By Elizabeth John

Getting an unexplainable angry reaction from people? Dozens waiting in line to beat you to a pulp? It could be that forged email or text message that's been sent out in your name or bearing your mobile number, writes ELIZABETH JOHN

YOUR boss is a demon, your workplace is hell and you've just received an email telling you to pack your bags and get out because you've been fired.

So you fling the desktop out the window and storm out in a huff.

Not so fast, pal. That email just might not be from Bosszilla -- you might be the victim of email spoofing.

With a few clicks and in a matter of minutes, an ill-intentioned person with access to an email server can send you an email and make it look like it's from your boss.

And it doesn't stop at your email. Mobile text messages can also be spoofed, says IT expert Azli Paat.

It could be someone vying for your post or just a prankster out to create trouble, says Azli, the executive vice-president of Dapat Vista Sdn Bhd, a company that advises police on such issues.

And this happens to thousands every day and over far more serious matters, as Federal Territory MCA chairman Datuk Tan Chai Ho recently discovered.

Early last month, members of the Federal Territory Youth wing election received a text message from Tan's number telling them to switch support from one candidate to another. The problem was Tan never sent the SMS, a fact verified by the telecommunications company whose services he subscribed to.

Tan, who has used the same mobile phone number for over a decade without incident, went public with the case, calling it a very disturbing sign of the extent of cyber crime in the country.

"Someone has hijacked my number and identity, and sent out malicious SMSes. Not even the telcos were able to detect it," Tan told the press.

"It is not as simple as receiving an SMS with my name. The people who received the message said it appeared in whatever form they registered my number in, be it 'Tan Chai Ho' or 'Ah Ho'."

How did they do it?

With knowledge, access and an evil plan in mind.

First, they have to get access to an SMS gateway, says Azli.

The gateway is an SMS transmission equipment that works like a ultra powerful mobile phone which is used by telecommunications companies, corporations and banks to send out hundreds and thousands of SMSes a day.

Those in the telecommunications industry or in the business of hacking and generally causing mayhem online can easily access a gateway.

Next, the person needs a series of codes, which come with access to the gateway.

Then, this person enters the recipient's phone number and a sender's number and this is where the evil deed is done: the sender's number that has been entered is not his own -- it's the number of the person he intends to victimise or get into trouble.

Finally, he hits the "send" button and the message promptly appears in the recipient's phone.

"If the victimised sender's number is in the list of contacts in a recipient's mobile phone, then his name turns up at the top of the message, as if he has sent it," said Azli.

"The only difference is that the message will not be registered in the Sent Messages box on the victim's phone and he will not be charged for that message in his itemised phone bill -- which is how he can exonerate himself."

Accessing the gateway isn't the crime.

The gateway owner may not ask any questions because it may come across as a completely legitimate business, like if the head of a company wants to send out Hari Raya SMSes to thousands of employees.

He might not want to use his own phone because of the time and complication of making a claim from the company.

So the boss tells his secretary to use the gateway service to send out the greeting that carries his phone number, so the staff who receive the message will know it is from him.

For many companies, it is not cost efficient to get their own gateway, the cost of which runs into millions of ringgit, so they go to mobile application companies like Dapat Vista, an SMS gateway provider.

Licensed by the Malaysian Communications and Multimedia Commission, Dapat Vista handles about 300,000 SMSes a day but says it is unlikely that a local licensee can engage in such activities because of the strict rules and control over the industry.

"But once you put in another person's phone number and the message you send out is not from that person, then it is a crime.

"A knife is a knife, but when you stick it in someone's body, it's murder."

And the mischief people get up to with SMSes, they can do with emails, too.

Azli, using his Blackberry, showed how he could send an email to the writer from her editor in a few simple steps. All he needed to know were the two email addresses.

You could send someone an email and the person will open it and think it's from a third person.

You can use an overseas server or the email server in your office. You don't have to go overseas and get a gateway as you have to with mobile phones.

Such emails could be traced back to the server from which it originated but it's a tedious process that isn't always successful.

"It's just like you buy an envelope, put a stamp on it and write a return name and address that's not your own," says Azli.

Victims of spoofs can always fall back on their phone bills and telco providers to clear their names.

But the moral of the story, says Azli, is not to trust everything you receive digitally.

The problem is most people don't think this far, he says. They usually read the SMS or email, get angry and react immediately.

Because they already have a bad relationship with their boss, they are likely to believe the spoofed email saying they've been fired.

Always check the authenticity of the email or SMS with the source, he adds.