Beware of SMS spoofing

THIRUVANANTHAPURAM: More than 23 lakh mobile phone users in Kerala could become vulnerable to a relatively new and emerging type of cyber crime that involves spoofing of short message service (SMS) communications, the State police have warned.

The Deputy Inspector General of Police, Thiruvananthapuram Range, Arun Kumar Sinha, said that "SMS Spoofing" software, tools and services offered on the Internet by certain hacking communities and private companies, including Indian firms, were being used to send hoax messages to unsuspecting cell phone users in Kerala.

A criminal or prankster could send a threatening, abusive, alarming or pornographic SMS message to any cell phone user through the Internet and show it as originating from another cell phone. The technology could be used by a prankster for victimising another person anonymously. For instance, the prankster could send an abusive message to an acquaintance of his victim and make it appear as if the SMS had originated from his victim's cell phone. The prankster can pull off the hoax without actually handling his victim's cellular telephone. "SMS faking is a criminal offence done mostly through the Internet. Some instances have come to the notice of the police. But the persons who have been hoaxed were not willing to file a police complaint," Mr. Sinha said.

A Bharath Sanchar Nigam Limited (BSNL) engineer said that mobile telephone users could easily find out if they have received a fake SMS by going to message options menu and checking the SMS message details. The details include the mobile phone number of the message sender and the message centre number of the cellular service provider. "If it is a fake message purportedly from a BSNL number, the message centre number would not be that of the BSNL service. It would be that of the SMS gateway hired by the company that offers the web-based spoofing service."

The Karnataka police are learned to be investigating a web-hosting company in connection with some SMS faking cases reported in Bangalore. The company had offered the public a web-based SMS sending facility for money. Those who subscribed to the service were given a user name and password with which they could log into the company's server and send SMS messages to mobile phones from the Internet. Some of the persons, who misused the facility to send abusive messages, had subscribed to the service using fake identities, making it difficult for the police to trace the offenders.