My own phone number is now spam texting me

The &quot;STIR&#x2F;SHAKEN initiative&quot; was supposed to fix this.[1] There&#x27;s now a whole system with signed certificates, much like SSL certs, to sign caller ID info. The info is at least good enough to find out which carrier generated the phony data.<p>You should file a complaint with the FCC that your carrier has not clearly not properly implemented STIR&#x2F;SHAKEN, since they badly mis-identified the source of a call. While calls from outside the US can be unsigned, the carrier should detect that the number is inconsistent with the source.<p>There are &quot;A&quot;, &quot;B&quot;, and &quot;C&quot; level of verification. &quot;A&quot; calls are probably legit. The others, maybe not.<p>If you&#x27;re in California, try making a personal data request to your carrier for the detailed STIR&#x2F;SHAKEN data for that call.<p>[1] <a href="https:&#x2F;&#x2F;commlawgroup.com&#x2F;2021&#x2F;stir-shaken-robocall-mitigation-compliance-regime-what-is-it-why-is-it-important-who-must-comply-how-and-by-when" rel="nofollow">https:&#x2F;&#x2F;commlawgroup.com&#x2F;2021&#x2F;stir-shaken-robocall-mitigatio...</a>

Your phone company knows the originator info of your calls and texts (or at least enough hops until they reach some even more untrustworthy than normal phone provider). They simply don&#x27;t give you that info and instead show you an unverified caller ID that anyone can basically set to anything by whoever is contacting you.<p>Blame your phone company and the FCC for not solving this (and for not providing you with the data to solve it yourself).

The good news is that Verizon has all these grand plans to intercept your browsing data and use it to target ads, but they can&#x27;t even implement the most rudimentary spam protection on SMS, so I don&#x27;t have high hopes that they&#x27;re going to make any money by spying on everyone.<p>One could argue that since the more messages you receive, they more you pay, they have no incentive to reduce spam; whereas with ad tracking, as long as they find some advertiser willing to pay 100 million dollars for a 1% increase on click throughs on their overpriced toothpaste, they&#x27;ll have a financial incentive to do a good job. So maybe we&#x27;re actually really screwed.<p>Sad that a cell phone company can&#x27;t be just a cell phone company. They were pretty good at that.

Over here in India there&#x27;s a DND (Do Not Disturb) registry [1].<p>The link [1] links to Telecom Regulatory Authority of India (TRAI) website.<p>You sign up to DND by dialling a number that is dependent on your carrier (therefore you need to do this separately for all your phone numbers [3]), and go through the &quot;Press 1 for English [2]... Press 2 for so and so... &quot; etc. Takes a couple of minutes.<p>Once I signed up, the number of marketing and similar silly calls&#x2F;messages have been nearly eliminated.<p>Maybe something similar — something that allows people to opt out of such calls&#x2F;messages — can be implemented in USA.<p>[1] <a href="https:&#x2F;&#x2F;trai.gov.in&#x2F;faqcategory&#x2F;unsolicited-commercial-communicationsucc" rel="nofollow">https:&#x2F;&#x2F;trai.gov.in&#x2F;faqcategory&#x2F;unsolicited-commercial-commu...</a><p>[2] The language question because there are plenty of languages in India.<p>[3] Tangent: do people not use multiple phone numbers in USA? Like, I wanted to buy an iphone but it does not support multiple SIM cards (unless you convert one of the SIM to an e-sim [4] which I&#x27;m hesitant to do because if I later switch back to an Android phone that does not support e-sim, I&#x27;ll have to go to my phone company to get a physical sim. Too many hassles. ). Also I&#x27;m told iphones sold in China has dual sim capability [5], but I can&#x27;t go to China just to buy an iphone.<p>[4] <a href="https:&#x2F;&#x2F;support.apple.com&#x2F;en-ph&#x2F;HT209044" rel="nofollow">https:&#x2F;&#x2F;support.apple.com&#x2F;en-ph&#x2F;HT209044</a><p>[5] <a href="https:&#x2F;&#x2F;support.apple.com&#x2F;en-ph&#x2F;HT209044" rel="nofollow">https:&#x2F;&#x2F;support.apple.com&#x2F;en-ph&#x2F;HT209044</a>

I was on a group call with a bunch of friends a couple nights ago. My Indian friend was telling me that they have very little spam SMSs and robocalls.<p>They speculated that it is because in India the person making the call or sending the text is the one who pays for it. So spamming is expensive.<p>Also, apparently spoofing numbers is unheard of in many countries, the US seems to have it particularly bad.<p>If anyone here is familiar with the technicalities of how this stuff works, what are your thoughts on the hypothesis?

My elderly mother got a call from a Doctor for an appointment reminder saying &quot;press 1 to confirm&quot;. It was one of those robo voice calls. What was disturbing is the doctor&#x27;s name was nobody she knew or heard of. But the call mentioned a doctor&#x27;s appointment she actually did have. The robocall had the day and time correct but the nurse there said they never called my mother they don&#x27;t have any automated system to call patients. Mom almost answered the robo call if it wasn&#x27;t for the ominous &quot;press 1&quot; which I tell her to never do.<p>I put mom and dad on the do not call registry here in Canada but it doesn&#x27;t help. Constant calls from Amazon, Visa, Revenue Canada etc. It&#x27;s either the robo voice or someone with an Indian accent.

Voice calls and texts are ironically the worst aspects of owning a phone these days. I recently decided to just use my phone permanently on airplane mode while at home, and the overall experience has been a lot better. I wish I had the ability to block <i>all</i> calls and texts while on cellular data as well. All my communication can happen a lot more effectively over iMessage, Facetime, WhatsApp, Messenger and more.

This is a new level of spamming that this morning I got a text message from myself:<p>&quot;Free Msg: Your bill is paid for March. Thanks, here&#x27;s a little gift for you: ${short link redacted}&quot;<p>The short link is hosted on Cloudflare which eventually redirect to a Russia TV website 1tv.com or 1tv.ru<p>&lt; HTTP&#x2F;1.1 302 Found<p>&lt; Date: Tue, 29 Mar 2022 17:37:58 GMT<p>&lt; Transfer-Encoding: chunked<p>&lt; Connection: keep-alive<p>&lt; Location: <a href="http:&#x2F;&#x2F;1tv.ru" rel="nofollow">http:&#x2F;&#x2F;1tv.ru</a><p>&lt; CF-Cache-Status: DYNAMIC<p>&lt; Report-To: {&quot;endpoints&quot;:[{&quot;url&quot;:&quot;https:\&#x2F;\&#x2F;a.nel.cloudflare.com\&#x2F;report\&#x2F;v3?s=yEU2D%2FlNvx216BeQ8TK2oONisk12pAzUW7FlYuTb2Uth9LIT8pcSQyKok1FASqproAoWqBc%2FHaje8lf8pihU2kTSzuoslYERPQvnvRSv%2FyHKIDQ3%2F8e1hSaYMKEn&quot;}],&quot;group&quot;:&quot;cf-nel&quot;,&quot;max_age&quot;:604800}<p>&lt; NEL: {&quot;success_fraction&quot;:0,&quot;report_to&quot;:&quot;cf-nel&quot;,&quot;max_age&quot;:604800}<p>&lt; Server: cloudflare<p>&lt; CF-RAY: 6f3a605d595039ad-SEA<p>&lt; alt-svc: h3=&quot;:443&quot;; ma=86400, h3-29=&quot;:443&quot;; ma=86400

Can someone &quot;eli5&quot; why this possibility of spoofing even exists and is allowed ? What are the legitimate use cases of this feature ?<p>EDIT : thank you all for your answers !<p>I suppose it’s the same thing that allows you to receive messages from &quot;SOME BRAND&quot; and … why not. But this could be easily regulated. I don’t understand why anyone can spoof anything they want. Also, I don’t understand why my iPhone don’t allow me to block messages from &quot;SOME BRAND&quot; as if it was from any other sender.

I have the impression that this sort of problem is bigger in the US than in other countries. Is this really the case? And if so is it because the US is simply a larger target or do telecoms systems in other countries do a better job of combatting it?

For a long time, you could get into any voicemail account by spoof calling that phone number to itself - most of the time they weren&#x27;t password protected.

So having read this, the answer seemed obvious:<p>Send a text (iMessage) to myself on the phone. Then look at it, and block my own number. The phone then reported it would block calls, FaceTime, messages from my own number.<p>Since I don&#x27;t expect to ever need to call&#x2F;message&#x2F;FaceTime myself, that seems like a zero cost solution.

Call ID spoofing is annoying yet plenty of people don&#x27;t understand it.<p>I get called at least once per month from (a different each time) someone in the same exchange as me saying they had a missed call from me. Presumably they got a spam call from my number, as I get about 5 spam calls per day with caller-id spoofed to a random number in my exchange.

Sorry, I just scanned the comments and didn&#x27;t find anyone mentioning this:<p>It&#x27;s really easy to spoof a phone number for SMS if you know which network the person&#x27;s phone is on. Trivial if you know how. There&#x27;s no black magic to this. At least, it was so a couple years ago. The last time I fooled with that for fun, I spoofed one of my friends admitting to another that he&#x27;d slept with the other guy&#x27;s wife and decided afterwards he was gay. I managed to insert it from his phone number into our group chat as it appeared on android. (I think it might&#x27;ve ended up in a separate chat sequence on iphone). That was funny.<p>There&#x27;s no dark arts here.

I received this exact text message today. I’ve since deleted it.<p>Additionally hours later I received a text about smoking weed.<p>Both links in these text messages, after further investigation, brought me to Russian owned sites as the article described.

Hopefully this will help some others deal with spam SMS.<p>A few months ago I started getting huge group text spam to hundreds of emails that were almost identical to my own<p>(changed obviously) if my number was : 123-454-9938 then i would get in a group chat with numbers from 123-454-9900 all the way to 9999. They were using email -&gt; sms specifically which is a relatively new feature that allows you to text mobile devices on carriers that support email to SMS. [1]<p>Super annoying - but AT&amp;T at a minimum allows you to call and request that they disable this feature for your account. If anyone else is getting constant sms spam from email addresses this is the way.<p>Disclaimer: I don&#x27;t know and have not run into any issues where legitimate companies are using this feature yet. If so, then obviously you won&#x27;t be able to receive those texts. At the moment there is no capability with carriers (that I&#x27;ve seen) that would allow you to create an &quot;allowlist&quot; of domains to accept texts from, but until that exists I won&#x27;t be dealing with email to sms as it&#x27;s just a huge cesspit of spam.<p>1 - <a href="https:&#x2F;&#x2F;www.att.com&#x2F;support&#x2F;article&#x2F;wireless&#x2F;KM1061254&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.att.com&#x2F;support&#x2F;article&#x2F;wireless&#x2F;KM1061254&#x2F;</a>

The problem with data protection acts is that they try to protect data and it won&#x27;t work cause the data they try to protect is outside people houses. Everything that is outside house is public and we just need to assume you need to provide data about it so we can verify your identity like with public key. Just to give example, when you live the house anyone can ask you anything ex. ask your neighbour about your name, anyone can read your house number, can see you or take photo of you legally or illegally that&#x27;s different topic but we should protect peoples privacy inside their houses instead of trying to protect something we can&#x27;t cause everyone see us how we are when we leave the house. It&#x27;s basic public &#x2F; private key problem. Everything outside house is public key and everything inside is private key.<p>So with phone we shouldn&#x27;t protect people identity, address and&#x2F;or company name but protect people from disruption with calls they don&#x27;t want to answer and give them ability to verify who was calling, by even seeing their photo cause yes if I&#x27;m your neighbour I can see you and if I move next to you next year I can see you too. Wow.<p>There should be 2 call indexes one for contacts that should behave same as it&#x27;s behaving now and second index for anything else that you shouldn&#x27;t receive notifications but you can check this spam missed calls index and verify anyone that called you and add them to contacts - just how the old good paper phone book worked.<p>This empowers people to be able to make decision if I want those people to call me or not, cause you can always call back and it should be widespread when you call someone first time expect they might won&#x27;t answer your call same as if you email someone they might not answer cause your mail is in spam.

Why can a SMS spoofer use any number they want, but I can&#x27;t get a second phone number to create Discord accounts without being tracked?

The article says the operators are losing the war on scammers, but are they really fighting it? SHAKEN&#x2F;STIR has been delayed time and again, and all signs point to operators seeing it as an additional revenue stream (”Pay $5.99 per month for Real CallerID”), not a tool to curb spam

Huh, only read the headline and the first few sentences so far, but just got a text exactly like this few hours ago! Going back to reading the article, hopefully it’s not some zero-day.

I&#x27;d love to see a post-mortem of what went wrong here, but alas our lowly civilian eyes will probably never get to see it. We just get to sit here and hope we don&#x27;t wake up one morning and blearily click on a zero-day message that gets past our mental defenses by coming from our own number. Don&#x27;t click the link, citizen, if you do, it&#x27;s your fault and therefore your responsibility to prove any fraud or identity theft. Fun times.

I run a SaaS, whose users can enable sending SMS from their number.<p>We have an agreement with a bulk SMS provider to allow us to do this (we had to show proof of our application, our mobile number verification process, and give our use case).<p>When users send an SMS from within our application, we send it as if it came from their number. Then recipients can then reply directly to their phone. Our users love it.<p>So yes, there are real use cases where the ability to do this is beneficial.

_Calling_ a person from their own (faked) phone number was a tried-and-true technique for getting someone&#x27;s voice messages back in the day. It used to be that voicemail PINs were optional, and if you called your own phone number, you&#x27;d get access to the voicemail playback menu.<p>It&#x27;s trivially easy to fake a caller ID, whether for voicemail or SMS.

Received this exact text, word for word with the same suspicious phishing link, from my own number, a few hours ago.

I have a series of sms from a local Bank&#x2F;Super company called &quot;ANZ&quot;.<p>today I got an <i>obviously</i> scam sms from the SAME number&#x2F;source as the official ANZ sms&#x27;<p>SMS is a junk protocol. it just needs to be banned entirely. its got no controls or protection whatsoever.

About 6 months ago here in Australia I had a run of getting spam called by a number which was the same as my number but off by 1 digit. Seemed like a clever method to peak peoples interest but made it pretty obvious to me it was spam.

Getting robocalls from spoofed local numbers in my area code.<p>Extremely frustrating because they look more legitimate this way, like it&#x27;s a local business calling me back or something.<p>Provider: Boost Mobile (MVNO for Sprint&#x2F;Tmo)

Happened to me with email. Even with DMARC active and set to reject 100% on my domain, outlook somehow found it a good idea to deliver those emails to my spam folder

&quot;SMS phishing, or “smishing,”&quot;<p>Why does the media do this?

Literally got this exact text this morning. Definitely seems to be a Verizon problem.

We need a GIF of Nelson going &quot;Stop spamming your self, stop spamming your self&quot;<p><a href="https:&#x2F;&#x2F;getyarn.io&#x2F;yarn-clip&#x2F;921915b0-4a3b-4e96-beed-eb7b50a6f93b" rel="nofollow">https:&#x2F;&#x2F;getyarn.io&#x2F;yarn-clip&#x2F;921915b0-4a3b-4e96-beed-eb7b50a...</a>

Happened to me this morning. Completely freaked me out.

Literally just got one of these. Very annoying

semi related: is anyone else seeing hotmail addresses bypass apples ios known number feature?

The age of the traditional phone system is ended.<p>Years ago, bills were introduced Congress that would&#x27;ve made falsifying Caller ID illegal, but certain people said it would be too onerous for small businesses. One bill passed in the House and was sent to the Senate, where it was promptly ignored (H.R.251 - Truth in Caller ID Act of 2007).<p>Lots of people, both those who know nothing about technology and those who know enough to know better, say this isn&#x27;t enforceable because too many people are doing it.<p>Bullshit. Like spam, if you establish punishment for those who allow spam, you have a very simple mechanism for enforcement.<p>In the old days, when we got spam, we&#x27;d forward it to the administrators of the system that sent it or the administrators of the network where it originated. They&#x27;d warn, punish, and&#x2F;or remove the person &#x2F; system responsible for the spam.<p>These days, abuse@yahoo.com doesn&#x27;t work, GoDaddy, Cloudflare and others won&#x27;t do shit unless you find their web page for reporting abuse, then jump through hoops to shoehorn the spam in to their intentionally shitty web page, and even then they pretty much ignore it. Google just ignores everything sent to abuse@google.com.<p>Imagine if every spam that&#x27;s ignored led to a fine. It&#x27;d be chaos and mayhem, but within a year we&#x27;d be back to how things were in the early &#x27;90s. Of course that wouldn&#x27;t affect spam from the rest of the world, but imagine if large US networks stopped accepting email entirely from Chinanet until they started acting on abuse complaints.<p>The same can be done with Caller ID. You&#x27;ve got a T1 that lets you set your own Caller ID? Great. You might not get caught, but you can set what you want.<p>Your upstream provider might ignore it, but they connect somewhere larger, too. So let&#x27;s say AT&amp;T customers are getting complaints about phone calls with false Caller ID, and AT&amp;T looks in their logs and sees that they&#x27;re coming from your upstream. Now your upstream is in trouble unless they fix it. If they don&#x27;t, they get a nice hefty fine.<p>How do they fix it? They force you to stop. If you don&#x27;t, it&#x27;s illegal, so they can contact the authorities. Or, they could just terminate you.<p>This is just like egress filtering in the networking world. If your network is passing along lots of spoofed traffic and someone contacts you to tell you, and you just pretend it&#x27;s not your problem, you should be punished. You shouldn&#x27;t allow traffic to leave your network that claims to be from sources that aren&#x27;t on your network.<p>&quot;But routing!&quot; Bullshit. If it&#x27;s coming on to your network from elsewhere, you should be required to say from where, so the originating network can be identified.<p>However, businesses don&#x27;t want to be bothered putting any time or energy in to this. Businesses rarely do a thing because it&#x27;s the right thing to do, unless they can make it a marketable advantage. They need to be forced to do this by law, by threat of loss of money.<p>Caller ID spoofing should&#x27;ve been illegal all along, and businesses which do nothing about it should be punishable. Because that&#x27;s not the case, the old fashioned phone system might as well completely die.

One of the very best features of Android Messages is that you no longer get spam texts.<p>The combination of Pixel and Google Fi means you never get spam calls, or spam texts.

Much like 3G is being shut down, maybe SMS should be shut down too. It’d be easier for carriers to make sure the last email address holdouts make accounts than trying to play wackamole with such an insecure protocol. Then we don’t have to worry as much about SMS unfortunately being used so heavily for web auth