mona Posted June 12, 2016 Share Posted June 12, 2016 Dynamic Sender ID?...Spoofing?... What are these, and what do I need to know about them? Ever wondered why and how some SMS messages you receive come up with the name of the company or some identifiable number? This is a common feature used when sending enterprise to person SMS, and is called dynamic sender ID or dynamic originator. When we send a text message to another mobile phone it shows our mobile number as the “originator” of the text message. Usually our friends and family will add us to their mobile phone address book so when we text or call our name will appear on the handset to easily identify who is calling or sent the message. In the world of enterprise to person messaging the sender ID can be changed to allow the sender to be identified without them being in your address book and as a consequence, this allows quick identification of the sender using their brand name e.g., a text message from “Amazon” notifying you your parcel will be delivered; instantly allows you to understand the message without thinking. A sender ID can be one of 3 types; alpha, numeric, and shortcode. (Note: Only numeric and shortcode sender ID's can be replied to.) Alpha sender IDs consist of letters (a-z) and digits (0-9), other characters may be used but may not be supported by all phones and operators. Numeric sender IDs should be in an international format e.g. +447712312312. Alpha sender IDs are usually limited to a length of 11 characters and numeric sender IDs are limited to 16 digits. Shortcodes are typically 5 or 6 digits but this can vary by country. The use of a dynamic sender ID feature is not allowed in all countries, as it is subject to the local compliance and carrier rules. For example in the UK, all forms of dynamic sender IDs are allowed whereas in the USA and Canada, commercial messaging must originate from a registered shortcode, and a dynamic sender ID is not supported. Your messaging provider will be able to provide you with a global overview of what is supported and where. Due to the power of this feature it can be taken advantage of for illegal purposes. Spoofing...like the word suggests is not a good thing. Spoofing is when an entity is impersonating another business or individual and sends text messages that appear to be originating from the real business or person. As you probably have already guessed this is usually a phishing or scam activity which is intended to obtain information from a person to be used in a fraudulent manner. Here are some real life examples of text messages, one using a legitimate sender ID and the other an example of spoofing: Dynamic SenderID Spoofed It should be noted that the above text messages were received by a writer of this blog, and did not traverse the Mblox network. Though spoofing exists, there are ways you can protect yourself and your customers and maintain your brand reputation through best practices for sending text messages: ... 1. Consistent use of branding in all text messages sent to customers 2. Always include information on how your customers can reach you (reply HELP, telephone number, email or company URL) 3. Provide information on how your customer can opt-out of future messaging 4. From time to time send “information only” messages to educate your customers , for example - COMPANY_NAME: We take data security seriously and will never ask for personal information from you via text (SMS). For any question please contact us at support@company_name.com. Thanks! 5. Remind customers that they can report spoofing by contacting you directly and their mobile operator, and / or the company being spoofed. Also some countries e.g. UK and the US offer the ability for mobile subscribers to forward a suspicious SMS message to a shortcode and in both countries the shortcode is 7726. 6. Ensure that your SMS provider takes spoofing incidents seriously and is willing to assist in blocking these types of messages if the need arises. ... In short, using a dynamic sender ID feature is ideal for a brand or business who wants their clients to easily identify who is sending the text messages. Spoofing is rare since most messaging providers (including Mblox) do not allow companies to send a message with a dynamic sender ID until their identity has been verified and a binding contract executed. Through the continued use of best practices you can maintain your client’s privacy and your brand’s reputation by educating your customers so they can recognize the difference between a legitimate text offer from you or an impostor. Source Link to comment Share on other sites More sharing options...
mona Posted June 12, 2016 Author Share Posted June 12, 2016 Staff - if you think this article fits better in mobile section - move it there, please. Thanks. Link to comment Share on other sites More sharing options...
Batu69 Posted June 12, 2016 Share Posted June 12, 2016 Moved from Security & Privacy Center forum. Link to comment Share on other sites More sharing options...
mona Posted June 12, 2016 Author Share Posted June 12, 2016 46 minutes ago, TheDevilInMe said: Why is the article specifically targeting Apple? I'm asking rhetorical questions. I already know the answers. Pure , Where - in your opinion - is this article targeting Apple or any specific brand at all ? BTW Link to comment Share on other sites More sharing options...
Sylence Posted June 12, 2016 Share Posted June 12, 2016 4 hours ago, mona said: Pure , Where - in your opinion - is this article targeting Apple or any specific brand at all ? BTW Spoiler Whichever is easier XD Link to comment Share on other sites More sharing options...
mona Posted June 12, 2016 Author Share Posted June 12, 2016 1 minute ago, saeed_dc said: Whichever is easier XD BTW I'm not a creator of this meme. OK ? Link to comment Share on other sites More sharing options...
Sylence Posted June 12, 2016 Share Posted June 12, 2016 3 minutes ago, mona said: BTW I'm not a creator of this meme. OK ? Of course, all the blame goes to motifake.com, if any Link to comment Share on other sites More sharing options...
mona Posted June 12, 2016 Author Share Posted June 12, 2016 @saeed_dc Read the OP article. I remember your thread about fishy email (right, it was an email not an sms) you received. If I'm not mistaken it contained spoofed sender ID too. Link to comment Share on other sites More sharing options...
Sylence Posted June 12, 2016 Share Posted June 12, 2016 8 minutes ago, mona said: @saeed_dc Read the OP article. I remember your thread about fishy email (right, it was an email not an sms) you received. If I'm not mistaken it contained spoofed sender ID too. your post is very good and useful, though I wish it'd suggested some of the spoofing ways as well for...offensive security? I think the only people we get dynamic sender IDs from here are mobile operators, the rest when sending SMS their numbers show up, usually bulk SMS panel numbers which are identical. my Email issue was a usual phishing method and contained a link to a malware, it was just me being so careless Link to comment Share on other sites More sharing options...
mona Posted June 12, 2016 Author Share Posted June 12, 2016 1 hour ago, saeed_dc said: my Email issue was a usual phishing method and contained a link to a malware, it was just me being so careless @saeed_dc Speaking about "e-mail" (Gmail if I remember well, right ?) .... Here is something ESPECIALLY for you : http://www.nsaneforums.com/topic/270865-how-to-spot-a-phishing-email/#comment-1100269 BTW Have you read about that ? Here are interesting reads - all on pretty the same subject, but from different points of few ... 1./ http://www.nsaneforums.com/topic/270835-hackers-find-clever-way-to-bypass-googles-two-factor-authentication/#comment-1100068 2./ http://www.csoonline.com/article/3079512/techology-business/need-to-bypass-googles-two-factor-authentication-send-a-text-message.html?utm_source=twitterfeed&utm_medium=twitter ............. 3./ http://www.nsaneforums.com/topic/270805-two-factor-authentication-2fa-versus-two-step-verification-2sv/#comment-1100067 Link to comment Share on other sites More sharing options...
Sylence Posted June 12, 2016 Share Posted June 12, 2016 52 minutes ago, mona said: @saeed_dc Speaking about "e-mail" (Gmail if I remember well, right ?) .... Have you read about that ? Here are interesting reads - all on pretty the same subject, but from different points of few ... 1./ http://www.nsaneforums.com/topic/270835-hackers-find-clever-way-to-bypass-googles-two-factor-authentication/#comment-1100068 2./ http://www.csoonline.com/article/3079512/techology-business/need-to-bypass-googles-two-factor-authentication-send-a-text-message.html?utm_source=twitterfeed&utm_medium=twitter 3./ http://www.nsaneforums.com/topic/270805-two-factor-authentication-2fa-versus-two-step-verification-2sv/#comment-1100067 mine was Outlook Yup I've read them, can't do much about that because we're the end users except being more careful Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.