SMS Spoofing


The GSM industry has identified a number of potential fraud attacks on mobile operators that can be delivered via abuse of SMS messaging services. The most serious threat is SMS Spoofing, which occurs when a fraudster manipulates address information in order to impersonate a user that has roamed onto a foreign network and is submitting messages to the home network. Frequently, these messages are addressed to destinations outside the home network—with the home SMSC essentially being “hijacked” to send messages into other networks.

The only sure way of detecting and blocking spoofed messages is to screen incoming mobile-originated messages to verify that the sender is a valid subscriber and that the message is coming from a valid and correct location. This can be implemented by adding an intelligent routing function to the network that can query originating subscriber details from the home location register (HLR) before the message is submitted for delivery. This kind of intelligent routing function is beyond the capabilities of legacy messaging infrastructure.

In an effort to limit telemarketers who had taken to bombarding users with hordes of unsolicited messages, India introduced regulations in September 2011, including a cap of 3,000 SMS messages per subscriber per month, or an average of 100 per subscriber per day. Due to representations received from some of the service providers and consumers, TRAI (Telecom Regulatory Authority of India) has raised this limit to 200 SMS messages per SIM per day in case of prepaid services, and up to 6,000 SMS messages per SIM per month in case of postpaid services with effect from 1 November 2011. However, it was ruled unconstitutional by the Delhi high court, but there are some limitations.

There are various other markets that has since put measures in place to prevent this. Please reach out to our team if you have encountered any Spoofing through the InMobile platform. More information on how we deal with Spam can be found in our Terms and Conditions.