What is the fraud problem in messaging
SMS messaging is an essential piece of the communication network. It is the channel we fall back on in times of crisis and when we absolutely, positively, have to get through to someone. Businesses have yet to fully realise the huge potential in communicating with customers by text message and it is an exciting area but one that has an achilles heel that cannot be ignored. Business messaging is in a period of exponential growth but messaging fraud is also on the rise. The future success of the industry will require better controls on fraudulent messaging activities from all parties in the messaging chain but may need to be led by mobile network operators.
When we talk about fraud in terms of messaging it is important to distinguish between the different types of fraud and their targets.
Smishing
The fraudulent practice of sending text messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords or credit card numbers. This typically targets individuals and can cost hundreds of thousands in losses. This is why Smishing is considered the most pernicious form of fraud.
SIM Box grey routing
The use of SIM boxes is the most common form of interconnect bypass fraud. This is a piece of hardware that has hundreds or maybe even thousands of prepaid SIM cards plugged into it, each one capable of rerouting a call. These grey routes in the SMS network chain allow fraudsters to skim money from the value chain and typically eat into the correct revenues that mobile network operators should make. While they might only make pennies on the dollar per minute, this all stacks up when there are hundreds of calls in progress lasting multiple minutes at a time.
Artificially inflated traffic
Artificially inflated traffic (AIT) or Artificially Generated Traffic (AGT) is defined as when bad actors take advantage of phone number fields on website forms or other locations to receive, for example, a one-time passcode (OTP) via SMS. If fraudsters can do this thousands or millions of times then they can inflate traffic and generate revenue. The revenue generated by this inflated traffic could be accessed by the fraudsters at any part of the delivery path between the business sending the one-time passcode and the number ‘requesting’ the OTP. This is why it can be so difficult to pin down the perpetrators or complicit organizations involved.
The scale of the SMS fraud problem
The extent of the problem the industry is facing is perhaps purposely poorly understood. Many actors with telecoms including network operators, interconnectors and aggregators turn a blind eye to fraudulent traffic in their system as it simply doesn’t pay to combat it.
The Fraud Loss Survey Report 2021 has pegged losses from SIM box fraud and the broader interconnect bypass fraud at $3.11 billion, or 7.8% of global telecom fraud losses.
Sinch research from 2022 suggested that 59% of business messaging traffic was routed through SIM farms. Furthermore, messages that are transmitted through SIM farms open the subscribers up to abuse in the form of Smishing campaigns subsequently. This is because SIM farms may package and sell on the phone numbers and subscriber details that pass through their network to fraudsters.
The team at Mobile Squared surveyed 66 MNOs and found that one-fifth of them believed they had lost between 15 and 20 percent of their revenue to fraud.
According to LANCK Telecom around 6% of all SMS traffic was flagged as artificially generated AIT. Their platform also revealed that, for some brands, as much as 30-60% of their overall traffic might be down to SMS AIT.
In April 2022, around 378,509,197 Smishing messages were sent and received per day.
What we can do about this as an industry now?
The solution to ongoing fraud on messaging networks is for mobile network operators to be proactive in addressing the issue.
SIM Box detection services highlight when grey routes are being used on a network. These services are complex but they can easily be implemented and result in much cleaner networks that simply become unattractive to fraudsters once they realize there is no profitability in targeting them.
Equally, Smishing prevention services can identify likely fraudulent messages with machine learning techniques. Preventing all fraud is impossible but if it can be stopped from flourishing then the bad actors involved will lose interest in it as a way to make money.
Finding a way forward for the industry
Our industry needs to work together now to create the conditions for legitimate growth.
- Coordinate our knowledge of bad actor actions
- Create a trusted vendor scheme to ensure the highest standards in fraud prevention
- Commit to find fraudulent traffic and address it
- At an individual network operator level, create a database of known Smishing urls and screen for them.
If you would like to talk to us about cleaning your messaging network of fraud actors that are resulting in revenue leakage and subscriber skepticism about messaging integrity then please do get in contact today for a free audit.
