IRSF / SMS Toll Fraud

SMS Fraud: Brace for the Bill

June 20, 202310 min Read

SMS toll fraud brace for the bill

SMS Fraud: Brace for the Bill

Many businesses today underestimate the security risks associated with their telephone systems, even though they have vulnerabilities that can lead to significant financial loss. One of the notable threats is SMS toll fraud, which has become a prevalent method of attacking telephone networks. Unfortunately, businesses are often unaware of the detrimental impact of this form of fraud until it's too late, emphasizing the need to promptly recognize and address this risk.

SMS fraud has now become a significant threat to businesses, with the potential for considerable financial loss. In fact, The Communications Fraud Control Association (CFCA) reports that in 2021, fraud caused $39.89 billion in global losses, corresponding to 2.22% of the total global telecom revenue. SMS fraud was the leading cause, accounting for $6.69 billion in losses. As a result, organizations today need to understand the nature of this attack—and more importantly, how they can protect their operations and bottom line.

Find out how Arkose Labs helped Snapchat fight SMS toll fraud: Read the case study!

Snapchat Identifies Critical Risk & Shows Direct Savings with AWS & Arkose Labs
Snapchat Identifies Critical Risk & Shows Direct Savings with AWS & Arkose Labs

What is SMS fraud?

SMS toll fraud, also known as International revenue sharing fraud (IRSF), SMS pumping, or simply SMS fraud is a form of cyberattack that targets telephone networks through the exploitation of SMS messaging services. Bad actors manipulate the SMS infrastructure, often with the help of a mobile network operator (MNO), and automated scripts or bots, to generate revenue at the expense of the victimized businesses. Scammers often use mobile numbers to send out spam messages in large quantities.

These attacks often employ various techniques, such as sending high volumes of premium rate SMS messages or engaging in unauthorized international messaging, which usually results in exorbitant charges being billed to the victim's phone numbers and account. The MNO may be complicit in the scheme and receive a share of the generated revenue—or be unknowingly exploited by the fraudsters. In either case, it can result in an imbalance in termination fees for the MNO and financial losses for the victims.

Scammers can also use premium rate numbers to send a one-time password (or one-time passcodes) (OTP) through SMS text messages. The OTPs are used for online forms that generate automated messages. To profit from pumping SMS of an OTP-protected login, cybercriminals obtain a block of logins, often from the dark web, and attempt a high volume of logins with the OTP on their target's website or app. To avoid SMS traffic pumping, it is advisable to use other forms of two-factor authentication (2FA), such as biometrics or hardware keys.

Because SMS fraud is typically carried out covertly, businesses may remain unaware of the breach until they receive their shockingly inflated monthly bill. Here are a few common types of toll fraud that businesses should be aware of:

  • International Revenue Sharing Fraud (IRSF) involves malicious actors exploiting international calling routes to generate revenue. Fraudsters make use of premium rate numbers or high-cost destinations, initiating unauthorized calls that result in substantial charges for the victimized businesses.
  • Phishing happens when scammers send text messages pretending to be a legitimate company or service and asking the recipient to click on a link or provide personal information.
  • Subscription Fraud happens when criminals acquire access to business phone lines without authorization and then use them to make expensive calls or send premium rate messages. This form of toll fraud can go unnoticed until businesses receive their monthly bills, by which time significant financial losses may have occurred.
  • Callback Fraud occurs when attackers exploit vulnerabilities in Voice over IP (VoIP) systems. They initiate calls to a business's phone system and hang up after one ring, leaving a missed call notification. When the business returns the call, they unknowingly connect to a premium rate number, resulting in excessive charges.

Discover how much your organizations can save by stopping toll fraud.

Calculate your savings today!

The anatomy of an SMS attack

Malicious actors exploit vulnerabilities in the messaging system to generate revenue at the expense of victimized organizations. The attackers typically engage in activities such as sending high volumes of premium rate messages, participating in unauthorized international messaging, or subscribing to premium services without the knowledge or consent of the business to complete this attack. Here are some ways threat actors are making their attacks work:

One common technique employed is the use of premium rate numbers. The fraudsters send messages to these numbers, which incur significantly higher charges compared to standard messaging rates. They may employ various tactics to entice recipients to respond or interact with these messages, such as offering prizes, discounts, or misleading information.

Another method used is through unauthorized international messaging. Attackers exploit vulnerabilities in the SMS infrastructure to send messages to international destinations without the knowledge or authorization of the business. The charges for these international messages are often significantly higher than regular rates, resulting in substantial financial losses for the victimized organization.

The impact on businesses

SMS fraud can lead to exorbitant charges being billed to businesses. Fraudsters exploit vulnerabilities in the infrastructure to send premium rate or unauthorized international messages, which often incur significantly higher charges compared to regular rates. Budget overruns are also a problem. The unexpected and inflated charges can disrupt a business's operations. Organizations often allocate specific funds for telecommunications expenses, including SMS messaging. When fraudulent activities occur, the budget can quickly be exceeded, leading to monetary overruns and potential strain.

The financial losses incurred from this form of fraud can directly lead to reduced profit margins. Fraudulent charges eat into the company's revenue, reducing profit margins and potentially impacting the overall financial health of the organization. This can impede growth initiatives, limit investment opportunities, and hinder the business's ability to allocate resources to other essential areas.

This form of fraud can also lead to operational disruption that leads to additional costs and potential revenue loss. Detecting and investigating fraudulent activities requires time and resources, diverting attention away from core business activities. Additionally, businesses may need to allocate resources to implement additional security measures or upgrade systems to prevent future fraud incidents, incurring additional expenses.

Reputational damage extends beyond immediate monetary losses. When customers become victims of fraudulent messages that appear to come from the business, it can undermine their trust and confidence. This damage to reputation can result in customer attrition, reduced customer acquisition rates, and diminished brand value, all of which have long-term financial implications.

Legal and regulatory consequences can also result from these attacks. Compliance requirements, such as the Payment Card Industry Data Security Standard (PCI DSS) or telecommunications regulations, impose penalties or liabilities on businesses that fail to adequately protect their infrastructure.

Also, these fraudulent activities can disrupt normal business operations, causing a loss of productivity and customer trust. And don’t forget, this form of fraud can tarnish a company's reputation. If customers receive unsolicited or misleading messages purportedly coming from a business, it can undermine their trust and negatively affect brand perception.

How to detect SMS fraud

Effective detection is crucial for digital businesses to minimize financial losses and protect their reputation. By implementing effective monitoring and detection mechanisms, organizations can identify suspicious activities related to SMS messaging and take appropriate actions. Here are some key methods that organizations can employ to detect this form of fraud.

  • Real-time monitoring solutions track traffic patterns and detect anomalies promptly. By setting up alerts and thresholds for unusual SMS volumes, destinations, or message patterns, organizations can receive immediate notifications when potential fraud activities occur.
  • Traffic analysis can identify abnormal SMS traffic patterns. By analyzing the number of SMS messages sent, received, and their destinations, businesses can detect sudden spikes in activity or unusual SMS bot traffic that may indicate fraudulent activities.
  • Advanced pattern recognition algorithms and machine learning identify fraudulent SMS patterns. By analyzing historical data and identifying patterns associated with known fraud cases, businesses can develop models that flag suspicious activities and improve their detection capabilities.
  • Geolocation Monitoring can provide valuable insights into potential fraudulent activities. By tracking the origin and destination of SMS messages, businesses can detect unauthorized international messaging or patterns associated with specific regions known for fraudulent activities.
  • Behavioral Biometrics can help identify suspicious activities within the messaging system. By establishing baseline behavior for each user or account, businesses can detect deviations that may indicate fraudulent actions, such as abnormal messaging volumes or excessive usage during unusual hours.

Prevention and protection

Businesses need to stay alert if they want to protect themselves from SMS fraud. One approach is to monitor telecommunications traffic for unusual activity and implement controls, such as limiting international messaging or disabling premium rate numbers. Another is authentication, such as biometrics or authenticator apps. Another way is to use email services that are secure and reliable, as they offer better protection against fraud. And businesses can also use tools like botd or CAPTCHA software to detect and deter bot traffic while preventing automated bot attacks and fraudulent activities.

Introducing a small amount of friction in the signup process—without disturbing the user experience—can help deter automated scripts and bots without inconveniencing genuine customers. Other methods such as ensuring the confirmation of email addresses before enrolling in 2FA can also be effective in preventing bots and fraudulent activities. A few other key strategies include:

  • Secure access controls help businesses ensure only authorized personnel have access to the SMS messaging infrastructure. This includes using strong authentication protocols, regularly updating and patching software, and restricting access to sensitive systems and accounts.
  • Regular security audits of the SMS messaging system help to identify potential vulnerabilities. Regularly assess and update security configurations, review access privileges, and perform vulnerability scans to proactively identify and address any weaknesses.
  • Strong Password Policies should be enforced for all accounts and systems involved in messaging. Encourage the use of complex, unique passwords and implement multi-factor authentication to add an extra layer of security.

Arkose Labs stops SMS toll fraud

With 20% of customers being Fortune 500 companies, Arkose Labs sits at the forefront of combating SMS toll fraud. By leveraging advanced technology and intelligent risk assessments, Arkose Labs helps businesses detect and prevent SMS fraud effectively. Our approach involves a combination of real-time intelligence, user behavioral analytics, and dynamic risk assessments to identify and block fraudulent SMS activities. Our system analyzes various factors, including message content, sender reputation, device fingerprinting, and behavioral patterns, to differentiate between legitimate and fraudulent SMS messages.

Find out how Arkose Labs can protect your business! Book a demo today.