Authenticated SMS

Enhancing SMS Legitimacy at Scale

Patent Pending #62862546

Scams, Spoofing and Impersonation

Businesses and political campaigns are increasingly relying on SMS messaging for critical communication with customers and constituents. Businesses use SMS for sales, service, marketing, simple notification, and two-way conversation. Political campaigns use SMS to drive awareness, donations, and get out the vote. 

As SMS has increasingly become a channel of choice for these use cases, hackers and bad actors have taken notice.  SMS is a viable attack vector.  The U.S. Federal Trade Commission calls SMS attacks a “Triple Threat.”  There is even a moniker for these attacks – Smishing – a clever combination of the phrases “SMS” and “Phishing” (coined in a McAfee blog post, 2006).

Recent Examples

Beto Impersonation

In the 2018 Texas Senatorial campaign, bad actors infiltrated the Beto O’Rourke campaign and used SMS to spread damaging misinformation.

Apple Spoofing

In early 2019, mobile phone users in Australia received spoofed SMS messages from Apple trying to get users to click on a fraudulent link.

Smishing Attack

In 2019, A Knoxville, Tennessee cancer survivor was “smished” into sending $500 by scammers touting a government benefit.

Authenticated SMS

Consumers text the keyword ID and receive a custom, single-use authentication token than can be entered into an embedded form on the organization's website.

On entry of the authentication code, definitive proof of the validity of the text message is provided: the originating number for the text message, the customer's phone number, and the timestamp of the last message sent.


Text A*SMS to 206-397-1625.

You will immediately receive a welcome message augmented with instructions for the ID keyword.

Reply ID to that message and enter the authentication code to prove our identity.

Best Practices suggests these best practices for SMS-based communication:

  • Select a vendor and/or message network operator that offers A*SMS.
  • Implement A*SMS on all phone numbers for your business or campaign.
  • Modify your first message to include instructions such as “Reply ID to verify our identity.”
  • Train staff to educate customers about the ID keyword if questions arise about legitimacy of the communication.