ICO issues a huge fine for massive illegal SMS campaign

About a month ago the Information Commissioner’s Office (ICO) issued a £200,000 fine against Help Direct UK for sending spam SMS messages. It’s the ICO’s job to investigate and file enforcement notices against companies who allegedly perform direct marketing without permission via any electronic means.

This isn’t the first time the ICO dealt with Help Direct UK either. Last year they issued an enforcement order after determining the company sent out spam messages regarding pensions. The latest round of messages, which resulted in the fine, were sent in April 2015 and received over 6,700 complaints in less than 30 days.

The messages were all enticing people to visit websites and file claims to recover money from PPI payments, banks, and loans. For example…

“The Banks are refunding customers if they paid a monthly fee on packaged accounts up to 2000, visit www.mybankrefund.com for your refund today or optout.cc”.

The first time the ICO found Help Direct UK in violation of the Privacy and Electronic Communications (EC Directive) Regulations 2003  (which governs all electronic marketing regulations), they were just issued a warning to stop their activities. The most recent round of complaints made it clear, however, they hadn’t stopped their direct marketing activities and in fact may have increased them.

This led to the following statement on the ICO website regarding the fine of Help Direct UK:

“The company has also shown a blatant disregard for the rules by ignoring enforcement action we issued earlier this year. They are now facing the consequences of that decision.”

And there may be more consequences as the statement also alluded to further legal action as disregarding an enforcement notice is a criminal offence.

As a law abiding citizen, it’s hard for me to imagine anyone deliberately trying to avoid the law on such a large scale. But obviously it happens. Some companies may be sending spam unintentionally (they aren’t aware of the law), but for most it seems to be a deliberate effort.

That’s the case with Help Direct UK. The ICO investigation revealed they were using unregistered SIM cards to send the messages. They were sending so many messages they must have had what is called a SIM farm (also SIM Hosting or VSIM). This is when someone takes loads of SIM cards and connects them to computers that then send out the SMS messages over the Internet, then into mobile networks via alternate routes (ie. not network authorised).

A SIM card is what makes a mobile phone work with a network. It keeps track of the details of the phone, the owner, the number, and network authorisation information. Unregistered SIMs aren’t “activated” with any network and therefore aren’t usually listed in the spam filters networks use to try and keep out unwanted messages.

Knowing there are serious consequences for violating the PECR, why would companies try to do it anyway? Money.

Companies that send SMS spam usually are trying to generate leads. They are then paid in turn for each lead. Using the example message above, the company probably got paid a fair sum for everyone that visited the mybankrefund URL in the text message and filled out the form to get their bank refund (which was in turn a way to get their info for further marketing, not to give a bank refund).

If it all sounds a little shady, it is. But for some the lure of that money is too strong so they resort to unscrupulous methods to trick people into taking action like visiting a website and giving personal information.

Companies that want to use SMS messaging for legitimate direct marketing need to stay away from SIM farms and companies that use them. The ICO investigates complaints and will raid locations where they think SIM farms are based on those complaints. If you run a business and use that SIM farm you can be implicated in the illegal sending of messages even if you aren’t. At the very least you will likely be the subject of an investigation. If you prove you’re following the law then it’s only your reputation that’s damaged. But that can be everything to a business and the hardest thing to repair.

So don’t fall victim, or rather don’t settle for questionable services just because of a low price tag. Per message pricing can be reasonable enough using proper SMS providers (like fastsms). Just do your homework and check out the company you choose before you start. Don’t focus on just the price per message, but on the balance of everything they have to offer.