8th - Jan - 2016
Dynamic Sender ID?…Spoofing?…What are these, and what do I need to know about them?
Ever wondered why and how some SMS messages you receive come up with the name of the company or some identifiable number? This is a common feature used when sending enterprise to person SMS, and is called dynamic sender ID or dynamic originator.
When we send a text message to another mobile phone it shows our mobile number as the “originator” of the text message. Usually our friends and family will add us to their mobile phone address book so when we text or call our name will appear on the handset to easily identify who is calling or sent the message.
In the world of enterprise to person messaging the sender ID can be changed to allow the sender to be identified without them being in your address book and as a consequence, this allows quick identification of the sender using their brand name e.g., a text message from “Amazon” notifying you your parcel will be delivered; instantly allows you to understand the message without thinking.
A sender ID can be one of 3 types; alpha, numeric, and shortcode. (Note: Only numeric and shortcode sender ID’s can be replied to.) Alpha sender IDs consist of letters (a-z) and digits (0-9), other characters may be used but may not be supported by all phones and operators. Numeric sender IDs should be in an international format e.g. +447712312312. Alpha sender IDs are usually limited to a length of 11 characters and numeric sender IDs are limited to 16 digits. Shortcodes are typically 5 or 6 digits but this can vary by country.
The use of a dynamic sender ID feature is not allowed in all countries, as it is subject to the local compliance and carrier rules. For example in the UK, all forms of dynamic sender IDs are allowed whereas in the USA and Canada, commercial messaging must originate from a registered shortcode, and a dynamic sender ID is not supported. Your messaging provider will be able to provide you with a global overview of what is supported and where.
Due to the power of this feature it can be taken advantage of for illegal purposes. Spoofing…like the word suggests is not a good thing. Spoofing is when an entity is impersonating another business or individual and sends text messages that appear to be originating from the real business or person. As you probably have already guessed this is usually a phishing or scam activity which is intended to obtain information from a person to be used in a fraudulent manner.
Here are some real life examples of text messages, one using a legitimate sender ID and the other an example of spoofing:
Dynamic Sender ID
It should be noted that the above text messages were received by a writer of this blog, and did not traverse the Mblox network.
Though spoofing exists, there are ways you can protect yourself and your customers and maintain your brand reputation through best practices for sending text messages:
Consistent use of branding in all text messages sent to customers
Always include information on how your customers can reach you (reply HELP, telephone number, email or company URL)
Provide information on how your customer can opt-out of future messaging
From time to time send “information only” messages to educate your customers , for example - COMPANY_NAME: We take data security seriously and will never ask for personal information from you via text (SMS). For any question please contact us at support@company_name.com. Thanks!
Remind customers that they can report spoofing by contacting you directly and their mobile operator, and / or the company being spoofed. Also some countries e.g. UK and the US offer the ability for mobile subscribers to forward a suspicious SMS message to a shortcode and in both countries the shortcode is 7726.
Ensure that your SMS provider takes spoofing incidents seriously and is willing to assist in blocking these types of messages if the need arises.
In short, using a dynamic sender ID feature is ideal for a brand or business who wants their clients to easily identify who is sending the text messages. Spoofing is rare since most messaging providers (including Mblox) do not allow companies to send a message with a dynamic sender ID until their identity has been verified and a binding contract executed. Through the continued use of best practices you can maintain your client’s privacy and your brand’s reputation by educating your customers so they can recognize the difference between a legitimate text offer from you or an impostor.
Contributors: Rob Malcolm, Mitzi Mori
Originally posted on mblox.com