Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.mobile.android > #154230

Re: SMS spoofing

From VanguardLH <V@nguard.LH>
Newsgroups comp.mobile.android
Subject Re: SMS spoofing
Date 2026-06-19 01:05 -0500
Organization Usenet Elder
Message-ID <1htmjbmsfyz04$.dlg@v.nguard.lh> (permalink)
References <n9hmvmF3t7sU3@mid.individual.net> <s3crs4nq1d5n.dlg@v.nguard.lh> <n9i565F6v2gU2@mid.individual.net> <8idu6g1pxnf.dlg@v.nguard.lh> <n9imgiF97blU2@mid.individual.net>

Show all headers | View raw

"Carlos E. R." <robin_listas@es.invalid> wrote:

> My main question is if companies switching to sending RCS instead of SMS 
> would avoid impersonating the sender, because RCS uses certificates. On 
> the other hand, one certificate exchange per client in the database...

From what I've found about RCS, yes, it uses encryption to secure the
messages.  That's just encryption, not identification.  I've heard about
RCS spam for quite a while.  I doubt spammers want to be exposed.

If you used digitally-signed e-mail, anyone that gets your public key
can encrypt their message they send to you, and only you can decrypt
their message using your private key.  The x.509 and PGP schemes do not
secure who gets your public key, just that you're the only one that can
read the encrypted messages.

https://www.enea.com/insights/unmasking-the-security-challenges-of-rich-communication-services/
https://www.darkreading.com/threat-intelligence/lucid-phishing-exploits-imessage-android-rcs
https://censys.com/blog/lucid-phishing-platform-drives-toll-scam-campaigns/

RCS is just a modified messaging platform to which spammers, scammer,
and phishers will adapt.  Encryption is not identification.

At this point, I don't think you got phished.  I think your dental
provider had a hiccup in their accounting system, or someone there
entered the wrong account in the notice you got.  The text you got only
mentions a claim number, not your name, account number, or any other
identifying information of your business with them.  Adding identifying
info in a text would make it larger, and they may be restricting their
texts to the old 160-character limit of SMS.  

Was the bogus message sent using RCS, or just SMS?  RCS messages should
show Encrypted with a padlock icon at the top.  Some will show RCS
messages in a differently colored bubble.  Some show a shield icon with
a checkmark.  Apple's iMessage shows a "<padlock> Encrypted" at the top
of an RCS message.  How to differentiate SMS from RCS depends on which
messaging app you use.  


<Aside - Read Receipts>

With RCS, the sender can request read receipts.  Similar to how they
work with e-mail.  I always disable responding to read receipt request
in my e-mail clients.  None of the sender's business if I read their
e-mail, or not.  Well, did you check read receipts is disabled in
whatever messaging app you use?  It might be called "Send read receipts:
Let others know you've read their message".  I'm using Samsung's bundled
Messages app on my Samsung Galaxy A56 phone, and just checked.  Yep,
read receipts was enabled, so I disabled it.  If that was a phisher's
message, and you have read receipts enabled, you reading their text told
them their message successfully reached you, and you read their message
making you a valuable contact to hit again.  If using Google's Messages
app, see:

https://support.google.com/messages/answer/7189714
"Let others know you've read their messages"

If read receipts is enabled, you might see a single checkmark on your
sent message showing it got delivered.  Two checkmarks mean your sent
message got delivered and read.  If the recipient has read receipts
disabled, they'll still probably be the one checkmark noting delivery.
Delivery only isn't of value to spammers, but delivery and read status
are important as the spammer knows the recipient read their RCS spam
message.

https://www.cnet.com/tech/read-receipts-can-be-a-privacy-risk-on-iphone-or-android-heres-how-to-turn-them-off/

Read reciepts have the same privacy issue whether for e-mail or RCS.  My
attitude is to hide from the sender when I read their e-mail or RCS
message.  None of their business.  Other users might want read receipts
enabled, because those users are more social addicts than I (and they
probably do social sites aka sites for the socially needy whereas I
avoid them).

</Aside - Read Receipts>

Back to comp.mobile.android | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-18 10:01 +0200
  Re: SMS spoofing VanguardLH <V@nguard.LH> - 2026-06-18 03:36 -0500
    Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-18 14:04 +0200
      Re: SMS spoofing Andy Burns <usenet@andyburns.uk> - 2026-06-18 13:07 +0100
        Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-18 14:18 +0200
      Re: SMS spoofing VanguardLH <V@nguard.LH> - 2026-06-18 08:40 -0500
        Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-18 19:00 +0200
          Re: SMS spoofing AJL <noemail@none.com> - 2026-06-18 18:08 +0000
            Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-18 20:49 +0200
          Re: SMS spoofing VanguardLH <V@nguard.LH> - 2026-06-19 01:05 -0500
            Re: SMS spoofing Andy Burns <usenet@andyburns.uk> - 2026-06-19 07:46 +0100
              Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-19 12:12 +0200
              Re: SMS spoofing VanguardLH <V@nguard.LH> - 2026-06-20 03:14 -0500
                Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-20 10:25 +0200
            Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-19 12:11 +0200
  Re: SMS spoofing Andy Burns <usenet@andyburns.uk> - 2026-06-18 10:13 +0100
    Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-18 14:05 +0200
  Re: SMS spoofing Theo <theom+news@chiark.greenend.org.uk> - 2026-06-18 11:38 +0100
    Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-18 14:10 +0200
      Re: SMS spoofing Philippe <p.naudin+nntp@free.fr> - 2026-06-18 14:48 +0200
      Re: SMS spoofing VanguardLH <V@nguard.LH> - 2026-06-18 08:57 -0500
        Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-18 19:14 +0200
  Re: SMS spoofing AJL <noemail@none.com> - 2026-06-18 15:56 +0000
  Re: SMS spoofing Jörg Lorenz <hugybear@gmx.net> - 2026-06-19 09:13 +0200
    Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-19 12:13 +0200
      Re: SMS spoofing Jörg Lorenz <hugybear@gmx.net> - 2026-06-19 14:16 +0200
        Re: SMS spoofing Theo <theom+news@chiark.greenend.org.uk> - 2026-06-19 17:22 +0100
          Re: SMS spoofing Jörg Lorenz <hugybear@gmx.net> - 2026-06-19 21:23 +0200
          Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-20 01:17 +0200
        Re: SMS spoofing "Carlos E. R." <robin_listas@es.invalid> - 2026-06-20 01:14 +0200

csiph-web