In an age defined by the rapid advance of digital technology, SMS messaging remains the oldest and most ubiquitous method of communication and two-factor authentication (2FA). Yet its success has made it a focal point for fraudsters as well. By using sophisticated bots, they are able to generate artificial SMS traffic, and ultimately siphon revenue from unsuspecting enterprises. This is known as SMS artificial inflation of traffic (AIT) fraud, a form of international revenue share fraud (IRSF) which is having a growing – and costly – impact on the wider mobile industry. And it doesn’t only have a monetary impact for enterprises, but profits are often linked to the financial support of serious, organized crime.
X’s decision in March 2023 to withdraw SMS 2FA for non-Twitter Blue subscribers, for example, illustrates how seriously the issue is now being taken. The social media giant took this measure after falling victim to SMS AIT, underscoring its immense financial impact. X is just one of many enterprises affected: based on fraud intelligence from GSMA IRSF Prevention, over a 12-month period, SMS AIT has increased by 380%.
It’s perhaps little surprise then that the market is experiencing the lowest ever trust in the application-to-person (A2P) messaging ecosystem. This partly explains why some businesses are turning to other channels and services for their communications and authentication needs, such as flash calls, authentication apps, silent network authentication and OTPs via email or WhatsApp.
How does SMS AIT occur?
So how do fraudsters execute SMS AIT? It often begins with the use of bots to flood SMS channels with fake messages. Enterprises, sometimes unaware they are of the manipulation, continue to pay for the delivery of these fraudulent messages. Meanwhile, the fraudsters, in collaboration with accomplices within the delivery chain, reap a share of the profits, leaving businesses blindsided by the financial repercussions. With the rise in A2P costs over the past few years (which has more than doubled for certain destinations), the revenue share of artificial traffic is larger and therefore increasingly attractive to fraudsters.
How can we stop it?
Crucial to stopping this type of fraud is the swift gathering and aggregation of data – and of course, creating an environment where threats are properly understood.
Initiatives like the GSMA IRSF Prevention service offer a comprehensive solution tailored to track international revenue share numbers for both SMS and voice in real time. This open-source intelligence (OSINT) platform provides invaluable insights into the routes used in SMS AIT fraud, such as the range of numbers being abused, identification of vulnerable enterprise, and assessment of risk levels associated with mobile network operators (MNOs) and mobile virtual network operators (MVNOs) as SMS AIT destinations.
To learn more about how the GSMA IRSF Prevention service can safeguard your enterprise customers from SMS fraud and to schedule a complimentary two-week evaluation, please contact us.