he said, quoted by RMF 24.
Main image credit: Pixnio (under CC0)
Maria Wilczek is deputy editor of Notes from Poland. She is a regular writer for The Times, The Economist and Al Jazeera English, and has also featured in Foreign Policy, Politico Europe, The Spectator and Gazeta Wyborcza.
