Sujet : Phising via forging the "from" in an SMS message.
De : robin_listas (at) *nospam* es.invalid (Carlos E.R.)
Groupes : comp.mobile.androidDate : 23. Nov 2024, 22:40:19
Autres entêtes
Message-ID : <4nu91lx41l.ln2@Telcontar.valinor>
User-Agent : Mozilla Thunderbird
Hi,
Imagine you normally get SMS messages from the bank, and the from is not a number but a name:
BANK OF ME
Date: now.
You made successfully a payment of 10€ to Mr B.
And you have a conversation. You trust those messages in your SMS application. They are legit. One day, you get another SMS in the same conversation:
BANK OF ME
Date: now.
Warning, strange movement, please click here http:\some.bad.link.com
But this last message is a fake. The bad guys convince you, they get your credentials and your money. A case like that was seen recently in court here, and the bank lost. They must do more to ensure security, they did not protect their client properly.
(in Spanish:
https://www.genbeta.com/seguridad/parecia-imposible-condenan-al-bbva-a-reembolsar-dinero-estafado-via-sms-a-clienta-debe-asumir-su-responsabilidad).
Now my question is, how did the bad guys insert a false SMS in the same conversation from the bank. They successfully forged the bank name (there is no phone number). What is the hole in the GSM network that allows this forgery?
(I have similarly forged texts in my phone, I have direct first hand proof).
-- Cheers, Carlos.
Phising via forging the "from" in an SMS message.
Re: Phising via forging the "from" in an SMS message.