Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.mobile.android > #144211

Phising via forging the "from" in an SMS message.

From "Carlos E.R." <robin_listas@es.invalid>
Newsgroups comp.mobile.android
Subject Phising via forging the "from" in an SMS message.
Date 2024-11-23 22:40 +0100
Message-ID <4nu91lx41l.ln2@Telcontar.valinor> (permalink)

Show all headers | View raw


Hi,

Imagine you normally get SMS messages from the bank, and the from is not 
a number but a name:

   BANK OF ME
   Date: now.
   You made successfully a payment of 10€ to Mr B.

And you have a conversation. You trust those messages in your SMS 
application. They are legit. One day, you get another SMS in the same 
conversation:

   BANK OF ME
   Date: now.
   Warning, strange movement, please click here http:\\some.bad.link.com


But this last message is a fake. The bad guys convince you, they get 
your credentials and your money. A case like that was seen recently in 
court here, and the bank lost. They must do more to ensure security, 
they did not protect their client properly.

(in Spanish: 
https://www.genbeta.com/seguridad/parecia-imposible-condenan-al-bbva-a-reembolsar-dinero-estafado-via-sms-a-clienta-debe-asumir-su-responsabilidad).


Now my question is, how did the bad guys insert a false SMS in the same 
conversation from the bank. They successfully forged the bank name 
(there is no phone number). What is the hole in the GSM network that 
allows this forgery?

(I have similarly forged texts in my phone, I have direct first hand proof).

-- 
Cheers, Carlos.

Back to comp.mobile.android | Previous | NextNext in thread | Find similar | Unroll thread


Thread

Phising via forging the "from" in an SMS message. "Carlos E.R." <robin_listas@es.invalid> - 2024-11-23 22:40 +0100
  Re: Phising via forging the "from" in an SMS message. VanguardLH <V@nguard.LH> - 2024-11-23 21:03 -0600
    Re: Phising via forging the "from" in an SMS message. "Carlos E.R." <robin_listas@es.invalid> - 2024-11-24 14:35 +0100
      Re: Phising via forging the "from" in an SMS message. micky <NONONOmisc07@fmguy.com> - 2024-11-25 13:28 -0500

csiph-web