Spoofed Sender ID
A technique where a fraudster falsifies the name or number that appears as the sender on an SMS or email, making a message appear to come from a trusted brand or individual.
Also known as: SMS spoofing, sender name spoofing, caller ID spoofing
Last reviewed: 1 June 2026
Spoofed sender ID refers to the manipulation of the name or number displayed to the recipient of an SMS message or email in order to impersonate a trusted organisation. On SMS, many networks historically allowed senders to set an alphanumeric sender name (such as 'HMRC' or 'YourBank') with no authentication. Fraudsters exploited this to insert fake messages into legitimate conversation threads — because mobile phones group messages by sender name, a spoofed message appearing as 'Barclays' would sit alongside genuine Barclays messages, lending it false credibility.
For email, sender ID spoofing involves either forging the 'From' header to display a trusted name while the underlying address is fraudulent, or registering a look-alike domain to make the address itself appear legitimate. Without proper email authentication records (SPF, DKIM, DMARC), email servers may deliver such messages without warning.
SMS sender ID spoofing has been substantially reduced in several countries through network-level filtering and the introduction of sender ID registries, which require organisations to pre-register the sender names they are authorised to use. Consumers who receive unexpected messages from brands they recognise should navigate to the brand's official site directly rather than clicking any links in the message.
Examples
- A fraudster sends an SMS that appears under the recipient's existing 'HSBC' conversation thread warning of a suspicious payment and asking them to confirm their details via a link to a spoofed site.