The Thai government has introduced a sweeping new measure to combat cybercrime, prohibiting all state agencies and regulated entities from sending SMS or email messages containing embedded links.
Digital Economy and Society (DE) Minister Chaichanok Chidchob said the Cabinet has approved the directive to eliminate a major loophole frequently exploited by scammers to target the public.
Under the new policy, the public is urged to assume that any SMS or email containing a link and claiming to originate from a government agency is fraudulent. Recipients are advised to report such messages to both the police and the impersonated agency.
“The DE Ministry implemented this measure because scammers continue to exploit these channels to deceive the public,” Chaichanok said.
“We want to establish a clear understanding that government agencies will not send any links via SMS or email, and any such message should be treated as criminal impersonation.”
Closing the ‘Headwaters’
The directive marks the latest effort by the Committee on the Prevention and Suppression of Technological Crime to stem the rising tide of cyber scams.
Despite enhanced screening measures introduced by the Royal Thai Police, telecommunications operators, and financial regulators, criminals have continued to infiltrate systems through sophisticated malware and fake website links.
Authorities say the new rule aims to control the “headwaters” of communication, providing the public with unambiguous guidance.
The move also mirrors existing sectoral regulations.
Financial sector: The Bank of Thailand (BoT) has already barred financial institutions from sending SMS messages containing links since July 2025.
Telecommunications: In August 2025, the National Broadcasting and Telecommunications Commission (NBTC) introduced tighter rules requiring bulk senders to register their identities and mandating link verification before delivery. Source: nationthailand.com
🔍 HackWarn.com Analysis
1. Why This Policy Matters?
Scammers rely heavily on impersonation and click-based deception, making SMS and email links one of the most effective tools for launching phishing attacks.
By eliminating links entirely from official government communication, Thailand removes the primary trigger that enables malware installation, credential theft and fraudulent transactions.
The policy creates a simple rule for the public: if there’s a link, it’s fake, reducing confusion and closing a major entry point for cybercriminals.
2. What the Public Should Expect?
While this measure cuts off a major attack vector, scammers are likely to shift toward:
- Phone call impersonation using spoofed numbers
- Fake social media pages and ads mimicking government agencies
- Messaging apps like LINE, WhatsApp, or Telegram
- Deepfake audio or AI-generated government announcements
The public should remain alert, as cybercriminals typically evolve quickly when a channel is closed.
3. 🚨 Immediate Action Steps for the Public
- Do not click any link claiming to be from a Thai government agency — treat it as a scam.
- Verify information directly through official websites or government hotlines.
- Report suspicious messages immediately to the police or the impersonated agency.
- Avoid responding to any unsolicited SMS or email asking for personal details.
- Enable device security features, including spam filters and automatic updates.
- Educate family members, especially seniors, who are common targets of phishing scams.
4. The Bigger Picture
Thailand’s move aligns with global best practices and signals a shift toward zero-trust communication frameworks in government sectors.
As cybercrime grows more sophisticated, clear and absolute policies like banning all clickable links may soon become standard across more countries.
