SMS has become a popular channel to engage customers, verify identities, and offer promotions. Unfortunately, this growing reliance on SMS services has attracted a new breed of automated threats: SMS fraud.
As a $10 billion fraud scheme, SMS fraud is taking its toll on businesses.
Let's dive into the inner workings of SMS fraud along with key steps to stop these attacks.👇
The role bots play in SMS pumping and toll fraud
The perpetrators behind SMS fraud are part of highly organized criminal groups. Their goal is to generate as much revenue as possible without getting caught. As a result, pervasive forms of SMS fraud fly under the radar. Businesses don't realize they are a target until it's too late.
So how do fraudsters evade detection? With a little (or in this case, a lot of) help from bots.
We see two primary types of attacks in SMS verification and authentication flows: 1) SMS pumping and 2) toll fraud. While both exploit the premium rate system to inflate traffic for financial gain, SMS pumping and toll fraud differ in their attack methods.
- SMS pumping: Occurs when attackers target businesses with these SMS flows and flood SMS messages to controlled premium rate numbers. Traditionally attackers will share the inflated charges' revenue with wireless carriers or mobile network operators. Targeted businesses end up footing the bill.
- Toll fraud: Involves tricking users into sending or receiving premium texts with exorbitant fees. The unsuspecting victims fall prey to these fraudulent premium services, while targeted businesses bear the cost.
A new evolution of SMS fraud
Due to recent awareness and subsequent cracking down on SMS pumping and toll fraud, fraudsters are discovering more creative ways to profit from SMS-related attacks.




