General discussion

How are scammers sending text messages using my cell number?

A friend called to tell me he'd gotten a text that was apparently from me (from my cell #) but it was a scam. I know I didn't send him that text.

Question is, how did someone associate his phone # with mine.
(A) Hacking one of our cell phone providers' records?
(B) An app we both use that has access to our phone numbers and records on our phones?
(C) Something else....... ???
...and how does he, or how do I, keep this from happening in the future?? Thank you.

--Submitted by R. A.

Discussion is locked
Reply to: How are scammers sending text messages using my cell number?
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: How are scammers sending text messages using my cell number?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
Spoofing is one way...

I don't know if there are several ways, but I am aware of what is called spoofing, where you use a service or perhaps an app, and you follow their spoofing instructions to make it appear their number is sending texts or making their call.

Years ago, when I'd initially heard about spoofing and wanted to see how it worked, I found a website, created an account, followed their instructions and spoofed my spouse.

The website had a disclaimer stating they keep all information that you do but didn't use it against you unless you did anything illegal and the law became involved, that they would disclose your records.

Spoofing worked (at least back then - and I am talking 10 years back so trying hard to recall the steps) ... spoofing worked by placing a call to the very number that you intended to use to spoof someone with. I cannot recall how, but that person never received information of your phone call, so never knew it was you calling.

The key is that the call you placed to said number must be answered by said said number., and somehow that made spoofing work to be able for them to make it appear you are doing the sending/calling to another number.

What I am unsure of is if a call goes to voicemail, if that also can complete the spoofing attempt.

I am not certain if anything about spoofing has changed in all this time, but I can verify that it worked for me.

I do not have records of the website, which supposedly was legal, and I never used it a second time. I was purely curious to see if spoofing was a real thing. It most certainly was.

Someone else may be more helpful and more knowledgeable, but this the one way that I can attest worked.

- Collapse -

Spoofing still works. It will work until the various carriers actually implement the long-held plan to encrypt subscriber information. There was just a story on this via Yahoo News a few months back. It's commonly used for prank calling and apparently not illegal in and of itself.

- Collapse -

Working for the government, I had to check into services that do mass=texting and you "spoof" the telephone number. U.S. law requires "permission" from the receiver for you to do this OR you can have a previous business-relationship. Still, U.S.-based services want proof of permission just to be on the "safe-side". Overseas? Not so much. We just had to "certify" that we had legal rights to send our text messages (prior business contacts) and a place in South Africa handles our requests (over 800,000) with a phony cell number that filtered back to our help desks, in our case. Didn't cost all that much either!. Could there be other ways to do the spoofing? Yes. Encryption by the carriers would have done nothing as we got the list of numbers (with names and SSNs) elsewhere. Was all legal especially with our lawyers analysis. You can create your own "text server" that is a device where you can load up a bunch of SIM cards to make the work go a lot faster.

- Collapse -
Having issues right now

my former foster kid is using a phone number that I purchased and pay monthly services charges on to text people. I don't know if through TextNow or GoogleText or what, but when my husband sends a text to that number it goes to the former foster kid. The phone that number is tied to is with my brother in law, and when I text or call I get the brother in law. I'm trying to get the brother in law to bring the phone back to me so I can change the number on it/the SIM, and do a factory reset (plus I need to change some network setting so that he will get better service).

The foster hasn't lived with me in 4 months now, and shouldn't have had that number on any other account anyway, but here we are.

- Collapse -
cancel the accounts

That should end it.

- Collapse -
Agree With James

If the two phones have two SEPARATE phone numbers, then there should not be an issue unless an APP is being used for texting. Or you should check the phone number on the phone you are trying to contact and see how you are trying to contact it. If you have to login to something, that account may still point to the old number.

- Collapse -

is this doable for txt msgs AND calls??? and calls recorded phone #s given? assumed only txt msgs cld be seen,or read.?.
i believe i was spoofed by a family member who’s the phone contract is under. not worried about the #s called/received but text messages,I AM!
also received msgs from a GF who didn’t send them but when receiving it said my GF name stored as..
so is calling/receiving calls safe? and in recordable? or should i only worry about texts? any help much preciated.. thx 1 nervous employee

- Collapse -
Of Course

Did you ever get a text message with a phone number that looks like:


Businesses almost always use SPOOFED numbers both to call you and to text you. Why? Because if they call or text you by a computer system, the actual phone number is NOT the number they want you to reply on. Many times, they have 20-100 OUTGOING lines for either calls or texts, but they want you to contact them on a central INCOMING number so they can tell you to press 1 for English. Same applies for computer texting. One rotating line incoming number but many outgoing numbers. I found in one case that the strange numbers for this one company was the company's ASCII initials.

An example: We wanted to send text messages to 800,000+ of our clients to remind them to pay their bill. The real outgoing numbers were with a company in South Africa that provides the service (we didn't want to buy the hardware, SIMs and software for a limited campaign. We wanted anyone doing a reply to use a central U.S. 800 number for calls and the service provided a reply service for texts. Was all legal (we had to check with lawyers). But businesses use spoofing so you don't call some weird outgoing line.

- Collapse -
Unknown source scamming I have no # to spoof

There was one message sent to a number
I didn't know, mobile # should I spoof that # ?

- Collapse -
super easy to spoof...but probably a phone virus.

1 - you may have a virus on your phone allowing remote access....remember your phone is an internet connected computer. I havnt heard of it yet, but am in the industry like 20+ years...phones have been destined to be hacked for the past 10 years.
2 - spoofing has been around since the beginning. We used to run a program in 1995 called alfiejr to send pages to alphanumeric pagers using a modem. This did require a central sms processing system like carriers use now because the modem was the sms generator. Technically that same system could work today. And moreso alphiejr had a field "from" where you insterted the outbound number. Lets just say our help desk (tech nerds) had a lot of fun with that (I received a lot of texts from 531-8008 - flip it over) lol. Im sure that ability still exists today but even more easily accessed and sent via the web to a voip handoff.

- Collapse -
Could Be on Anyone's Phone

All they need is a list of the phone numbers and they can get that from anywhere. Yes, could also be a phone virus that traps your phone number and sends it to the dark web.

- Collapse -
anyway to tell if spoofed?

is this or these apps,etc detectable? and if so how wld i be able to tell? is the service provider involved? or able to see or tell if so? thx again..

- Collapse -
Not Really

But a from number of 123-89 or 123-456 (format) is usually a good sign that it's from some business that uses spoofing.

- Collapse -
There is an app for that

Do you know that there are apps that let you place calls or send text messages using absolutely ANY number you want. You can send a text message that looks like it comes from Japan, Russia, Australia, Norway or any city from your country.
You also can send text messages from any PC, and you can send tons of them for free, just as easily as SPAM is sent.

A) Highly unlikely.
B) Possible but not needed. Just make sure that you don't have any rogue app installed.
C) You bet !

Preventing this from happening in the future ? You just can't, no more that you can prevent some crook from sending SPAM that look as if it's coming from you.

If you get any suspicious message, BE suspicious and check with the apparent sender IF and ONLY IF you know him. Otherwise, just delete that message.

- Collapse -
This is called "Caller ID Spoofing."

When the caller ID system was created, they included a feature that permits a false number and name to be entered in the field that is used in your phone's display of the number. This was not a bug or a vulnerability -- it was actually a feature of the system.

Why they included it is a mystery to me. The reasons I have heard involve a desire on the part some callers not to reveal their number or location -- people like wives trying to escape abusive husbands and whatnot to conceal the regional location of a women's shelter she may be using for temporary respite.

Furthermore, it is possible -- indeed easy -- to send texts from computers, although most carriers permit you to disallow this on your phone. Since the dialer knows the number it is dialing, and can spoof the caller ID, it can put any number it wishes (including your own number) in the field that displays on your phone.

But it is time to eliminate the ability to spoof caller ID. Any legitimate privacy concerns can be fully addressed by the "Unknown Caller/Unknown Number" feature. Caller ID Spoofing is only used by spammers and scammers, and it should be eliminated from the system.

- Collapse -
It's Hard to Block

I don't know about others, I get alerts from a lot of services. Sometimes these alerts come through an app's "alert" and notification system as part of your smart phone OS. But other "alerts" show up as text messages. For example, I get updates on incoming snail mail/packages from the post office and UPS (you give them your cell number to do this). Those come from some computer system and the telephone number they appear from looks like this: 123-567 (6 digits). Very much a spoofed number (usually that is why only 6 digits) but very legitimate use of your cell phone so I sincerely DOUBT that the carriers will block spoofed numbers or that will lock out these valid services.

- Collapse -
Ed want

Can’t $%%\^|^78:$4&

- Collapse -
Not a Mystery

Think enterprise (business) use of calling and texting using hundreds of outgoing lines and only one incoming 800 number line. You have to spoof.

- Collapse -
Same as With Email Spoofing

First, let's take a quick look back at how email spoofing worked. Let's say, you like to send email to many of your friends at once. If just ONE of your recipients (friends) has a virus or malware on their system, it will read YOUR email and establish a list of email addresses. In addition, it may not be YOU sending anything. If someone else likes to send an email to a bunch of people, malware can intercept that and gather the email addresses. Remember that email is NEVER (NEVER!!!) secure unless you are using end-to-end (your computer to another computer) encryption. Any discussion of email "servers" is irrelevant (N.B.: there is nothing "political' being implied here. Look up TCP/IP and there is NO standard for secure email like there is for secure file transfer or secure web). Anyway, that means that essentially anyone can read your email especially the "envelope" (TO: or FROM: or CC: or even SUBJECT: fields). I could show people how to send an email that could be from whoever I say it is from. VERY easy and I'm pretty sure you and everyone has seen spoofed emails from invalid email addresses that came from packages that do advertising.

For your phone, we are dealing with text messages. Once again, there are sites world-wide that will allow you, for a very minimal charge, to send text messages with any "telephone number" as the from address. I had to do this for government work and we used a company in South Africa.

So how can this work? You sign up for some service online. You might think it is even a legit service (Amazon?) and someone decides to pick up your name, email address and cell phone number and sell that information in a big batch on the dark web. Could be an employee of a legit service or there could be web spoofing giving bad guys access to your info. Remember all those companies that got HACKED? Well, this could be a big part of that. Can someone send a text making it appear that it came from some other phone number? Of course! Sometimes you get alerts from the post office or UPS with a strange six-number phone number. Same thing.

All you can do is tell your friend that it didn't come from you and you can, at least, BOTH check your phones and your computer systems for any malware. If none found, the data could have come from elsewhere. I got some very suspicious text just last week with a web link. DON'T click on it! Just swipe and delete.

- Collapse -
Spoofing, Even Email, is Not Always a Bad Thing

Picture 50 employees typing out messages/emails. You don't want the replies coming back to these people. You want it to go to a single email address. Business use. Now, picture sending out almost 800,000 emails. Would take forever using one account but the company wants the replies going somewhere else. It's a typical business use.

- Collapse -
How are scammers sending text messages using my cell number?

It pains me to say the following, well, here we go! We can thank public databases for publishing everything pertinent about everybody! is the first step, pick a city and troll for some upstanding elderly person's phone number. Next, WE buy Caller ID spoofing software, or pay for a service that displays whatever you want for all out going calls. VOIP makes the possibilities endless. The point of spoofing a phone number is to Get Someone on the Phone! If you' re the nefarious creeps recording the conversation for the sole purpose of ripping people off, find something better to do! If you want security you'll have to Get A VPN and Ghz router, flash to a Kong Mod so there's chance the manufacturer can "drop on by" to see what you're doing with their router! If you want to cut down on the spoof caller ID's Get a Google Hangouts Phone number, it's free. Go to settings and forward the voip line to whatever phone you want to accept the call. Yes, hangouts asks you before taking you to the live call. Use your nifty Kong Mod Router to AdBlock, load black and white lists, Once you've establish a Hangouts phone number you can one-touch block a caller, record, and +contacts! No need to give your home or cell numbers to anyone ever again. Stop using your real-life contact info, the more you POST your info the more likely someone is likely to "mine it", sell it, or use to get your important credentials. It's a jungle out there look out!

- Collapse -
Worse than Whitepages

If you own a home/house (even if it isn't paid off), do a search or two. First, try your name. (Beware! Some search engines publicly display "trending" and, for a few seconds, your search item may be seen by everyone -- stupid idea). After you try your name, try your address (same warning). At least in California, the counties make home ownership PUBLIC record! That means there are services out there that connect to the county government and can pick up a lot of information and place it on their systems as a "service" to real estate companies or just vendors. Unfortunately, I know of at least one who puts all the information out on a website available to everyone.

Thinking out loud.... Maybe I should create a corporation/trust and put the house in the name of the trust but I'd have to wonder if my property tax will go up as a result.

- Collapse -
Public Records
Where we live names and addresses are 100% public information thanks to the County Auditor. The only thing you'll have a bit of a problem getting is the phone number associated with the address. One can even get the history of all the owners of any specific address. It's all BS and everything is always about trying to sell you something or stealing from you in one way or another. Hasen't the I-Net turned into a wonderful place.
- Collapse -
Before the Internet

Public Records have always been around. Before the internet, you could simply go to the County Recorder's Office and look the information up on Microfiche. You can still do that today. You have to think of the government is representative of the general public. All the Internet does is make it all easier.

- Collapse -
Treat Unfamiliar text messages like emails BEWARE

Hi Cnet, here's what happened to me . I received a txt from Verizon on day with the big red check mark logo .
It looked real and when they asked if I wanted to save money off my next bill click here underlined text in blue like yours that said read answers . Well I did
Lil did I know it was a trick but nothing happened it glitched a few times screen flashed like I was going to a webpage for Verizon but Nothen oh well went on about my weekend .this was on a Friday Then come Monday my phone was off so I called Verizon but wait I got a alert I was over my data package .. WHAT ?
So then I got worried I knew txt message was a trick . I tried to get online to my account it was locked. My phone app my Verizon password locked so I called them and was transferred around and around til I reached THE FRAUD specialist Dept. Oh my I was asked who do I know in Russia etc etc then they said your data was being stolen all weekend to multiple phone lines and my bill was almost at 5000 dollars til they cut the cord . They asked if I had an idea and I forwarded them the text message . My bill was never the same for 6 months but it is now finally after I threatened to cut their cord . So beware of text you don't know who they are from .

- Collapse -
Phonecalls, texts, emails ... nothing is safe

I just recieved a call from my CCservices .... well I didn't .... it was a spoof ... and lucky for me I missed the call, and upon calling my ccservices (scarily the exact same number) and no record of them contacting me, I realized it was on the Cell line the bank didn't even know off
(Last time, being concerned, I told them I would call back on the number I have on record ... and it was a valid call)
Texts actually were the second spoofed/ghosted items after e-mails (which were always easy) ... once the had txts down phone calls followed .... interestingly predominantly from local area code and even very frequently from numbers with the same prefix
I used to tag scam numbers in contacts as spam, only to realize 'spoofing' and that I was potentially blocking potential customers
No safeguard except "Never give out information to someone that 'called you' .... Call them BUT use a verified number, not one they provide you, but your banks phonebook listing, the service number on back of CCcards, the number on your loan paperwork
Also 'banks do not text for info'

- Collapse -
CallerID spoofing!

The SMS system has several possibilities for spoofing sender IDs. It is impossible to do from an ordinary phone (non-smart), as the operators have a check. Many VOIP providers allow the caller ID to be set on their smart phone apps. However, they validate that the user has an access to the phone number by sending an OTP token. Selecting the sender ID is done when SMS messages are send to a mobile operator through a direct SMSC connection. Normally these messages have sender ids shown as short codes or text message headers. The operators allow long form sender ids (that appear like normal phone numbers) but are very selective in allowing this to be done and only permit it for a "trusted entity". So, the possibilities here are:-

1. There is a malicious app on the phone that has the SIM from where the message appears to be sent.
2. Some malicious code is exploiting a vulnerability in a VOIP app that has a SMS capability
3. Most unlikely, though there is a mobile operator somewhere in the world, where they do not enforce adequate controls to validate the processes of those entities that message through their SMSC and allow long form mobile numbers to be used.

- Collapse -
It is very easy

As a previous Pbx administrator, you can send change the number you are calling from to any number you want, both the area code and the entire phone number. What I do not understand is why the carrier does not correct this before the call actually connected, I would think that would be THEIR responsibility to get on this and charges should be pressed on the person spoofing the phone number

- Collapse -
Scammers and Cell Phones.

Since it is an issue that I have been dealing with for some time and these are some of the things that I have discovered about it. The first thing that I discovered was that the Cell Provider has been hacked and the scammers are into the services system and they are watching for numbers that are being used, but not in use at the present time so they use that number to scam people, until that number goes active and some one is using it. This is not only being used for text messages but all other scammers are using the numbers such as the Credit Card Interest Rate Scam is being fed this way. I contacted my Cell Provider, and while they were aware that it was happening, they were not doing much about it. Then I have also noticed that there are service providers that send you texts as a reminder to do something, and those systems have also been hacked. Since your number is in this system, they can use your number to send scammer texts because they are spoofing your number. I complained to one of the providers of this service, and while the number of scam texts dropped, it has not completely ended.

- Collapse -
This practice sounds dangerous

I mean, if anyone can "spoof" a person, using an ill-gotten phone number, then how FAR might this practice expand to?

For example:

I have a number, of "video" messages, on my own, mobile line.

All that each message shows is "new message", followed by which looks like a piece, of 35 m.m. film.

I fear to open these messages, since I do not know if mobile phones can be "virused". I mean, CAN a mobile phone be "crashed" by either "spoofing", or viruses.

CNET Forums