SMS technology allows for SMS messages to be sent from an alphanumeric sender ID, instead of just a numeric cellphone number. For example, SARS can now send an SMS message to you with the word ‘SARS’ appearing in the ‘From’ field at the top of the message.
The main benefit of using an alphanumeric sender ID is that it is much easier for consumers to recognise the sender.
However, what many don’t realise is that it is possible for this SMS feature to be abused by criminals who can spoof legitimate company or organisation’s sender ID.
SAPS recently sent the following message to almost all MTN subscribers:
origin address: SAPS message: SAPS urges SA citizens to voluntarily hand in all illegal firearms before 11 April. For more info call National Firearms Call Centre 012 353 6111
Criminals could quite easily send the same message, with SAPS as sender, but replace the contact number with their own (the NF Call Centre number does not work anyway), and in this way collect a number of illegal firearms.
It is worth investigating to what extent sender IDs are controlled locally and globally. There are currently a multitude of international SMS messaging providers that offer sender ID modification, with varying levels of control. Mobile operators also have differing degrees of control for ID modification.
In South Africa, Vodacom blocks all international SMS traffic with a modified alpha sender ID. It now offers sender ID control to Vodacom Wireless Application Service providers (WASPs), making sure that each ID used is fully registered. Consumers on the Vodacom network are guaranteed that a message coming from ‘SARS’, for example, and was sent via a fully registered Vodacom WASP, and a member of WASPA.
At this stage, however, those on any network other than Vodacom cannot fully trust sender IDs. A message that says it comes from ‘SARS’ or ‘SAPS’, could in fact be a phishing attack or an advance fee fraud (419) scam. The message could originate from a foreign fraud syndicate using a network based in another foreign country, bypassing the SMS Messaging Centre of your home network, and bypassing WASPA regulations.
If proper controls are embraced by the industry as a whole, alphanumeric sender IDs could be a very effective safeguard against a number of SMS scams, by allowing consumers to easily recognise the sender without the possibility of spoofing.