Beware of fake texting

By on July 8, 2006 in Services

Link: IBNLive : Beware! Fake SMSes can ruin you.

We have heard of websites and e-mail accounts being hacked. Now, someone could be sending messages from your cell phone and you’d never know. What seems like a harmless prank could actually be a serious national security threat.

They do have a point, although this ‘threat’ has been available to anyone almost as long as the SMS medium itself.

The article goes on to explain:

Patanjal Digantvyas, a 19-year-old from Ahmedabad, tells us that all you have to do is go to a website that provides bulk SMS or the fake SMS facility. One such site is communicator.clickatell.com

Almost any SMS traffic supplier on the planet will allow you to send fake SMS messages — that is, change the originator ID to the number of someone else.

And no verification is required. So, anyone can send messages in your name. The absence of any kind of verification makes this a threat to national security.

Again they have a point here. If your Government is run by text. I would hope that your generals don’t take orders to nuke your national rivals via a text message from the Prime Minister.

I always thought that the ability to set the originator field on text messaging should be a lot more strictly controlled. It’s a particularly useful function for mobile developers who really do need to be able to use dynamic originators.

From memory, Connection Software will only allow you to change the originator to a mobile number that you own — and you must provide proof of ownership of that number. By default, the originator is set to ‘csoft.co.uk’ on all outgoing messages from Connection Software (more details on their policy). I think this is a responsible attitude — it also means their management can sleep at night. They won’t ever have an issue with fake messages being sent through their network.

About Ewan

Ewan is Founder and Editor of Mobile Industry Review. He writes about a wide variety of industry issues and is usually active on Twitter most days. You can read more about him or reach him with these details.
View all posts by Ewan

  • Njar

    Hi Ewan,

    I’m surprised you’ve not mentioned the regulation regarding SMS marketing especially in the UK and US? In fact in the US, commercial SMS is contractually bound to originate from a shortcode. (not that this is a good thing). In the UK SMS sending is subject to rafts of regulation.

    Additionally I was interested to read that the SMS company you mention has had it’s share of problems:

    http://www.160characters.org/news.php?action=view&nid=2054

    However the reaction that this scam evoked is testament to the fact that whilst commercial SMS, as with other communication mediums, will always have those that try to abuse it, these abuses will not be tolerated and *WILL* be found near immediately.

    Presumably you’re aware of how easy it is to ‘spoof’ emails, and even phone calls?

    Incidentally I bet the reason said company doesn’t offer originator capabilities is because it can’t. The chances are they route via a network that itself doesn’t offer the dynamic originator changes – O2 UK for instance. It’s in fact quite amazing that they don’t offer a capability that is inherently useful (as you yourself have mentioned) and entirely necessary for many applications.

    Here’s hoping you paint less one sided pictures going forward!

  • http://www.smstextnews.com Ewan MacLeod

    There’s a dichotomy, that’s true — dynamic originator field features are extremely useful. In fact that’s why we were never able to use Csoft for a lot of our own nightclub SMS services. We had hundreds of mobile numbers all pointing into the one server which had to reply to the sender from the appropriate number in order not to confuse the sender… and SO that the sender could then simply reply again to our text.

    As for *why* Csoft doesn’t support it — I don’t know!

    Your point about regulation is well made. But it’s next to useless when SMS aggregator companies make you tick a box on registration then don’t bother looking to see what you’re doing with the connection.

    I’m encouraged by the actions of RedSMS (detailed in the 160chrs link you posted) — I’m pleased to see that someone’s watching what’s going on via their networks.

  • http://blog.dotcomdosh.com Alex

    Love some of the comments in the original story. ‘But even if the number can be traced, the real sender could create havoc and get away. For instance, one could cause panic by spreading a rumour about a bomb in a crowded market.’

    Hmm. Bomb hoax by text? That’s a new one on me. As for reception in a shopping centre, I find it flakey at best – so by the time I get back in coverage and the networks SMSC has delivered the text I’d be outside anyway.

    Agree with what Ewan says though, being able to set the originator has many very legitimate business uses. All the while O2 etc chose not to support it will mean it’s their loss on a large amount of ‘proper’ commercial traffic.

  • http://www.clickatell.com Patrick Lawson

    I am writing to correct the rather sensational positioning of our company, and the inherent technology features of SMS.

    The article “Beware! Fake SMSes Can Ruin You” unfairly positions Clickatell as a purveyor of fake text messages. Clickatell is the world’s first global messaging provider and is trusted for mobile message delivery in over 180 countries.

    What happened to the recipient of the “fake SMS” is most unfortunate and a clear indication of mischievous conduct by a fellow employee or someone who knows the recipient. If indeed it was Clickatell’s platform that was used to deliver this unlawful message we are very willing to track down the culprit as they have contravened our terms and conditions and our anti-spam policy; see Terms and Conditions, http://www.clickatell.com/brochure/terms.php.

    The reality is that this type of ‘spoofing”, (general term used to describe this type of activity), can be done on any email platform, printed letter or with a phone call. Should we ‘shut down’ all Internet service providers and prevent people form having their own printers? It is clearly not appropriate to blame the technology or technology companies, but the people who abuse it.

    As one who respects veracity in journalism, and not being a purveyor of sensationalism, we would request you allow us the opportunity be interviewed by your journalists to advise your readership around SMS best practices and to set the record straight and inform them of the numerous factors to consider in regards to ‘safe messaging’. SMS has made a very positive contribution to societies around the world including being used for life saving instant alert notification in times of emergency.

    Please contact our US Public Relations representative, Austin Edgington, at austin.edgington@clickatell.com to arrange an interview.

  • khalid

    Well sir..

    communicator.clickatell.com is not a site which sends sms from a fake orignator…
    because i am using it’s services… and i tried hard to do so but i failed

    if someone knows about it …. do tell me… then i’ll believe ….

    take care

  • Anonymous

    ytjghjghj

  • Anonymous

    selam ben datyı dfkgkdfjgdf

  • Anonymous

    eee nsl gidiyor ben adem görüsürüz..

Switch to our mobile site