Spoof texting is still a huge problem

That’s why I built an app to show you

Scott McGready
4 min readSep 15, 2017

When giving talks, my go-to party piece is to use the text spoofer on either an individual audience member or the entire auditorium (I’m looking at you MBNA attendees). What’s great about this is that even if I’ve given text spoofing a huge introduction and explained the technicalities behind how it works – everyone reacts with surprise when I actually demonstrate it on their own phone. That could be for multiple reasons but mainly it’s because it feels almost like a magic trick to whoever receives the message – especially if it joins an existing conversation they were having with their bank.

Taking it out the context of a contained, controlled environment like a talk or a one-on-one, I wanted the ability to demonstrate spoof texts enmasse. Opening it up to allow anyone to spoof any bank, credit card, or business to any number is just reckless and would be adding to the problem. So instead, I built SpoofText.Me so that you, your friends, family, and co-workers can see exactly how it works on your own phone in a matter of minutes.

What is SpoofText.Me?

SpoofText.Me is a simple little app that allows you to send yourself a spoofed message from a list of known companies.

How does it work?

There’s three simple steps you need to follow in order to use it:

  1. Type in your mobile number
  2. Type in the verification code it sends you
  3. Choose a company from a list that’s text you in the past

You’ll only be able to send yourself one single message, and you’ll need to have the phone with you in order to verify it (this stops malicious use)

What about my data?

I understand that on the one hand our advice is geared around never giving out personal details and then on the other I built an app that asks you for your mobile number. Having said that, I’d encourage you to try it out so you can see what spoof messages look like, and how easy they are to send.

Your data is safe and will never be used, sold, given, passed, or shared with anyone. Ever. Even if someone takes ownership or buys SpoofText.Me- they don’t get your data. I take privacy very seriously.

How do I know you’re legitimate?

Excellent question. The following should help to verify who I am, what I do, and how I do it.

It’s natural not to trust a website that asks you to trust it — and nobody is forcing you to use it. ActionFraud recently had a bit of a similar response to a fraud scoring app that told you how likely you were to be targeted by scams as it asked for quite a lot of data. People were confused why, on one hand they were told to never give out data, yet on the other were being asked for that very same data.

All that said, I wouldn’t stake my entire career as a self employed fraud consultant on stealing/reselling a few phone numbers.

My text never came through

There have been rare occasions where texts are blocked at the network end. Rather than this being a new drive from the mobile operators to curb spoof texts, it’s more commonly just an error. It’ll come through in the next 10–15 minutes.

Is spoof texting illegal?

Unfortunately not. And the reasons why it isn’t illegal are complicated. Still, I believe the law should change to make it harder for fraudsters to use this tech loop hole to, sometimes, devastating results.

What can I do to stop spoof messages?

At the moment, there’s little that can be done to stop spoof messages being received on your phone. That said, always be aware that spoof messages exist and can be simply sent at the click of a button. I don’t think it’s good advice either to give carbon copy transcripts of spoof messages fraudsters send out because the minute I do, and we all look specifically for texts containing that exact wording, or format – fraudsters will change and a lot of time will pass before we’ll notice. (That’s what I call the silver bullet effect).

Therefore the advice I always give is to be skeptical of any message you receive- especially if it asks you to call a number, click a link, or await a call. Tell 2 people in the real world and always take five minutes before doing anything.

--

--

Scott McGready

Maker, breaker, fixer, faker. Trying to build a safer world. Trading Standards Scambassador, ScamAcademy tech expert, resident on @theradiohustle, also on TV.