1. Home
  2. UK Do-It-Yourself Forum
  3. OT - mobile phones, messages, originator name, phishing - Xpost

OT - mobile phones, messages, originator name, phishing - Xpost

I received a text message which didn't show a phone number but just the name PayPal.

Now I had previously assumed that if the number wasn't in my phone book then I would just see the number. However the name doesn't show up in phone contacts. Looking at the log entry the number is shown as 729724.

The text message was querying a transaction to WebAct Limited (which doesn't show up on a Google search) and had a "tr.im" shortened link to click on. Which I obviously didn't.

Not from PayPal because there is no record of any pending transaction, and PayPal don't (according to my profile) know my mobile phone number.

Slightly worrying because the message was addressed to me by name, so my name and mobile phone number are tied together and available somewhere out there on the Interwebs.

I have looked on line and found SMS spoofing but the description doesn't seem to quite marry with having both an originator number and an originator name.

However on further checking I have authentic alert messages from my bank which also show a name where the underlying number is not in my contacts. So some of these types of messages do seem to be valid.

Anyway, first time I have seen this (as far as I know) and the site

says "The Originator Address is the value within each SMS text message that is displayed on the receiving device as the Message Originator (Sender ID). Many mobile network operators support setting the Originator Address dynamically, which means that your SMS text messages can be branded with your own company name or telephone number."

So apparently it is all fine and dandy.

So a warning to anyone who is unaware (as I was) that seeing a familiar name on a text doesn't mean that it is from a known contact.

Also, beware of texts from PayPal.

I am always very cynical about emails; hadn't appreciated that text Phishing was on the go.

Cheers

Dave R

Reply to
David
Loading thread data ...

Whilst it's a good thing to give a warning, it should be noted that this has always been technically possible (although there's a very low limit on the number of characters - 8 or something).

It's also possible to spoof a message from a number you do know to make it look like it came from e.g. your bank.

Reply to
Someone Somewhere

It could be anyone who you've bought from using PayPal, they get your email, address (for delivery) and presumably phobile too?

Reply to
Andy Burns

On 05 May 2016, Andy Burns grunted:

Yes I have a dedicated email address for PayPal/Ebay, and it's surprising (or not?) how much spam (and I mean spam, not 'kosher' marketing emails) it attracts. Can only have emanated from somebody who I have done business with.

Reply to
Lobster

Lobster considered Thu, 05 May 2016

14:20:17 GMT the perfect time to write:

surprising

I can use a different email address for each vendor (which all redirect to my normal one, but they have no way to know that) so I can often tell which rotten scoundrel is selling my details to criminals - and avoid them in future. That doesn't help with the phone number bit, but is useful for the email security.

Reply to
Phil W Lee

Or whose PC or online account has been pwned by some reprobate. I've been thinking about getting a domain and putting up some web pages, but it's nice out ...

Reply to
Rob Morley

I don't have a paypal account, but I have very occasionally paid online with a card through paypal. And using a dedicated email for just that transaction I know exactly which vendor is responsible for leaking that address.

Reply to
DJC

Don't think I've had out-and-out spam to mine, but plenty of "buy more stuff from us" emails.

I'm sure many of us here do that, but if you pay with paypal they get the email address you sign-in to paypal with (as well as any direct email you've used for that vendor) presumably you don't alter your paypal email each time you buy something?

Reply to
Andy Burns

Well I specifically request to not be sent text messages by anyone I do business with me as I have a dumb phone that just dings once when it comes in and if not in earshot it will remain pending till i get around to clearing out texts probably once a week. There are perfectly good email and phone contacts they can use.

Anything like Paypal or your bank should be readily checkable by other means without using anything supplied via the text message. Thus far two companies have ignored my request on this. Virgin who supply my broadband, and Vodafone who supply the mobile connetiong. Virgin normally use it far updating service visits and of course I'd know i was getting a visit as it was me what booked it. Voda on the other hand opt me in to promotional texts every time I top up, and I keep turning them off, but now I delete them without reading them. I think the bottom line is that as any mobile number is out there just like other numbers, you can get anything over it, and yes, they can use branding to hide the number, but this seems to not work on my old dumb phone as I get to hear both and if its a number I've never heard of, or worse one that is apparently with held, then delete is even faster.

I supposewhen my current phone dies I'll be forced to get a so called smart phone and get all this crap as well, but to be honest text messaging was a novelty when itfirst happened, but now along with twitface is just another way to waste time. brian

Reply to
Brian Gaff

Reply to
acmcsecretary

You have to supply an originating field with SMS, and it can be numerical in which case the phone will typically look it up in the address book to display a name and if not found will just show a number, or it can be alphanumerical in which case it will show what is supplied. This has been part of the standards, although not frequently used, for a couple of decades and I suspect your phone isn't that old.

You cannot have an SMS with a witheld number.

Reply to
Someone Somewhere

Which is what I said - I was trying to counsel the poster above me that it could well show a number or name that you know of - just presented by someone else.

For example I could send you a text from "My Bank" in the hope that you had such a contact stored in your phone, asking you to call some number due to an attempted fraud on your account.

Or I could send you the same message from 08457 404 404 (HSBC card services) asking you to call my fake number again.

The only way you can have a Withheld number on SMS, is if I manually set the field to that when I sent the message.

Reply to
Someone Somewhere

I use a unique email address for Paypal and get spam from Far Eastern sellers (or their partners-in-crime) I don't recall giving PayPal permission to play fast and lose with my data. Why can't they channel any queries to my email address via a web-form associated with a given transaction, that is open for a limited time?

As for a contact phone number, that is sometimes mandatory depending upon the courier involved, and IIRC once you have entered it into your profile you can't remove it. In my case it's a disposable VoIP number that goes to voicemail.

Reply to
Graham.

I think mine is the London office number for PayPal ...

Reply to
Andy Burns

Many websites translate your email address into an account numbers, such that neither party gets to see each other's email address yet can converse freely.

Amazon is one I can think of.

Reply to
Fredxxx

HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.