Jump to content

Dynamic Sender ID?...Spoofing?... What do I need to know about them?


mona

Recommended Posts

Dynamic Sender ID?...Spoofing?...

What are these, and what do I need to know about them?

 

Ever wondered why and how some SMS messages you receive come up with the name of the company or some identifiable number? This is a common feature used when sending enterprise to person SMS, and is called dynamic sender ID or dynamic originator.

 

When we send a text message to another mobile phone it shows our mobile number as the “originator” of the text message. Usually our friends and family will add us to their mobile phone address book so when we text or call our name will appear on the handset to easily identify who is calling or sent the message.

 

In the world of enterprise to person messaging the sender ID can be changed to allow the sender to be identified without them being in your address book and as a consequence, this allows quick identification of the sender using their brand name e.g., a text message from “Amazon” notifying you your parcel will be delivered; instantly allows you to understand the message without thinking.

 

A sender ID can be one of 3 types; alpha, numeric, and shortcode. (Note: Only numeric and shortcode sender ID's can be replied to.) Alpha sender IDs consist of letters (a-z) and digits (0-9), other characters may be used but may not be supported by all phones and operators. Numeric sender IDs should be in an international format e.g. +447712312312.  Alpha sender IDs are usually limited to a length of 11 characters and numeric sender IDs are limited to 16 digits.  Shortcodes are typically 5 or 6 digits but this can vary by country.

 

The use of a dynamic sender ID feature is not allowed in all countries, as it is subject to the local compliance and carrier rules. For example in the UK, all forms of dynamic sender IDs are allowed whereas in the USA and Canada, commercial messaging must originate from a registered shortcode, and a dynamic sender ID is not supported. Your messaging provider will be able to provide you with a global overview of what is supported and where.

 

Due to the power of this feature it can be taken advantage of for illegal purposes. Spoofing...like the word suggests is not a good thing. Spoofing is when an entity is impersonating another business or individual and sends text messages that appear to be originating from the real business or person. As you probably have already guessed this is usually a phishing or scam activity which is intended to obtain information from a person to be used in a fraudulent manner.

 

Here are some real life examples of text messages, one using a legitimate sender ID and the other an example of spoofing:

 

Dynamic SenderID

 

6a01bb089bc761970d01b8d18d56c6970c-320wi

 

Spoofed

 

6a01bb089bc761970d01b7c8036a36970b-320wi

 

 

It should be noted that the above text messages were received by a writer of this blog,  and did not traverse the Mblox network.

 

Though spoofing exists, there are ways you can protect yourself and your customers and maintain your brand reputation through best practices for sending text messages:

...

 

1.  Consistent use of branding in all text messages sent to customers

 

2.  Always include information on how your customers can reach you (reply HELP, telephone number, email or company URL)

 

3.  Provide information on how your customer can opt-out of future messaging

 

4.  From time to time send “information only” messages to educate your customers , for example - COMPANY_NAME: We take data security seriously and will never ask for personal information from you via text (SMS). For any question please contact us at support@company_name.com. Thanks!

 

5.  Remind customers that they can report spoofing by contacting you directly and their mobile operator, and / or the company being spoofed. Also some countries e.g. UK and the US offer the ability for mobile subscribers to forward a suspicious SMS message to a shortcode and in both countries the shortcode is 7726.

 

6.  Ensure that your SMS provider takes spoofing incidents seriously and is willing to assist in blocking these types of messages if the need arises.

...

 

In short, using a dynamic sender ID feature is ideal for a brand or business who wants their clients to easily identify who is sending the text messages. Spoofing is rare since most messaging providers (including Mblox) do not allow companies to send a message with a dynamic sender ID until their identity has been verified and a binding contract executed.   Through the continued use of best practices you can maintain your client’s privacy and your brand’s reputation by educating your customers so they can recognize the difference between a legitimate text offer from you or an impostor.

 

 

Source

 

Link to comment
Share on other sites


  • Replies 10
  • Views 1.1k
  • Created
  • Last Reply

Staff  - if you think this article fits better in mobile section  -  move it there, please.  Thanks.

Link to comment
Share on other sites


46 minutes ago, TheDevilInMe said:

 

Why is the article specifically targeting Apple?

I'm asking rhetorical questions. I already know the answers. 

 

 

 Pure  :shit: ,    Where - in your opinion -  is this article targeting Apple or any specific brand at all ?    YfryBlF.gif

 

BTW

PLrbXLk.jpg

Link to comment
Share on other sites


4 hours ago, mona said:

 

 Pure  :shit: ,    Where - in your opinion -  is this article targeting Apple or any specific brand at all ?    YfryBlF.gif

 

BTW

Spoiler

PLrbXLk.jpg

 

 

Whichever is easier XD 

Link to comment
Share on other sites


1 minute ago, saeed_dc said:

 

Whichever is easier XD 

 

BTW   I'm not a creator  of this meme.    OK ?

Link to comment
Share on other sites


3 minutes ago, mona said:

 

BTW   I'm not a creator  of this meme.    OK ?

 

Of course, all the blame goes to motifake.com, if any

Link to comment
Share on other sites


@saeed_dc   Read the OP article.  

I remember your thread about fishy email (right, it was an email not an sms) you received.  

If I'm not mistaken it contained spoofed sender ID too.   :P

Link to comment
Share on other sites


8 minutes ago, mona said:

@saeed_dc   Read the OP article.  

I remember your thread about fishy email (right, it was an email not an sms) you received.  

If I'm not mistaken it contained spoofed sender ID too.   :P

 

your post is very good and useful, though I wish it'd suggested some of the spoofing ways as well for...offensive security?:) 

I think the only people we get dynamic sender IDs from here are mobile operators, the rest when sending SMS their numbers show up, usually bulk SMS panel numbers which are identical.

 

my Email issue was a usual phishing method and contained a link to a malware, it was just me being so careless :s

 

 

 

 

Link to comment
Share on other sites


1 hour ago, saeed_dc said:

 

my Email issue was a usual phishing method and contained a link to a malware, it was just me being so careless :s

 

 

@saeed_dc

Speaking about "e-mail"  (Gmail if I remember well, right ?) ....  Here is something ESPECIALLY  ;)  for you :

http://www.nsaneforums.com/topic/270865-how-to-spot-a-phishing-email/#comment-1100269

 

BTW    Have you read about that ?

Here are interesting reads - all on pretty the same subject, but from different points of few ...  

1./   http://www.nsaneforums.com/topic/270835-hackers-find-clever-way-to-bypass-googles-two-factor-authentication/#comment-1100068

2./   http://www.csoonline.com/article/3079512/techology-business/need-to-bypass-googles-two-factor-authentication-send-a-text-message.html?utm_source=twitterfeed&utm_medium=twitter

.............

3./   http://www.nsaneforums.com/topic/270805-two-factor-authentication-2fa-versus-two-step-verification-2sv/#comment-1100067

 

Link to comment
Share on other sites


52 minutes ago, mona said:

 

mine was Outlook

Yup I've read them, can't do much about that because we're the end users except being more careful

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...