What is Fake SMS Sender and How to Trace it?

VGB Fake SMS SenderSending fake SMS messages from someone’s mobile number without his/her knowledge or consent, a term that is technically known as SMS Spoofing, is an old phenomenon.

We were tipped by multiple readers about the availability of such SMS faking software in local market, however we then decided not to carry the news as it could aware the fraudsters of a new technique of fooling people.

Dunya News, however, carried this news yesterday by claiming that a new system has been introduced in Pakistan through which anyone can send text messages with a number ID of his/her choice.

Dunya TV said that this new system, which it dubbed as “Evil Mobile Software”, will allow anyone to send text messages from any mobile number which can cause serious privacy and social threats for anyone, especially the girls.

Since the news has reached the masses now, we thought of telling our readers a way of tracing spoofed messages through which you can prove that messages (with your number as sender) were indeed not sent by you.

What Fake SMS Sender can do?

By definition, with a spoofed SMS or faked SMS sender the originator of text message can set sender’s number of his/her choice, making it possible for anyone to send text messages from any number.

For example, with Fake SMS sender I can send an SMS which will show sender’s number as 0300-0000000, or I can set sender’s name as “ProPakistani” or anything.

This technology is used to send masked messages with alphanumeric names such as: Ufone, Warid, QAU, GIKI and so on.

How These Software Work?

All these software available in local market use services of international vendors for sending fake text messages. Countless international companies offer SMS masking to their clients who use their brand names as message sender in their marketing campaigns.

Few evil geniuses in Pakistan have developed desktop applications (they have named it VBG Fake SMS Sender) which can send text messages with any senders’ number by using network of these international SMS vendors (through APIs).

These local fraudsters are now selling Fake SMS senders by posting ads on classified websites to mint money, which is of course illegal.

How to Trace Fake SMS?

If you are victim of Fake SMS, i.e. if someone has sent text messages with your number with objectionable content then you need not to worry.

There’s a way of proving that message wasn’t sent from your number and that it is a Fake Message.

There are two ways to trace a Fake SMS:

1 – SMS center number of any spoofed message or fake message will be an international number, such as +445566776654 or +22XXXXXX or anything but not a Pakistani number (Pakistani numbers start with +92).

The SMS Message Center Number is a phone number that acts as a gateway for sending or receiving SMS messages between cellular devices. Since spoofed messages are sent by International vendors only, it is likely that SMS center number of a spoofed message will be an international number.

If you don’t know, SMS center number of a text message can be found by going in to message details.

For all messages that are legitimately originated from Pakistani networks will have following SMS center numbers:

  • For Mobilink Numbers: +92300000042
  • For Ufone Numbers: +923330005150
  • For Zong Numbers: +923189244444
  • For Telenor Numbers: +923455000010

2 – If you are a victim of Fake SMS then you can prove it wrong by obtaining your call detail from your cellular company. Almost all cellular companies (except Mobilink) offer online call detail records or you can obtain this list for respective service centers of mobile phone companies.

Spoofed message or Fake SMS will not appear in your call record, since it was never sent using your cellular network. Hence you can prove that a particular message was not sent by you or your number.

What Law Enforcement Agencies Should do?

Very simple, search on Google for those selling these VGB Fake SMS sending software. Call them as customers and get their contact details to hunt them down.

Furthermore they can contact classified websites to get these ads removed from their websites.

What You Should Do?

Spread the word, educate your FnF the ways of tracing a fake message. Report fraudsters to police or NR3C.

Tech and telecom reporter with over 15 years of experience, he works as founder of ProPakistani.PK

  • I was just thinking ——-The person who made this definitely have some computer science degree——So what is the difference between him and illiterate person.

    • Institute degrees are not a set standard for judging the mindset of a person. An “un-perh / angootha chaap banda” can have high morale values or vice-versa. In the above case, the creater of the program has some serious negative mentallity … simple !!!

    • Dear Actually it depends on the ethics of a person which varies person to person.

      • Where it is? :-) Any link?
        I’m talking about active cyber law, not the expired. The law “Prevention of Electronic Crimes Ordinance, 2009″ (same as Prevention of Electronic Crimes Ordinance, 2007 & 2008) has been lapsed.

  • blame on IT professionals and your country’s law enforcement agencies . You guys have no knowledge who to blame. Why don’t you ask your service providers to block that? and also when a person having high school degree is chairman or on a high rank then these things will happen.

  • i believe this is just an awesome work. government should hire those hackers and evil programers as consultant to hunt down and making fool proof security.

  • This is not a new work, there are number of websites providing this facility.. many got banned and some are still working .. i used this facility many times in the past… So dont call Pakistani hackers a genius in this regard … It is the possibility that no one in Pakistan has actually developed it, they might have bought it from and international seller ..

  • These system used only build in API’s……….nothing more than that.
    and within those API’s some are free

  • I’d like to share an inexperience which someone I know had in spoofed messages through the ID of a service provider. I’ve asked them to perform the SMS centre number check as mentioned above however here is the story of what happened.
    The person wanted to install a wifi connection in their home & called Qubee to come & do the installation. Qubee technician installed the connection however the customer noted that their ipad data was all wiped off & that a small icon appeared on the lower left corner of the screen which was labelled a “dropbox”.From the same day fictitious messages started appearing in the SMS of the customer’s personal cell phone from mobile operators & all such messages were specific to the problems the customer was facing. For privacy sake I will not disclose the problems but this started happening to all the contact numbers stored on the person’s email server. Also the customer started getting spoofed messages from contacts within the customer’s contact list on email.
    After months of inquiy the person went to a specialized lab & had the analysis done whereby they were able to trace a massive 1GB of personal data theft by the installer. Since the customer got the connection disconnected from Qubee & since the technicians do not provide their company ID card as copy for proof of authenticity the guy who did the data theft cannot be trace. I am writing this as a warning to all naive customers not to allow technicians to install any wifi connection unless you yourself are standing on their head. Additionally everyone much get a little tech savy by visiting informative websites on data theft & fraud so as to safe guard their family & privacy.

  • Great article. I guess law enforcement agencies can also block international sms, this will also solve the problem. Very few people send international sms, in fact international call & sms charges are same. But local fraudsters should be hunt down first.

  • Some people use it as a fun but they dont know it is wrong. Only some sites are giving this oppurtunity. PTA should block those sites in Pakistan

  • Law enforement egencies should not block international sms they should install spam seprator to their system

  • Method 2 might not work in some cases when victim usually sends messages to other person.I.e If Waqas and Salma are spouse and they daily send many messages to each other.And if some evil one send message to Waqas from Salma,s no then method 2 might not work to recognize fake sms as on call record there will be many sms,s sent from Salma,s no.

    • HHmmmmmm……
      i have send a feedback to dunyanews… its to00 easy to stop this spam. there are only two sites which are providing some free msgs.. all others are charging $$ i have sent that two webs to dunyanews if PTA Block that 2 webs in pak then this tool wil not wrk any more..
      i have chkd all fake sndr tools all r using same web gateway VBG fake sndr is famus 1 its coder is waqar.. a student.. they r jst providing that 60 free txts to user’s on 200 Rs.
      but i think..
      Dunya news ne Promottion kr di hai sb log yei tool search krny mai lgy hoye hain..

  • I know the complete procedure of sending such SMS. But from now In Sha Allah I’ll do my utmost best to ensure that I will never send it to my friends any more :)

  • People are selling this software ID just like they used to sell Adsense account :) I don’t think this will go longer.. but we have to beware

  • So WTF telcos are doing to curb this thing ?? They are increasing their service charges every now and then … nd services are getting even worse and now this thing… We daily get many messages from different marketing companies as spam … and now this thing can easily be used in illegal things… PTA should penalize these telcos for being so ignorant …

  • i can also do it but since i did not fraud with anyone because our religious against this and i also know some persons who make vbg and sell it 2 of them are my friends there is also some sites that support this function finally i hate all of those who are involved in faking sms and we want banned on all sites that support fake sms

    • So you don’t do it cause its against our religious norms, but you also don’t bring people who are doing this to justice. That is like someone saying I don’t rob people but I am not against people who do.

  • Aamir, if you remember I highlighted this technique about 2 years before.
    This technique is also work here in UAE.

  • @aamir7:disqus Aamir bhai it is not necessary that that SMSc number will be of international SMSc. It can be of local SMSc of Mobilink, ufone or any other operator if the Software/ API of SMS gateway provider has a direct link with any of the local operator in Pakistan. If for example software is using API of XYZ sms gateway provider and XYZ is connected with Mobilink direct SMS (they use to connect to reduce hops while reaching any country) the receiver will get SMSc as
    +92300000042 .

    Solution for it : PTA can/should ask the local operators to block numeric sender id messages which is sent by any gateway providers. I have been associated with this field from past many years and many many operators around the world only allow sender id as text like “Pakistan” , “Dell” etc.

    Moreover operators can restrict sender id to any specified number when a message is sent using Sms gateway provider, like in Mexico and many countries when message is reached using international SMSc it is delivered using Random sender id (that is predefined by the operator)

    I hope my comment will help alot :)

    • Local VAS companies who can offer such services aren’t into this business yet. local companies are dealt strictly in case of SPAM, Spoofing or similar frauds.

      • Yes, but I was talking about foreign companies, local companies mostly do not offer free testing api ( in most of the cases), but there are many foreign providers who offer it just by registering on their website without the need of any credit card etc so people can easily send free messages with sender id of their desired one.

        • In case message is sent by foreign service provider then SMS center numbers would not match the ones mentioned in above post.

          • It will match, that what I mentioned in my first post, that if the service provider is directly connected with any of the local operator in Pakistan, the message will be received by local SMSc number. Similar is the case in another countries like UAE etc. If the foreign service provider is connected using SS7 than the user will receive international SMSc from where the message was actually terminated. I am working with a US VAS provider and we have local direct connectivity with the operator, so when we send messages in Pakistan we receive local SMSc number.

            • This is true and I have a proof of it. Specially if the receiver is Zong. I have done the following tests

              Receiver From SMSC
              Zong Zong +923189244271(Zong)
              Zong Ufone +923189244444(Zong)
              Zong Telenor +923189244444(Zong)
              Zong Fake SMS +923189244444(Zong)
              Ufone Ufone +923330051108(Ufone)
              Ufone Zong +923330051108(Ufone)
              Ufone Fake SMS +Fake SMSC

              so you can see, Zong is always forwarding Zong’s SMSC and Ufone is forwarding Ufone’sSMSC if itis internal otherwise it forward Fake SMSC.

              I haven’t tested other operators but Suhaib is right, if service provider are directly connecting local SMSC then we will always get local SMSC. This is really a serious issue and should to be addressed.

              • More update
                SMSFrom -> SMSTo (Service Center)
                X -> Warid (X’s SMSC)
                Fake -> Warid (Fake SMSC)

                X -> Ufone (Ufone’s SMSC)
                Fake -> Ufone (Fake SMSC)

                X -> Telenor (X’s SMSC)
                Fake -> Telenor (Fake SMSC)

                * -> Zong (Zong’s SMSC)

                where ‘X’ is any Pakistani Operator and ‘*’ is any operator (pakistani or Fake/international). Looks like Warid and Telenor are doing the right thing, ufone is acceptable but Zong is the worst. I do not have Mobilink’s information.

  • Asi kon c website hai jo free main asy fake sms send kar rahy hon.. and sochny ki baat hai k wo free kiun provide kar rahy han unko kia faida?

  • Its really simple to send message from any gateway in Pakistan. I have discovered way through which I can transfer any mobile balance to any account and also sent sms because I have hacked Gateway MSE.

    Everything is possible but Aamir Atta you are right in this case they are using Message Gateway of international companies.

    • But that was just for research purpose because if you take a virus and delete your friends hard disk then my dear you are not a hacker you are an ass hole :-) hacker is a person who discovers ways of doing things in a different way…

      like the new flaw in Samsung Galaxy SIII… you can factory reset any Galaxy SIII just by putting a simple code in your href=” ” HTML attribute :p

  • @aamir7:disqus for one thing, not every phone can show message center for received message. E.g. smart phones such as android don’t. However, old nokia c3 etc. do show it. Moreover, there is simply no genius in doing this. Any one who knows programming and has SMPP connectivity to any service provider can do this. The point is no Telco would allow any such operation inside Pakistan. So validating message center number is a good way provided your phone supports it.

  • Hi,

    Thank you for sharing this information.I have also received such fraud sms.I had identified it as a fraud only from the amount that was mentioned to be won by my mobile number in a lottery.That amount was 10million British Pounds and this figure obviously sounds too good or too much to be true.
    Instead of showing mobile number the words “CCOKE” was appearing in place of mobile number.
    At first,I was a little bit influenced by the name “CCOKE” instead of mobile number as usually companies have this type of privilege.But lottery amount was too good to be true and that seemed quite fishy to me,so i simply deleted the sms.

    They had instructed me,in SMS, to email my NIC # and email to a give email address that i don’t remember at the moment as i had deleted the message.

    I am sharing this information so that other people could not be deceived by this hoax.


  • telenor number pa nahi hu sakta fake sms , telenor na filtering ki hwi ha barand sms block ha , baqi 4ro networks pa allow ha sab kuch..

  • Just checked message centre numbers of incoming messages, on ufone I received messages from mobilink and zong and both showed message centre number as +923330021100
    And sane is the situation with zong, I received SMS from mobilink and ufone numbers but message centre number is written +923189244444.
    So i assume now all network message centre numbers are same, how to distinguish between sending networks?sal

  • Almost all cellular companies (except Mobilink) offer online call detail records

    But their online portals/self care page don’t work

  • hahaha ye information dene se kuch bi nai hoga :D kuch bi nai kr sakte msg center se XD

  • Wtf :D Kia awam he adhe se ziada ko abhi pata chala or baaki aese teees maar khan ban rhe he jese unko pata nhi konsa teer maarna ata tha :D :o :O why God why

  • It is complicated, the real responsibility lies with cellular companies to protect user and stop this fake SMS software, there must be some way !! I don’t think this is too serious matter.. or if it is serous ! the cellular companies are to be blamed and accountable for this. In case of any misuse, company should be guilty !!

  • i got sms from info[@]nokia.co.uk that i have won 27xxxxx euro in nokia sms promo… to claim it reply with you detail…name,,address,,NIC,,etc..
    look at this funny gut…mentioning official email addres as noksms[@]msn.com with cell #..+447024067099
    paisy k peachy to kuch bhi khiyal nai kerty ….. hallal ho ya haram….bs paisa chahiye…

  • thanx for the important information about fake sms, we will prepare for thus fake msg’s

  • I think We shall not accept any kind of message from any no. that’s name is not in our directory , if we all can treat these kind of unknown messages then we can stop the frauds . This is the era of Technologies and only Government can play a good role and the citizen can extend their support to them but , we have many other issues which are mushrooming in our society.

  • This software is call sms spoofing and is used to send emergency msg, if you receive msg you should check sender detail, all the fake sms have international sender no, which can be easily check

  • close