SMS Sender-ID Spoofing
A technique that replaces the numeric originator of an SMS with a fake name or number, making messages appear to come from a trusted brand or government body.
Also known as: SMS spoofing, alphanumeric sender spoofing, sender ID fraud
Last reviewed: 10 June 2026
Many SMS gateways, particularly in the UK and Asia, allow businesses to set an alphanumeric sender ID — for example, 'HMRC' or 'YourBank' — rather than a phone number. This feature exists for legitimate branding but has no authentication mechanism; any gateway that supports it will accept whatever name the sender submits. Criminals exploit this to send phishing SMS messages that appear in the same conversation thread as genuine messages from the impersonated brand, because phones group messages by sender name.
Victims reading what appears to be a new message from their bank in a familiar conversation thread have no visual cue that the message is fraudulent. The link inside leads to a credential-harvesting page, or the message asks the recipient to call a number where a scammer poses as bank security.
In the UK this fraud is addressed partly by the Mobile Ecosystem Forum's SMS SenderID Protection Registry, which allows brands to lock their sender IDs. Consumers should treat any unexpected SMS requesting login credentials or urgent action as suspicious regardless of the displayed sender name, and verify directly via the institution's official website or app.