1. Artificial inflation of traffic: A growing enterprise concern
Fraud can take many shapes, and the attacks bad actors carry out can generate illicit revenue in many ways. One example is artificial inflation of traffic (AIT), also known as SMS pumping, a multi-modal fraud method that can pass by completely unnoticed without the right measures in place.
Exact methods vary from business to business, but the basic idea is scarily simple: Fraudsters lean on illegitimate accounts to send waves of messages to a business's customers. Though customers don't receive the messages — they are usually intercepted beforehand to keep users from complaining about spam and alerting the business to the activity — the traffic appears legitimate at a glance, forcing the enterprise to pay large sums for the traffic that occurs on their network.
Like the methods attackers use, the motivations to carry out AIT vary from attack to attack, but the primary goal is almost always financial gain or harm to the victimized business's budget. For example, small global mobile network operators may be in on the scheme because the illicit messages that pass over their network create huge boosts in revenue, according to CSO.
How to stop it
AIT is part of a broader range of application-to-person (A2P) fraud activity. Real-time fraud defense offerings that alert companies and allow contextual blocking of certain types of traffic are essential. Live dashboards that spell out threats in real-time and allow human assets to analyze and take quick remedial action will only become more important as A2P techniques like AIT evolve.
2. Grey route fraud: An evolving A2P threat
Another type of A2P fraud, grey route fraud, utilizes person-to-person (P2P) channels to send messages that are actually A2P in nature. By utilizing illicit SIM boxes or other means, such as compromised or unethical call centers, fraudsters can exploit the lower relative costs of P2P messaging and bypass verification methods that would otherwise keep their activity in check. This allows smishing messages (attacks through SMS messaging) and other non-legitimate traffic to reach customers at scale and with relative ease.
Grey route fraud comes with heavy costs for network operators, other impacted businesses, and their customers, and attackers have increasingly pushed the method of late-to-drain money from legitimate providers — we're talking figures in the billions. Then, there are fines from carriers themselves, which can be $10 per message or higher — a figure that can add up to thousands per hour when bulk messages are sent over inappropriate channels.
How to stop it
Grey route fraud is notably hard to stop because it is difficult to recognize in the flow of legitimate P2P traffic. Companies must use legitimate messaging channels for marketing to avoid spam classification; fraud prevention tools with built-in recognition and spam filtering are also an important part of the fight.
3. Smishing: attackers abuse known exploit in new worrying ways
Customers are more receptive to legitimate SMS business communication than ever, but they're also warier of fraud — and it's fair to say they're sick of the fraudulent messages cluttering their inboxes. According to the Federal Communications Commission, complaints about spam texts are indicative of a serious problem; extremely high open rates compared to other channels (such as email) make the format perfect for scammers phishing for new victims, per the Federal Trade Commission.
Smishing can be used to infect devices with malware and trick legitimate users into giving personal details, which can lead to account takeover attacks and other illicit activity. The advent of A2P-based fraud only deepens the threat, resulting in texts that appear legitimate to the unaware victim but aren't — customers who recently placed an order with a business may receive a legitimate-looking tracking email, for instance, only to find they've been scammed.
Like other forms of SMS-based fraud, smishing can be difficult to detect on the enterprise side due to the perceived legitimacy of the messages being sent. The methods fraudsters use are always evolving, requiring constant vigilance and active fraud prevention measures that can adapt to the quickly changing threat landscape.
How to stop it
With smishing, complacency is the enemy. Tools that allow the fraud prevention approach to be refined and adapted to new attempts — via location, account-level measures, and other means — are the only way to achieve an acceptable level of safety for your business and customers. For example, messages APIs that utilize two-factor authentication any time personal information is transmitted can be a substantial help as precise methods used by scammers mutate and change over time.
Stay safe from fraud with the right partner
With attacks growing in scale, complexity, and methodology, it's important to have systems in place that not only change as the landscape does but also stay a few steps ahead.
Explore Vonage Fraud Defender, and see what we can do to keep some of your most important communications secure.